过去 3 周,我一直在努力解决一个问题。我最近购买了一台新的 vps 服务器,但不知为何有东西阻塞了端口 25,而我却找不到原因。
Step to reproduce:
telnet smtp.1and1.es 25
- 从端口 25 到任何服务器的 traceroute 都会在第一跳失败。
我检查了 - DNS 一切正常,因为域名已转换为 ip,并且 ping 工作正常。
我已通过以下步骤禁用 fail2ban 和防火墙:
服务 fail2ban 停止服务firewalld 停止
再次尝试,telnet smtp.1and1.es 25
和相同的结果超时。
对于所有电子邮件通知,所有邮件日志均显示端口 25 上的主机无法访问。
它是一个VPS,所以有一个外部防火墙,外部防火墙全部打开。
所以我想知道还有什么云会阻塞端口?
这肯定是 25 上的传出流量的问题。但我找不到阻碍它的原因。
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
f2b-plesk-wordpress tcp -- anywhere anywhere multiport dports http,https,empowerid,7081
f2b-plesk-login tcp -- anywhere anywhere multiport dports cddbp-alt,pcsync-https
f2b-BadBots tcp -- anywhere anywhere multiport dports http,https,empowerid,7081
f2b-apache tcp -- anywhere anywhere multiport dports http,https,empowerid,7081
f2b-plesk-roundcube tcp -- anywhere anywhere multiport dports http,https,empowerid,7081
f2b-plesk-horde tcp -- anywhere anywhere multiport dports http,https,empowerid,7081
f2b-plesk-dovecot tcp -- anywhere anywhere multiport dports imap,imap3,imaps,pop3,pop3s,sieve
f2b-plesk-postfix tcp -- anywhere anywhere multiport dports smtp,urd,submission
f2b-plesk-proftpd tcp -- anywhere anywhere multiport dports ftp,ftp-data,ftps,ftps-data
f2b-recidive tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:12443
ACCEPT tcp -- anywhere anywhere tcp dpt:11443
ACCEPT tcp -- anywhere anywhere tcp dpt:11444
ACCEPT tcp -- anywhere anywhere tcp dpt:8447
ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https
ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:poppassd
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:postgres
ACCEPT tcp -- anywhere anywhere tcp dpt:ogs-server
ACCEPT tcp -- anywhere anywhere tcp dpt:glrpc
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT icmp -- anywhere anywhere icmptype 8 code 0
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain f2b-BadBots (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-dovecot (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-horde (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-login (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-postfix (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-proftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-roundcube (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-plesk-wordpress (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-recidive (1 references)
target prot opt source destination
REJECT all -- 223.71.208.114 anywhere reject-with icmp-port-unreachable
REJECT all -- 221.229.172.75 anywhere reject-with icmp-port-unreachable
REJECT all -- 278660.customer.zol.co.zw anywhere reject-with icmp-port-unreachable
REJECT all -- 118.70.168.251 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
答案1
大多数 VPS 公司都会禁止和阻止端口 25 上的出站流量,以防止它们被用于发送垃圾邮件。您需要使用监听不同端口的第三方邮件中继(您的 VPS 公司很可能可以提供这项服务)。