Postfix - TLS - 端口 587 - 仅从本地主机连接

tag-icon tag-icon postfix
Postfix - TLS - 端口 587 - 仅从本地主机连接

为什么我无法连接到 AMI 上端口 587 上的 Postfix?

这是一个AMI,AMI防火墙打开了587,iptables是空的,因为我用的是Amazon防火墙。

从服务器本身来看,以下操作正常:

openssl s_client -starttls smtp -crlf -connect ami.example.com:587

后配置-n

alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 9
debug_peer_list = ami.example.com mail.example.com
home_mailbox = Maildir/
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mailbox_command = 
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.crt
smtpd_tls_key_file = /etc/ssl/private/mail.example.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

主配置文件

submission inet n - n - - smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

nmap结果

Nmap scan report for ami.example.com 
Host is up (0.024s latency).

Not shown: 995 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
143/tcp open   imap
587/tcp closed submission
993/tcp open   imaps

网络状态结果

netstat --proto=inet -pnl | grep 587
tcp        0      0 127.0.0.1:587  0.0.0.0:*    LISTEN    29829/master

从远程机器使用时的结果:

openssl s_client -starttls smtp -crlf -connect ami.example.com:587

套接字:连接被拒绝

连接:errno=111

身份验证由 pam 进行。

已检查:Postfix 拒绝 587

答案1

您已将 inet_interfaces 设置为 localhost。您可以在 netstat 输出中看到此操作的效果,其中进程仅列在 127.0.0.1 上。

相关内容