我在我的其中一台实时服务器上安装了 postfix 和 devcot,用于发送批量邮件(注册时的系统消息、错误密码等)。我使用 php_imap 函数检查退回邮件并标记这些电子邮件 ID,这样我们就不会继续向那些导致退回的地址发送电子邮件。我注意到 php_imap 函数没有读取实时服务器上的退回邮件,而是读取了测试服务器上的退回邮件。但实时服务器能够发送邮件!两台服务器都具有相同的 Centos 6.4 操作系统,并具有相同的 iptable 配置。
我比较了“测试”和“实时”域的 DNS 条目,它们都具有必要的 SPF 条目。托管服务提供商具有必要的 PTR 记录。但由于某种原因,php_imap 程序无法获取跳转信息。
此时,我不确定退回邮件是否已被传送到服务器并且 dovecot 无法读取它们,或者退回邮件是否根本没有被传送。
因此我比较了“测试”服务器和“实时”服务器的 /etc/postfix/main.cf 和 /etc/postfix/master.cf 中的条目,发现除了域名之外,它们是相同的。
为了确保我检查了 postfix 是否正在运行 ps aux | grep postfix 并且它返回
实时服务器
[root@bw sridhar]# ps aux | grep postfix
root 1433 0.0 0.1 13476 2696 ? Ss 09:32 0:00 /usr/libexec/postfix/master
postfix 1443 0.0 0.1 13720 2836 ? S 09:32 0:00 qmgr -l -t fifo -u
postfix 4724 0.0 0.1 13552 2668 ? S 12:00 0:00 pickup -l -t fifo -u
postfix 4850 0.0 0.1 13696 2776 ? S 12:15 0:00 cleanup -z -t unix -u
postfix 4852 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u
postfix 4855 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u
postfix 4856 0.0 0.1 13588 2656 ? S 12:15 0:00 bounce -z -n defer -t unix -u
root 4858 0.0 0.0 4360 736 pts/0 S+ 12:15 0:00 grep postfix
测试服务器
[root@bwStagingTesting sridhar]# ps aux | grep postfix
root 1258 0.0 0.2 12816 2480 ? Ss Feb17 0:13 /usr/libexec/postfix/master
postfix 1268 0.0 0.2 13228 2896 ? S Feb17 0:07 qmgr -l -t fifo -u
postfix 2158 0.0 0.2 12888 2468 ? S Feb17 0:00 tlsmgr -l -t unix -u
postfix 4860 0.0 0.2 12892 2496 ? S 12:12 0:00 pickup -l -t fifo -u
postfix 4988 0.0 0.2 13036 2604 ? S 12:15 0:00 cleanup -z -t unix -u
postfix 4990 0.0 0.3 13148 3096 ? S 12:15 0:00 local -t unix
root 5334 0.0 0.0 4356 728 pts/5 S+ 12:15 0:00 grep postfix
我觉得没问题。然后我检查是否可以在本地主机上远程登录到端口 25,得到了以下结果
实时服务器
[root@bw sridhar]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
测试服务器
[root@bwStagingTesting sridhar]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.st.biz ESMTP Postfix
ehlo localhost
250-mail.st.biz
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
我尝试从我的笔记本电脑上远程登录到相应服务器的 IP 地址。远程登录到 LIVE 服务器导致出现 telnet:无法连接到远程主机:连接被拒绝
但是我可以通过 telnet 连接到测试服务器。
因此我检查了两台机器上的 25 端口是否有人在监听,在实时服务器上我得到了以下信息
实时服务器
[root@bw sridhar]# netstat -lnp | grep 25
unix 2 [ ACC ] STREAM LISTENING 8125 1341/dovecot /var/run/dovecot/login/pop3
unix 2 [ ACC ] STREAM LISTENING 8425 1433/master public/cleanup
测试服务器
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1258/master
tcp 0 0 :::25 :::* LISTEN 1258/master
unix 2 [ ACC ] STREAM LISTENING 8270 1258/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8277 1258/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 8281 1258/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 8285 1258/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 8289 1258/master private/defer
unix 2 [ ACC ] STREAM LISTENING 8293 1258/master private/trace
unix 2 [ ACC ] STREAM LISTENING 8297 1258/master private/verify
unix 2 [ ACC ] STREAM LISTENING 8301 1258/master public/flush
unix 2 [ ACC ] STREAM LISTENING 8305 1258/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 8309 1258/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 8313 1258/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 8317 1258/master private/relay
unix 2 [ ACC ] STREAM LISTENING 8321 1258/master public/showq
unix 2 [ ACC ] STREAM LISTENING 8325 1258/master private/error
unix 2 [ ACC ] STREAM LISTENING 8329 1258/master private/retry
unix 2 [ ACC ] STREAM LISTENING 8333 1258/master private/discard
unix 2 [ ACC ] STREAM LISTENING 8337 1258/master private/local
unix 2 [ ACC ] STREAM LISTENING 8341 1258/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 8345 1258/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 8349 1258/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 8353 1258/master private/scache
