我设置了一个 IP 为 123...1 的 debian 8.7 linux 服务器,并将 bla.example.org 指向它。(www.)example.org 指向另一台服务器 123...2。现在我在此服务器上安装了 mailcow,并且我也为其使用了域 bla.example.org(mailcow-admin-panel 位于 mail.bla.example.org 下)。安装似乎很顺利。一切都顺利,没有任何错误或警告。
所有内容均具有完整功能,除了接收电子邮件[电子邮件保护](但我可以发送电子邮件)。
我想向您展示我的 DNS 设置:
A RECORDS
name | destination ip
---------------------------------------------
example.org | 123...2
www.example.org | 123...2
bla.example.org | 123...1
autodiscover.bla.example.org | 123...1
autoconfig.bla.example.org | 123...1
dav.bla.example.org | 123...1
AAAA RECORDS
none
MX RECORDS
name | priority | value
---------------------------------------------
example.org | 5 | bla.example.org
CNAME RECORDS
none
NS RECORDS
name | value
---------------------------
example.org | ns1.whois.com
example.org | ns2.whois.com
example.org | ns3.whois.com
example.org | ns4.whois.com
TXT RECORDS
name | value
------------------------------
example.org | "v=spf1 mx -all"
SRV RECORDS
name | priority | weight | port | value
--------------------------------------------------------------------------------------------
_imap._tcp.bla.example.org | 0 | 1 | 143 | bla.example.org
_imaps._tcp.bla.example.org | 0 | 1 | 993 | bla.example.org
_caldavs._tcp.bla.example.org | 0 | 1 | 443 | dav.bla.example.org
_carddavs._tcp.bla.example.org | 0 | 1 | 443 | dav.bla.example.org
_autodiscover._tcp.bla.example.org | 0 | 1 | 443 | autodiscover.bla.example.org
MXtoolbox 说,一切正常,除了 srv:example.org:它说“未找到 DNS 记录”。
有人有想法吗?
--- 编辑 1 ---
这是我的 iptables:
root@xxxxxxxxxx:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
这是我的 netstat
root@xxxxxxx:~# netstat -nlp |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 17342/master
tcp6 0 0 :::25 :::* LISTEN 17342/master
root@xxxxxxx:~# netstat -nlp |grep :993
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init
root@xxxxxxx:~# netstat -nlp |grep :143
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init
netstat -taupen
root@xxxxxxx:~# sudo netstat -taupen
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 0 1203091898 17342/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 109 1197892369 843/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 0 1203091763 17342/master
tcp 0 0 127.0.0.1:588 0.0.0.0:* LISTEN 0 1203091768 17342/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 0 1258351074 4754/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 1203090744 1/init
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 1258343845 4718/apache2
tcp 0 0 127.0.0.1:81 0.0.0.0:* LISTEN 0 1258343849 4718/apache2
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 0 1203091757 17342/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 1197888954 260/sshd
tcp 0 0 127.0.0.1:10040 0.0.0.0:* LISTEN 112 1203093011 17396/opendkim
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 1203091747 17342/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 1258343847 4718/apache2
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 0 1258351049 4754/dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 1203090745 1/init
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 1258351075 4754/dovecot
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 0 1197889825 436/postgrey.pid --
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 5001 1203089884 17106/python
tcp 0 64 185.xxx.xxx.xxx:22 212.xxx.xxx.xxx:52217 ESTABLISHED 0 1258284102 4644/1
tcp 0 0 185.xxx.xxx.xxx:22 212.xxx.xxx.xxx:50148 ESTABLISHED 0 1255922804 4028/0
tcp6 0 0 :::587 :::* LISTEN 0 1203091764 17342/master
tcp6 0 0 :::465 :::* LISTEN 0 1203091758 17342/master
tcp6 0 0 127.0.0.1:8983 :::* LISTEN 113 1203085479 16901/java
tcp6 0 0 :::25 :::* LISTEN 0 1203091748 17342/master
--- 编辑2 ---
好的,我看到在 dovecot 10-master.conf 中有以下几行我编辑的内容:
service imap-login {
inet_listener imap {
port = 143 <---- "#" removed by me
}
inet_listener imaps {
port = 993 <---- "#" removed by me
ssl = yes <---- "#" removed by me
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
另一个有用的表格:
root@xxxxxxxx:~# systemctl -all list-sockets
LISTEN UNIT ACTIVATES
/run/fcgiwrap.socket fcgiwrap.socket fcgiwrap.service
/run/systemd/initctl/fifo systemd-initctl.socket systemd-initctl.service
/run/systemd/journal/dev-log systemd-journald-dev-log.socket systemd-journald.service
/run/systemd/journal/socket systemd-journald.socket systemd-journald.service
/run/systemd/journal/stdout systemd-journald.socket systemd-journald.service
/run/systemd/journal/syslog syslog.socket rsyslog.service
/run/systemd/shutdownd systemd-shutdownd.socket systemd-shutdownd.service
/run/udev/control systemd-udevd-control.socket systemd-udevd.service
/run/uuidd/request uuidd.socket uuidd.service
/var/run/clamav/clamd.ctl clamav-daemon.socket clamav-daemon.service
0.0.0.0:143 dovecot.socket dovecot.service
0.0.0.0:993 dovecot.socket dovecot.service
kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
这是 bla.example.org 的端口扫描
Status Port Name Result Time (ms)
21 ftp Filtered 0
22 ssh Open 130
23 telnet Filtered 0
25 smtp Open 131
53 dns Filtered 0
80 http Open 1331
110 pop3 Filtered 0
111 portmapper, rpcbind Filtered 0
135 Microsoft RPC services Filtered 0
139 netbios Filtered 0
143 imap Filtered 0
389 ldap Filtered 0
443 https Open 131
445 SMB directly over IP Filtered 0
587 msa-outlook Open 130
1025 IIS, NFS, or listener RFS remote_file_sharing Filtered 0
1352 lotus notes Filtered 0
1433 sql server Filtered 0
1723 Point-to-point tunnelling protocol Filtered 0
3306 my sql Filtered 0
3389 remote desktop Filtered 0
5060 Session Initiation Protocol (SIP) Filtered 0
5900 Virtual Network Computer display 0 Filtered 0
6001 X Window server Filtered 0
8080 webcache Filtered 0
正如您在此处看到的,imap 端口 143 已被过滤,并且 993 甚至没有出现。^
我可以通过 telnet 连接:
root@xxxxxxxxxxx:~# telnet 185.xxx.xxx.xxx 143
Trying 185.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
答案1
SRV 记录不太可能是罪魁祸首;应该使用 MX 记录。其中有一个错误 - 您有一个优先级为 20 的 MX 记录指向“mail.bla.example.com”,但没有相应的 A 记录。您需要修复该问题。
如果存在其他问题,则不获取实际域名就无法发现。