我目前正在配置 AWS VPC 上的邮件服务器,以便将同一网络上多个服务器上的应用程序的消息中继到互联网上。此 SMTP 服务器仅用于发送自动电子邮件,永远不会接收任何内容。这台机器的主要用途是监控和集中日志,但我还被要求将其配置为邮件服务器。
到目前为止,我已经能够配置 postfix 以便从命令行(使用 mail 命令)向我的工作电子邮件地址发送电子邮件以及从日志管理器发送电子邮件警报。
但是,我尝试通过 telnet 从其他机器连接到该 SMTP 服务器,但无法发送电子邮件 - 日志显示来自 Google 的消息,提醒由于信誉低,来自该服务器的公共 IP 地址的邮件受到速率限制。
我觉得这很奇怪,因为在两种情况下,电子邮件都来自同一个公共 IP 地址。
日志条目成功的电子邮件看起来像这样:
host.sub.example.com postfix/pickup[23352]: D1F941407D1: uid=1001 from=<[email protected]>
host.sub.example.com postfix/cleanup[26119]: D1F941407D1: message-id=<[email protected]>
host.sub.example.com postfix/qmgr[23353]: D1F941407D1: from=<[email protected]>, size=384, nrcpt=1 (queue active)
host.sub.example.com postfix/smtp[26122]: D1F941407D1: to=<[email protected]>, relay=alt2.aspmx.l.google.com[74.125.205.27]:25, delay=0.81, delays=0.01/0/0.32/0.47, dsn=2.0.0, status=sent (250 2.0.0 OK 1485776921 14si8136222lju.15 - gsmtp)
host.sub.example.com postfix/qmgr[23353]: D1F941407D1: removed
通过命令生成:echo "test" | mail -s "testsubj" [email protected]
不成功看起来像这样:
host.sub.example.com postfix/smtpd[26773]: connect from otherhostname[private-ip-address]
host.sub.example.com postfix/smtpd[26773]: improper command pipelining after MAIL from otherhostname[privateipaddress]: RCPT TO: [email protected]\r\nDATA\r\nFrom: [email protected]\r\nSubject: word1 word2\r
host.sub.example.com postfix/smtpd[26773]: ADD161407D1: client=otherhostname[private-ip-address]
host.sub.example.com postfix/cleanup[26780]: ADD161407D1: message-id=<>
host.sub.example.com postfix/qmgr[23353]: ADD161407D1: from=<[email protected]>, size=284, nrcpt=1 (queue active)
host.sub.example.com postfix/smtp[26781]: ADD161407D1: host alt1.aspmx.l.google.com[173.194.69.26] said: 421-4.7.0 [public-ip-address 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. 28si16209237wru.213 - gsmtp (in reply to end of DATA command)
host.sub.example.com postfix/smtpd[26773]: disconnect from otherhostname[private-ip-address]
host.sub.example.com postfix/smtp[26781]: ADD161407D1: to=<[email protected]>, relay=alt2.aspmx.l.google.com[74.125.205.26]:25, delay=16, delays=0.02/0/16/0.31, dsn=4.7.0, status=deferred (host alt2.aspmx.l.google.com[74.125.205.26] said: 421-4.7.0 [public-ip-address 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. 65si8149735lfw.365 - gsmtp (in reply to end of DATA command))
由以下 telnet 交换生成:
Trying private-ip-address...
Connected to private-ip-address.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Ubuntu)
HELO mail.example.com
MAIL FROM: [email protected]
RCPT TO: [email protected]
DATA
From: [email protected]
Subject: word1 word2
Line1
Line2
Line3
.
250 mail.example.com
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as ADD161407D1
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
为了完整起见,这是我的当前配置,主要使用默认值:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = mail.example.com
myorigin = /etc/mailname
mydestination = mail.example.com localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 private-ip-network
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtp_generic_maps = hash:/etc/postfix/generic
问题:
为什么我可以从 SMTP 服务器本地发送邮件,但不能从远程连接到该服务器的主机发送邮件?
这可能与反向 DNS 或 SPF 记录有关吗?如果是,为什么并非所有电子邮件都被阻止?
这可能与我尚未配置身份验证有关吗?