我发现测试服务器显示的前两行在实时服务器的条目中缺失。这意味着 postfix 没有监听实时服务器的 25 端口。这让我想知道这是否是导致反弹未到达实时服务器但到达测试服务器的原因。
已经搞了两天了,还是没找到解决办法。有什么办法可以解决这个问题吗?
更新:iptable 条目
实时服务器
[root@bw sridhar]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:distinct
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
测试服务器
[root@bwStagingTesting sridhar]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:distinct
ACCEPT tcp -- anywhere anywhere tcp dpt:munin
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
更新:详细 iptable 列表
[root@bookingwire sridhar]# iptables -L --verbose
Chain INPUT (policy DROP 1662 packets, 103K bytes)
pkts bytes target prot opt in out source destination
184K 190M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
7 400 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
2140 128K ACCEPT all -- lo any anywhere anywhere
1176 67092 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
3 120 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
6 360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:distinct
8 432 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:urd
2 88 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3
38 2260 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3s
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imap
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 112K packets, 103M bytes)
pkts bytes target prot opt in out source destination
更新:完整的 master.cf 列表
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
更新:postfix 在 587 上监听
[root@bw sridhar]# netstat -lnp | grep master
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 16536/master
tcp 0 0 :::587 :::* LISTEN 16536/master
unix 2 [ ACC ] STREAM LISTENING 152749 16536/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 152756 16536/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 152760 16536/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 152764 16536/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 152768 16536/master private/defer
unix 2 [ ACC ] STREAM LISTENING 152772 16536/master private/trace
unix 2 [ ACC ] STREAM LISTENING 152776 16536/master private/verify
unix 2 [ ACC ] STREAM LISTENING 152780 16536/master public/flush
unix 2 [ ACC ] STREAM LISTENING 152784 16536/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 152788 16536/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 152792 16536/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 152796 16536/master private/relay
unix 2 [ ACC ] STREAM LISTENING 152800 16536/master public/showq
unix 2 [ ACC ] STREAM LISTENING 152804 16536/master private/error
unix 2 [ ACC ] STREAM LISTENING 152808 16536/master private/retry
unix 2 [ ACC ] STREAM LISTENING 152812 16536/master private/discard
unix 2 [ ACC ] STREAM LISTENING 152816 16536/master private/local
unix 2 [ ACC ] STREAM LISTENING 152820 16536/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 152824 16536/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 152828 16536/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 152832 16536/master private/scache
unix 2 [ ACC ] STREAM LISTENING 149905 16103/dovecot /var/run/dovecot/auth-master
[root@bw sridhar]# telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.bookingwire.co.uk ESMTP Postfix
ehlo localhost
250-mail.bookingwire.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
由于 Postfix 以“master”身份运行,因此我在 netstat 中对 master 进行了 grep。注意前两行,很明显 postfix 正在监听端口 587。然后我 telnet 到端口 587 并验证了我的假设是正确的。现在我不明白的是为什么它会监听端口 587,以及如何将其更改为监听端口 25
答案1
您的master.cf配置行没有用于处理端口 25 上的 SMTP。缺少一行:
smtp inet n - n - - smtpd
在我的文件中,这是第一的初始注释块后的行。