我最近将我的 postfix 安装更改为使用由 StartSSL 颁发的证书的 TLS。然后我运行邮件传输协议和TLS检查没有错误或警告。一切似乎都运行正常。
我现在的问题是,接收邮件似乎并非在所有情况下都有效。似乎有些邮件服务器我无法接收邮件。例如,这些是 Amazon 或 Blizzard。对于 Amazon,我的 postfix 日志显示以下内容:
Jan 16 13:57:51 myhost postfix/smtpd[31551]: connect from mm-notify-out-127-214.amazon.com[176.32.127.214]
Jan 16 13:57:51 myhost postfix/smtpd[31551]: lost connection after EHLO from mm-notify-out-127-214.amazon.com[176.32.127.214]
Jan 16 13:57:51 myhost postfix/smtpd[31551]: disconnect from mm-notify-out-127-214.amazon.com[176.32.127.214]
当接收来自暴雪的邮件时,日志看起来相同,只是缺少“丢失连接”行。
我怀疑 StartSSL 证书可能不受这两家(可能更多)公司的信任,因此我必须从大型的“值得信赖的” CA 购买证书。
有人能告诉我我的怀疑是否正确或者我的 postfix 配置是否存在错误吗?
在此先非常感谢您的帮助。
编辑: 这是我从 telnet 会话获得的输出:
telnet host 587
Trying ip...
Connected to host.
Escape character is '^]'.
220 host ESMTP Postfix (Debian/GNU)
ehlo host
250-host
250-PIPELINING
250-SIZE 134217728
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
编辑: 启用 debug_peer_list 的 Postfix 日志:
Jan 16 16:52:21 myhost postfix/smtpd[5712]: initializing the server-side TLS engine
Jan 16 16:52:21 myhost postfix/tlsmgr[5714]: open smtpd TLS cache btree:/var/lib/postfix/smtpd_scache
Jan 16 16:52:21 myhost postfix/tlsmgr[5714]: tlsmgr_cache_run_event: start TLS smtpd session cache cleanup
Jan 16 16:52:21 myhost postfix/smtpd[5712]: connect from smtp-out-127-108.amazon.com[176.32.127.108]
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? 127.0.0.0/8
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? 127.0.0.0/8
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::ffff:127.0.0.0]/104
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::ffff:127.0.0.0]/104
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::1]/128
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::1]/128
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match
Jan 16 16:52:21 myhost postfix/smtpd[5712]: auto_clnt_open: connected to private/anvil
Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr request = connect
Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr ident = smtp:176.32.127.108
Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: status
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: status
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 0
Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: count
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: count
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 1
Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: rate
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: rate
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 1
Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: (list terminator)
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: (end)
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 220 mail.myhost ESMTP Postfix (Debian/GNU)
Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0
Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: EHLO smtp-out-127-108.amazon.com
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-mail.myhost
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-PIPELINING
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-SIZE 134217728
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-VRFY
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-ETRN
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-STARTTLS
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-ENHANCEDSTATUSCODES
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-8BITMIME
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250 DSN
Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0
Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: MAIL FROM:<[email protected]> SIZE=27930
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 530 5.7.0 Must issue a STARTTLS command first
Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0
Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: RSET
Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 530 5.7.0 Must issue a STARTTLS command first
Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0
Jan 16 16:52:21 myhost postfix/smtpd[5712]: smtp_get: EOF
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? 127.0.0.0/8
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? 127.0.0.0/8
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::ffff:127.0.0.0]/104
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::ffff:127.0.0.0]/104
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::1]/128
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::1]/128
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match
Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match
Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr request = disconnect
Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr ident = smtp:176.32.127.108
Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: status
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: status
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 0
Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: (list terminator)
Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: (end)
Jan 16 16:52:21 myhost postfix/smtpd[5712]: lost connection after EHLO from smtp-out-127-108.amazon.com[176.32.127.108]
Jan 16 16:52:21 myhost postfix/smtpd[5712]: disconnect from smtp-out-127-108.amazon.com[176.32.127.108]
答案1
正如您的日志显示,您正在提供 STARTTLS,并且正如您所指定的,smtp_tls_security_level=encrypt
您的服务器将不接受未加密的邮件连接。
这一点得到了Postfix 手册:
在“加密”TLS 安全级别,消息仅通过 TLS 加密会话发送。除非远程 SMTP 服务器支持 STARTTLS ESMTP 功能,否则 SMTP 事务将被中止。
答案2
Postfix:调试传入的 SMTP 连接
这是一个获取有关该问题的更多信息的方法
尝试获取有关导致问题的传入 SMTP 连接的更多调试信息。使用debug_peer_list
配置选项:
debug_peer_list = amazon.com