我希望我没有忽略一些显而易见的事情。我几乎没有使用邮件服务器的经验,而且我只在学校的一个小项目中使用 postfix+dovecot 和本地用户做过一些稍微相关的事情。
非常感谢您花时间阅读此内容,如果我错过了一些关于在此提问的适当内容,我深表歉意。我是一名新用户,可以说,我还在学习相关知识。
答案1
其中一封电子邮件终于到达了我的收件箱。我查看了原始邮件,发现两者之间存在一些差异。
这是最初被过滤但最终通过的电子邮件:
Delivered-To: [email protected]
Received: by 10.182.80.36 with SMTP id o4csp1373399obx;
Mon, 30 Jan 2017 04:43:46 -0800 (PST)
X-Received: by 10.25.22.211 with SMTP id 80mr2073754lfw.89.1485780226765;
Mon, 30 Jan 2017 04:43:46 -0800 (PST)
Return-Path: <[email protected]>
Received: from mail.example.com (ec2-etc.compute.amazonaws.com. [public-ip-address])
by mx.google.com with ESMTP id q189si8223874lfe.362.2017.01.30.04.43.46
for <[email protected]>;
Mon, 30 Jan 2017 04:43:46 -0800 (PST)
Received-SPF: neutral (google.com: public-ip-addres is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=public-ip-address;
Authentication-Results: mx.google.com;
spf=neutral (google.com: public-ip-address is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Date: Mon, 30 Jan 2017 04:43:46 -0800 (PST)
Message-Id: <[email protected]>
Received: from mail.example.com (otherhostname [private-ip-address]) by mail.example.com (Postfix) with SMTP id ADD161407D1 for <[email protected]>; Mon, 30 Jan 2017 11:55:27 +0000 (UTC)
From: [email protected]
Subject: subjectline
Line1
Line2
这是从一开始就起作用的电子邮件:
Delivered-To: [email protected]
Received: by 10.182.80.36 with SMTP id o4csp319976obx;
Fri, 27 Jan 2017 09:59:19 -0800 (PST)
X-Received: by 10.84.195.1 with SMTP id i1mr14082000pld.77.1485539959249;
Fri, 27 Jan 2017 09:59:19 -0800 (PST)
Return-Path: <[email protected]>
Received: from mail.example.com (ec2-etc.compute.amazonaws.com. [public-ip-address])
by mx.google.com with ESMTP id h125si7036671wme.3.2017.01.27.09.59.18
for <[email protected]>;
Fri, 27 Jan 2017 09:59:19 -0800 (PST)
Received-SPF: neutral (google.com: public-ip-address is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=public-ip-address;
Authentication-Results: mx.google.com;
spf=neutral (google.com: public-ip-address is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: by mail.example.com (Postfix, from userid 1001) id 61C031407CF; Fri, 27 Jan 2017 17:49:22 +0000 (UTC)
Subject: This is the subject line
To: <[email protected]>
X-Mailer: mail (GNU Mailutils 2.99.98)
Message-Id: <[email protected]>
Date: Fri, 27 Jan 2017 17:49:22 +0000 (UTC)
From: Filipe Simoes <[email protected]>
This is the body of the email
显著的区别在于线条Message-Id和Received。
已过滤的电子邮件:
Message-Id: <[email protected]>
Received: from mail.example.com (otherhostname [private-ip-address]) by mail.example.com (Postfix) with SMTP id ADD161407D1 for <[email protected]>; Mon, 30 Jan 2017 11:55:27 +0000 (UTC)
未过滤的电子邮件:
Message-Id: <[email protected]>
Received: by mail.example.com (Postfix, from userid 1001) id 61C031407CF; Fri, 27 Jan 2017 17:49:22 +0000 (UTC)
因此,显然 Google 不喜欢 Postfix 从远程源中继消息,但完全可以接受它直接发送电子邮件。
问题是消息 ID!通过 telnet 发送邮件时,消息 ID(通常由邮件客户端生成)未正确设置。当我在DATA 命令后将消息 ID 添加到标题中时,邮件几乎立即进入我的收件箱。Message-Id: <[email protected]>
答案2
Postfix 可以添加消息 ID如果缺失。编辑您的/etc/postfix/main.cf:
# make sure your IP range is added
mynetworks = 127.0.0.0/8 172.17.0.0/16
你显然需要有默认local_header_rewrite_clients为哪个的客户端 IP ,而我的远程 IP 也已经在那里了:permit_inet_interfaces$inet_interfaces
inet_interfaces = 127.0.0.1, 172.17.0.1
设置后,只需将其添加到末尾main.cf:
always_add_missing_headers = yes