我最近必须诊断几个运行 Postfix 的服务器,当它们返回非 OK 值时,它们会通过电子邮件发送 rsync cronjobs 的结果。
当 Postfix 在 rsync 失败时向收件人发送电子邮件时,我注意到 cronjob STDOUT 未在本地正确中继到根邮件。这是运行 Postfix 2 的旧 Ubuntu 机器:
Dec 3 09:30:01 server01 postfix/pickup[10499]: B5A2B780C7F: uid=0 from=<root>
Dec 3 09:30:01 server01 postfix/cleanup[23133]: B5A2B780C7F: message-id=<[email protected]>
Dec 3 09:30:01 server01 postfix/qmgr[23780]: B5A2B780C7F: from=<[email protected]>, size=1969, nrcpt=1 (queue active)
Dec 3 09:30:02 server01 postfix/smtp[23135]: B5A2B780C7F: to=<[email protected]>, orig_to=<root>, relay=smtp.fqdn.tld[1.2.3.4]:25, delay=0.7, delays=0.26/0.01/0.02/0.42, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=244571470] Queued mail for delivery)
Dec 3 09:30:02 server01 postfix/qmgr[23780]: B5A2B780C7F: removed
Dec 3 10:00:06 server01 postfix/pickup[15878]: 5D0B8780C7F: uid=0 from=<root>
Dec 3 10:00:06 server01 postfix/cleanup[22344]: 5D0B8780C7F: message-id=<[email protected]>
Dec 3 10:00:06 server01 postfix/qmgr[23780]: 5D0B8780C7F: from=<[email protected]>, size=2198, nrcpt=1 (queue active)
另一台服务器是使用 Postfix 3 的新 CentOS 版本,其记录的错误略有不同:
Dec 3 22:02:48 server02 postfix/pickup[20144]: 9491960138: uid=0 from=<root>
Dec 3 22:02:48 server02 postfix/cleanup[26411]: 9491960138: message-id=<[email protected]>
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 9491960138: from=<[email protected]>, size=2541, nrcpt=1 (queue active)
Dec 3 22:02:48 server02 postfix/cleanup[26411]: 98BF0600D6: message-id=<[email protected]>
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 98BF0600D6: from=<[email protected]>, size=2689, nrcpt=1 (queue active)
Dec 3 22:02:48 server02 postfix/local[26414]: 9491960138: to=<root@localhost>, orig_to=<root>, relay=local, delay=167, delays=167/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 98BF0600D6)
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 9491960138: removed
Dec 3 22:02:48 server02 postfix/local[26414]: 98BF0600D6: to=<root@localhost>, orig_to=<root>, relay=local, delay=0.02, delays=0/0/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for root@localhost)
Dec 3 22:02:48 server02 postfix/cleanup[26411]: 9D80F60139: message-id=<[email protected]>
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 9D80F60139: from=<>, size=4684, nrcpt=1 (queue active)
Dec 3 22:02:48 server02 postfix/cleanup[26411]: 9E9ED6013A: message-id=<[email protected]>
Dec 3 22:02:48 server02 postfix/bounce[26416]: 98BF0600D6: sender non-delivery notification: 9D80F60139
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 98BF0600D6: removed
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 9E9ED6013A: from=<>, size=4832, nrcpt=1 (queue active)
Dec 3 22:02:48 server02 postfix/local[26415]: 9D80F60139: to=<root@localhost>, orig_to=<[email protected]>, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (forwarded as 9E9ED6013A)
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 9D80F60139: removed
Dec 3 22:02:48 server02 postfix/local[26414]: 9E9ED6013A: to=<root@localhost>, orig_to=<[email protected]>, relay=local, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail forwarding loop for root@localhost)
Dec 3 22:02:48 server02 postfix/qmgr[21628]: 9E9ED6013A: removed
Dec 3 22:30:05 server02 postfix/pickup[20144]: C776360138: uid=0 from=<root>
Dec 3 22:30:05 server02 postfix/cleanup[10175]: C776360138: message-id=<[email protected]>
Dec 3 22:30:05 server02 postfix/qmgr[21628]: C776360138: from=<[email protected]>, size=2172, nrcpt=1 (queue active)
Dec 3 22:30:05 server02 postfix/cleanup[10175]: CBB5D600D6: message-id=<[email protected]>
Dec 3 22:30:05 server02 postfix/qmgr[21628]: CBB5D600D6: from=<[email protected]>, size=2320, nrcpt=1 (queue active)
Dec 3 22:30:05 server02 postfix/local[10178]: C776360138: to=<root@localhost>, orig_to=<root>, relay=local, delay=4.1, delays=4.1/0.01/0/0, dsn=2.0.0, status=sent (forwarded as CBB5D600D6)
Dec 3 22:30:05 server02 postfix/qmgr[21628]: C776360138: removed
Dec 3 22:30:05 server02 postfix/local[10178]: CBB5D600D6: to=<root@localhost>, orig_to=<root>, relay=local, delay=0.02, delays=0/0/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for root@localhost)
Dec 3 22:30:05 server02 postfix/cleanup[10175]: D04C460139: message-id=<[email protected]>
Dec 3 22:30:05 server02 postfix/qmgr[21628]: D04C460139: from=<>, size=4315, nrcpt=1 (queue active)
Dec 3 22:30:05 server02 postfix/cleanup[10175]: D14146013A: message-id=<[email protected]>
Dec 3 22:30:05 server02 postfix/bounce[10180]: CBB5D600D6: sender non-delivery notification: D04C460139
Dec 3 22:30:05 server02 postfix/qmgr[21628]: CBB5D600D6: removed
Dec 3 22:30:05 server02 postfix/qmgr[21628]: D14146013A: from=<>, size=4463, nrcpt=1 (queue active)
Dec 3 22:30:05 server02 postfix/local[10179]: D04C460139: to=<root@localhost>, orig_to=<[email protected]>, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (forwarded as D14146013A)
Dec 3 22:30:05 server02 postfix/qmgr[21628]: D04C460139: removed
Dec 3 22:30:05 server02 postfix/local[10178]: D14146013A: to=<root@localhost>, orig_to=<[email protected]>, relay=local, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail forwarding loop for root@localhost)
Dec 3 22:30:05 server02 postfix/qmgr[21628]: D14146013A: removed
这些 Postfix 安装能够通过 SMTP 中继向公司域中的用户发送电子邮件。但如何解决无法在本地交付本地根报告的问题?
