我家里有一台本地服务器,需要发送和接收电子邮件,但我的 ISP 阻止了端口 25 的进出。本地服务器运行 Debian 8,在其上安装了 Virtualmin 和 postfix,它将处理 4 个域。为了便于说明,本文将使用 domain1.com、domain2.com、domain3.com 和 domain4.com。
因此,我有一个远程服务器,希望通过端口 587 中继邮件。该服务器也在我的 VPN 上,并且运行 Debian 8 和 postfix。
我的本地服务器是 10.0.0.24 我的 VPN 上的 postfix 服务器是 10.1.0.10
我的 MX 记录设置正确,因为当我使用特定配置时,我的主服务器会接收通过远程服务器中继的电子邮件。但是,根据我的配置选择,我可以执行以下任一操作:
1)从我的网络向外界发送邮件
2)从外部世界接收电子邮件到我的 LAN 服务器
但我无法同时做这两件事。
在我的远程服务器上,这是 /etc/postfix/main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain
relayhost = [10.0.0.24]:587
relay_domains = domain1.com, domain2.com, domain3.info, domain4.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
这是在我的 LAN 服务器上运行的 /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server5.domain1.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server5.domain1.local, localhost.domain1.local, , localhost
relayhost = [10.1.0.10]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
通过上述配置,我能够从互联网接收电子邮件,并通过我的远程服务器、我的 VPN 将其中继回到我的家庭服务器,并使其进入相应用户的邮箱,无论域名如何。
但是,当我尝试从我的家庭服务器向互联网发送邮件时,却遇到了投递失败:
<[email protected]>: host 10.1.0.10[10.1.0.10] said: 554 5.4.0 Error: too many hops (in reply to end of DATA command)
日志似乎显示电子邮件在主服务器和远程服务器之间来回跳转了好几次,然后才最终出现故障消息。
但是,我认为relay_domains设置告诉 postfix 只为这些域中继电子邮件,而只向互联网传递其他内容?
如果我relayhost = [10.0.0.24]:587从远程服务器上删除,那么我现在可以从内部服务器向外界发送电子邮件,并且它们会被正确传递和中继,但是任何传入的电子邮件都会停止在我的远程服务器上,因为没有中继设置,并且用户未在远程服务器上设置,因此传递会失败:
The error that the other server returned was: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table
所以我的问题是,如何通过 postfix 服务器双向中继邮件,从我的 LAN 到外部世界,以及从外部世界到我的 LAN,同时考虑到到我的 LAN 服务器的所有交易都必须通过端口 587 才能绕过 ISP 端口阻止?
感谢您的任何帮助,您可以提供。
答案1
刚刚搞明白了。需要使用 Postfix 传输图才能实现这一点。至少对我来说是有效的!
因此,在本地服务器上我相信我没有动用 main.cf:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server5.domain1.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server5.domain1.local, localhost.domain1.local, , localhost
relayhost = [10.1.0.10]:587
relay_domains = domain1.com, domain2.com, domain3.com, domain4.info
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no
然而,在远程服务器上,我使用传输图来实现这一点。
创建传输表:
# touch /etc/postfix/transport
填充它,就我而言,它是:
# vim /etc/postfix/transport
domain1.com smtp:10.0.0.24:587
domain4.info smtp:10.0.0.24:587
domain2.com smtp:10.0.0.24:587
domain3.com smtp:10.0.0.24:587
保存并关闭。
/etc/postfix/main.cf通过删除中继主机并添加 transport_maps 来编辑并清理它:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain
relay_domains = domain1.com, domain2.com, domain4.info, domain3.com
transport_maps = hash:/etc/postfix/transport
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
保存文件。对传输表进行后映射:
# postmap /etc/postfix/transport
在两台机器上重新启动 Postfix:
# service postfix restart
一切顺利!