我正在尝试使用带有虚拟域的 Postfix (3.3.0) 设置邮件服务器,针对 Amazon RDS MySQL (8.0.11) 实例进行查询,并在邮件服务器和 RDS 实例之间使用 SSL。
我刚刚开始设置,所以还没有打开任何高级服务;我刚刚启动并运行了 Postfix 和 Dovecot,并尝试通过 telnet 从本地向邮件服务器发送邮件。这失败了(这没关系,这就是测试的目的),但我无法确定失败的原因。特别是,postfix 无法工作,但 postmap 似乎工作正常!
通过 postfix 完成操作后返回的核心错误似乎是“SSL_CTX_set_default_verify_paths”。环顾四周,我只能找到两个真正相关的问题,其中一个问题由配置文件中的简单拼写错误回答;另一个问题似乎与 postfix 对 CA 文件的读取权限有关。我没有(至少没有那个特定的)拼写错误,而且我很确定这不是文件权限问题,但也许我错了。
Postfix 失败的情况如下:
$telnet localhost 25
EHLO <my.working.mailserver>
MAIL FROM: <[email protected]>
RCPT TO: postmaster@localhost
邮件日志的内容如下:
Nov 2 11:09:31 ip-172-31-7-179 postfix/smtpd[11883]: connect from localhost[127.0.0.1]
Nov 2 11:09:45 ip-172-31-7-179 postfix/trivial-rewrite[11879]: warning: connect to mysql server <my.rds.endpoint>:<myport>: SSL connection error: SSL_CTX_set_default_verify_paths failed
Nov 2 11:09:45 ip-172-31-7-179 postfix/trivial-rewrite[11879]: warning: virtual_alias_domains: mysql:/etc/postfix/mysql_alias.cf: table lookup problem
Nov 2 11:09:45 ip-172-31-7-179 postfix/trivial-rewrite[11879]: warning: virtual_alias_domains lookup failure
Nov 2 11:09:58 ip-172-31-7-179 postfix/trivial-rewrite[11879]: warning: virtual_alias_domains: mysql:/etc/postfix/mysql_alias.cf: table lookup problem
Nov 2 11:09:58 ip-172-31-7-179 postfix/trivial-rewrite[11879]: warning: virtual_alias_domains lookup failure
Nov 2 11:09:58 ip-172-31-7-179 postfix/smtpd[11883]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.0 <postmaster@localhost>: Temporary lookup failure; from=<[email protected]> to=<postmaster@localhost> proto=ESMTP helo=<my.working.mailserver>
但是,如果我尝试使用 postmap 查找 postmaster@localhost,它似乎工作正常:
$sudo -upostfix postmap -q postmaster@localhost mysql:/etc/postfix/mysql_alias.cf
root@localhost
并且有些冗长:
$sudo -upostfix postmap -v -q postmaster@localhost mysql:/etc/postfix/mysql_alias.cf
postmap: name_mask: all
postmap: inet_addr_local: configured 2 IPv4 addresses
postmap: inet_addr_local: configured 2 IPv6 addresses
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: user = postfix
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: password = <password>
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: dbname = <db_name>
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: result_format = %s
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: option_file = <NULL>
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: option_group = client
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: tls_key_file = <NULL>
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: tls_cert_file = <NULL>
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: tls_CAfile = /etc/mysql/ssl/rds-combined-ca-bundle.pem
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: tls_CApath = <NULL>
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: tls_ciphers = <NULL>
postmap: cfg_get_bool: /etc/postfix/mysql_alias.cf: tls_verify_cert = on