答案1
(在这些示例中,我已将主机名匿名化,并将外部域更改为fqdn.tld)。
先决条件:
在两台服务器上,
/etc/aliases已经包含一个root: root条目/etc/postfix/virtual包含root root@localhost和/etc/postfix/generic已经包含了机器的发送别名(例如,[email protected] [email protected]
由于 Postfix 在运行时使用散列数据库版本,因此 、 和 文件在任何更改之后aliases都virtual需要generic。postmap
原始 Postfix 配置:
relayhost = smtp.fqdn.tld
myhostname = server01.fqdn.tld
mydomain = fqdn.tld
myorigin = $myhostname
mydestination = $myhostname localhost.$myhostname localhost
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
mynetworks_style = host
inet_interfaces = loopback-only
mydestination = $myhostname, localhost.$mydomain, $mydomain, fqdn.tld, fqdn2.tld
alias_maps = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic
虽然这意味着该邮箱能够向公司域中的收件人发送邮件,但发送到根邮箱(/var/spool/mail/root)的所有本地电子邮件都无法发送。
我早期就发现了myorigin和mydestination值中的一个错误(它们太过明确,还提到了外部域,这可能会混淆本地交付尝试),所以我修改了它们。我还清理了其他选项。
这是我为 Postfix 2.7 框确定的工作配置,其中包含一些其他有用内容的注释(例如明确定义 IPv4/IPv6 接口,或禁用 Postfix 3 向后配置兼容性)。幸运的是,Postfix 3.3 框也可以使用相同的配置。
relayhost = smtp.fqdn.tld
myhostname = server01.fqdn.tld
mydomain = fqdn.tld
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
mynetworks_style = host
# host makes the mynetworks unnecessary - defining mynetworks overrides mynetworks_style
#mynetworks = 127.0.0.0/8, 1.2.3.4/32
# http://www.postfix.org/BASIC_CONFIGURATION_README.html
inet_interfaces = loopback-only
#inet_interfaces = 127.0.0.1, 1.2.3.4,
# ::1
# https://serverfault.com/questions/452350/how-to-completely-disable-ipv6-for-loopback-interface-on-rhel-5-6
alias_maps = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic
# compatibility_level disables postfix 2 backward compatibility in Postfix 3.
# http://www.postfix.org/postconf.5.html#compatibility_level
#compatibility_level = 2
在 Postfix 3 框上,我最终使用了相同的基本配置,但变量compatibility_level = 2取消了注释。
某些变量的解释存在一些差异,其他变量的默认行为也存在变化,尤其是诸如 之类的东西mynetworks_style。设置网络对于避免机器成为不知情的开放中继非常重要。
正确设置[mydestination][1]变量很重要 - 它告诉机器它将本地交付哪些域,而不是通过 SMTP 中继到另一台机器。(见Postfix 基本配置举些例子。)
如果你想检查它是否正常工作,请跟踪你的邮件日志:
tail -fn 100 /var/log/maillog(或mail.log在某些机器上)
对于所有 cron 报告,你现在应该看到类似
Dec 4 14:04:50 server01 postfix/pickup[25672]: 1B2566011A: uid=0 from=<root>
Dec 4 14:04:50 server01 postfix/cleanup[19854]: 1B2566011A: message-id=<[email protected]>
Dec 4 14:04:50 server01 postfix/qmgr[29434]: 1B2566011A: from=<[email protected]>, size=2320, nrcpt=1 (queue active)
Dec 4 14:04:50 server01 postfix/local[19859]: 1B2566011A: to=<[email protected]>, orig_to=<root>, relay=local, delay=289, delays=289/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Dec 4 14:04:50 server01 postfix/qmgr[29434]: 1B2566011A: removed
这中继=本地和状态=已发送(已送达)是关键,而不是状态=已退回或任何对 SMTP 服务器的引用(例如relay=smtp.fqdn.tld[1.2.3.4]:25)。来自 cron 输出等的本地报告到根邮箱应始终在本地传递(本地中继)。
一旦正确设置,我建议使用mutt(apt-get install mutt/ yum install mutt)来检查根邮箱:mutt -f /var/spool/mail/root。