“未知后失去连接”(OpenDKIM + postfix 接收电子邮件)

“未知后失去连接”(OpenDKIM + postfix 接收电子邮件)

在安装之前,我有一个功能齐全的邮件服务器,opendkim使用免费StartSSL证书的 TLS,Thunderbird 可以正常与其交互以发送/接收电子邮件。我的发行版是Debian 8。

但是安装后,opendkim我可以发送经过验证的电子邮件,但我既无法接收(请参阅下面的错误),而且由于某种原因,在点击“获取邮件”后,Thunderbird 也无法再检索电子邮件:

mail.log(证书共享后的最后几个重要部分,电子邮件来自您向其发送电子邮件的服务,它将回复有关您的 DKIM/等的信息,对我来说这是一个简单可重复的测试):

Dec 11 02:11:18 amur postfix/smtpd[2452]: Read 22 chars: EHLO [168.144.32.46]??
Dec 11 02:11:18 amur postfix/smtpd[2452]: Write 180 chars: 250-li211-32.members.linode.com??250-PIP
Dec 11 02:11:18 amur postfix/smtpd[2452]: write to 555895BAD5D0 [555895D2C973] (261 bytes => 261 (0x105))
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0000 17 03 03 01 00 ea fd b3|cf f4 f5 2e 90 95 e2 5f  ........ ......._
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0010 ea 38 64 3a 4d c4 45 aa|45 4e 85 08 48 b9 0e c8  .8d:M.E. EN..H...
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0020 ba 8a 30 62 60 5a 45 d4|ee df 9d 25 de 15 d0 ba  ..0b`ZE. ...%....
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0030 89 09 f4 57 c0 02 42 e3|0e 8c 6c 0e 79 ce 1b 68  ...W..B. ..l.y..h
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0040 20 d3 d1 d9 27 23 d2 bf|58 71 96 23 a9 85 24 9e   ...'#.. Xq.#..$.
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0050 02 14 6b 87 dd aa f8 78|14 62 0f ca e5 cd fd 55  ..k....x .b.....U
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0060 46 05 bc 7b 48 c4 2d 36|54 cf 59 97 b8 b9 f1 5e  F..{H.-6 T.Y....^
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0070 ef 0a 4c 1d 90 82 30 4f|e4 e8 19 19 42 1f 00 1c  ..L...0O ....B...
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0080 76 01 b6 d1 ad fe 62 3e|47 3b e6 bf e1 b9 fc de  v.....b> G;......
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0090 03 4e a4 df e1 36 ca 24|64 8b 54 08 74 98 4f f0  .N...6.$ d.T.t.O.
Dec 11 02:11:18 amur postfix/smtpd[2452]: 00a0 64 7f 90 53 87 2f 95 4e|ee b7 a0 fe d2 03 87 74  d..S./.N .......t
Dec 11 02:11:18 amur postfix/smtpd[2452]: 00b0 7d 47 25 33 80 da bf 20|3b bb d2 a1 76 e0 6f 00  }G%3...  ;...v.o.
Dec 11 02:11:18 amur postfix/smtpd[2452]: 00c0 31 90 48 94 0e 57 a5 1d|fc 69 b5 e6 ed f4 ff ce  1.H..W.. .i......
Dec 11 02:11:18 amur postfix/smtpd[2452]: 00d0 09 74 ea c3 de 92 4b d1|d6 76 d0 10 0a 24 4c bc  .t....K. .v...$L.
Dec 11 02:11:18 amur postfix/smtpd[2452]: 00e0 43 9b 3e e2 32 a0 f5 a4|6a 6d 4b be a0 a7 04 ef  C.>.2... jmK.....
Dec 11 02:11:18 amur postfix/smtpd[2452]: 00f0 5d 84 03 71 b6 a9 af f3|6f 7c 3f 5f c0 a2 7f 7f  ]..q.... o|?_....
Dec 11 02:11:18 amur postfix/smtpd[2452]: 0100 25 d7 5a 56 4e                                   %.ZVN
Dec 11 02:11:18 amur postfix/smtpd[2452]: read from 555895BAD5D0 [555895D24423] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Dec 11 02:11:18 amur postfix/smtpd[2454]: initializing the server-side TLS engine
Dec 11 02:11:18 amur postfix/smtpd[2454]: connect from unlocktheinbox.com[168.144.32.45]
Dec 11 02:11:18 amur postfix/smtpd[2454]: lost connection after UNKNOWN from unlocktheinbox.com[168.144.32.45]
Dec 11 02:11:18 amur postfix/smtpd[2454]: disconnect from unlocktheinbox.com[168.144.32.45]
Dec 11 02:11:18 amur postfix/smtpd[2452]: read from 555895BAD5D0 [555895D24423] (5 bytes => 0 (0x0))
Dec 11 02:11:18 amur postfix/smtpd[2452]: lost connection after EHLO from mail.unlocktheinbox.com[168.144.32.46]
Dec 11 02:11:18 amur postfix/smtpd[2452]: disconnect from mail.unlocktheinbox.com[168.144.32.46]

postfix正在 chroot 中运行,并且我已尝试将 opendkim 的套接字保留在那里。

这是我的 postconf -n 输出:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mydestination = li211-32.members.linode.com, localhost.members.linode.com, localhost
myhostname = li211-32.members.linode.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /etc/postfix/ssl/ca-bundle.crt
smtp_tls_cert_file = /etc/nginx/conf.d/ssl-unified.crt
smtp_tls_key_file = /etc/nginx/conf.d/ssl.key
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_delay_reject = yes
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = <mysite.com>
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
smtpd_tls_CAfile = /etc/postfix/ssl/ca-bundle.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/nginx/conf.d/ssl-unified.crt
smtpd_tls_key_file = /etc/nginx/conf.d/ssl.key
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

完整的是,opendkim.conf 和 default/opendkim

Syslog                  yes
UMask                  0002
UserID                 opendkim:opendkim #within group of postfix
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

AutoRestart             yes
AutoRestartRate         10/1h
Background              yes
Canonicalization        relaxed/relaxed
DNSTimeout              5
Mode                    sv
SignatureAlgorithm      rsa-sha256
SubDomains              no
X-Header                no
PidFile                 local:/var/spool/postfix/var/run/opendkim/opendkim.pid
Statistics              /var/log/dkim-filter/dkim-stats

SOCKET="local:/var/spool/postfix/var/run/opendkim/opendkim.sock"

chroot 和 nonchroot opendkim.sock/pid 均归其所有opendkim并具有适当的权限。

花了几十个小时才到达这一点......

与 dkim 相关,我推测这是一个奇怪的错误......但没有指南可以复制任何其他问题(当我获得要读取的 .sock 文件并找到具有正确权限的文件时,它会再次启动 UNKNOWN 删除后的 no。)

这可能是因为 DKIM 的故障简单无法被 Postfix 解释,而这就是未知的原因吗?有什么提示吗?

我该如何调试 DKIM?

(我也在使用端口 587,我认为端口 25 由于某种原因无法访问。尽管不久前它是可用的。)

答案1

请注意,端口 25 必须打开:服务器之间的通信使用此端口完成。检查防火墙、路由器,nmapnetstat找出无法访问的原因。端口 587(提交)仅供经过身份验证的用户使用,因此他们可以通过服务器发送邮件。

相关内容