postmap: cfg_get_bool: /etc/postfix/mysql_alias.cf: require_result_set = on
postmap: cfg_get_int: /etc/postfix/mysql_alias.cf: expansion_limit = 0
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: query = SELECT destination FROM aliases WHERE mail = '%s' AND enabled=1
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: domain =
postmap: cfg_get_str: /etc/postfix/mysql_alias.cf: hosts = <my.rds.endpoint>:<myport>
postmap: dict_open: mysql:/etc/postfix/mysql_alias.cf
postmap: dict_mysql_get_active: attempting to connect to host <my.rds.endpoint>:<myport>
postmap: dict_mysql: successful connection to host <my.rds.endpoint>:<myport>
postmap: mysql:/etc/postfix/mysql_alias.cf: successful query result from host <my.rds.endpoint>:<myport>
postmap: dict_mysql_lookup: retrieved 1 rows
root@localhost
正如我所说,我不认为这是一个文件权限问题,因为我以 postfix 身份使用 sudo,并且除 master 之外的所有 postfix 服务都以该用户身份运行
$ps -auxw | grep postfix
root 11864 0.0 0.4 67376 4100 ? Ss 11:09 0:00 /usr/lib/postfix/sbin/master -w
postfix 11874 0.0 0.5 73808 5172 ? S 11:09 0:00 pickup -l -t unix -u -c
postfix 11875 0.0 0.5 73856 5428 ? S 11:09 0:00 qmgr -l -t unix -u
postfix 11877 0.0 0.6 88668 6608 ? S 11:09 0:00 cleanup -z -t unix -u -c
postfix 11879 0.0 0.6 88500 6288 ? S 11:09 0:00 trivial-rewrite -n rewrite -t unix -u -c
postfix 11884 0.0 0.7 87248 7988 ? S 11:09 0:00 tlsmgr -l -t unix -u -c
postfix 11972 0.0 0.6 88668 6496 ? S 11:51 0:00 cleanup -z -t unix -u -c
cwr 11974 0.0 0.1 14856 1080 pts/1 S+ 11:53 0:00 grep postfix
我是不是忽略了一些简单的东西?为什么以 postfix 用户身份运行的 postmap 在读取与 postfix 本身相同的配置时可以正常工作,而 postfix 却无法工作?
为了完整起见,请注意 postmap 命令正在读取mysql:/etc/postfix/mysql_alias.cf。以下是 main.cf 的关键部分:
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
我认为这三个文件都相当简单:
$sudo cat /etc/postfix/mysql_alias.cf
hosts = <my.rds.endpoint>:<myport>
user = <postfix_db_user>
password = <postfix_db_user_pass>
dbname = <db_name>
query = SELECT destination FROM aliases WHERE mail = '%s' AND enabled=1
tls_CAfile = /etc/mysql/ssl/rds-combined-ca-bundle.pem
tls_verify_cert = yes
如果您能提供任何关于如何修复或进一步调试此问题的想法,我们将不胜感激。
答案1
我遇到了类似的问题,但我发现,如果我使用 RDS 的本地 IPv4,一切都会按预期运行。我想知道您是否成功解决了这个问题?
对于我的具体问题,我不会讲太多细节,但只介绍一下背景:auth 从 dovecot 的角度来说有效,但是当我尝试发送电子邮件时,收到以下错误:
451 4.3.0 <[email protected]>: Temporary lookup failure
我得到/var/log/maillog:
Jan 22 13:15:27 ip-1-1-1-1 postfix/submission/smtpd[4726]: dict_mysql_get_active: attempting to connect to host rds-test.us-east-1.rds.amazonaws.com
Jan 22 13:15:27 ip-10-1-1-1 postfix/submission/smtpd[4726]: warning: connect to mysql server rds-test.us-east-1.rds.amazonaws.com: Unknown MySQL server host 'rds-test.us-east-1.rds.amazonaws.com' (16)
Jan 22 13:15:27 ip-10-1-1-1 postfix/submission/smtpd[4726]: warning: mysql:/etc/postfix/mysql-email2email.cf lookup error for "[email protected]"
哦,我忘了说了,当我从 Postfix 机器本身连接而不是从某个远程机器连接时,使用$ openssl s_client -connect 127.0.0.1:25 -starttls smtpRDS 就不再Unknown MySQL能够发送电子邮件了。