我已经研究这个问题几天了,但还是不知所措。我在 Debian 上安装了 postfix,目的是为特定域设置一些转发地址。我相信 postfix 设置正确,但我无法验证,因为我无法连接到端口 25 上的服务器。
我已经更新了 iptables 以允许使用端口 25,但仍然没有任何反应。今天我意识到 iptable 记录的顺序不对,所以我更新了它们并重新启动了网络,但仍然无法连接。
您能建议我测试其他什么东西吗?我运行了 mtr 测试,但结果都是正面的 - 没有丢包。我搞不清楚如何针对端口 25 运行 mtr。
当前 iptables -L 内容如下:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (2 references)
target prot opt source destination
REJECT all -- 116.31.116.11 anywhere reject-with icmp-port-unreachable
REJECT all -- 221.229.172.111 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Fail2Ban 会是我的问题的一部分吗?
答案1
您知道 postfix 进程正在运行吗?
sudo postfix 状态?
从本地主机尝试:
telnet 本地主机 25
你从中得到什么好处了吗?除非你的 IP 是 116.31.116.11 或 221.229.172.111,否则 fail2ban 不会阻止你。