我一直在尝试配置我的 Amazon EC2 实例(运行 Ubuntu 20.04)以通过 Amazon SES 发送邮件。我从早期(成功)的配置中借用了各种设置,以防止在此机器上进行任何本地邮件投递,并确保所有外发邮件都来自单个发件人地址。出于某种原因,postfix 拒绝发送邮件。错误总是看起来像这样(我已删除可识别的域等):
May 11 21:24:43 ip-172-30-2-193 postfix/pickup[3918]: 256D03EEA0: uid=1001 from=<[email protected]>
May 11 21:24:43 ip-172-30-2-193 postfix/cleanup[3928]: 256D03EEA0: message-id=<[email protected]>
May 11 21:24:43 ip-172-30-2-193 postfix/qmgr[3919]: 256D03EEA0: from=<[email protected]>, size=723, nrcpt=1 (queue active)
May 11 21:24:43 ip-172-30-2-193 postfix/smtp[3921]: 256D03EEA0: to=<[email protected]>, relay=none, delay=14, delays=14/0/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=email-smtp.us-east-1.amazonaws.com type=A: Host not found, try again)
这是我的 postconf:
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = loopback-only
inet_protocols = ipv4
local_transport = error:local delivery is disabled
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
masquerade_domains = $mydomain
mydestination =
mydomain = mydomain.com
myhostname = www.mydomain.com
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
readme_directory = /usr/share/doc/postfix
relayhost = [email-smtp.us-east-1.amazonaws.com]:587
sample_directory = /usr/share/doc/postfix/examples
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = secure
smtpd_banner = $myhostname ESMTP $mail_name
unknown_local_recipient_reject_code = 550
文件/etc/postfix/sasl_passwdfile 是 root:root 和 640,如下所示:
# NOTE: these are credentials for IAM User [REDACTED]
[email-smtp.us-east-1.amazonaws.com]:587 XXXXXXXXXXXXXXXXXXXXX:YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
其中 XXX... 和 YYY... 是当前从旧服务器运行的凭证。
我已经看到该论坛上有关解决此类错误的各种帖子,但他们建议的解决方案并不能解决我的问题:
- 网络连接问题——我可以通过端口 25 和 587 从该服务器 telnet 到 email-smtp.us-east-1.amazonaws.com,没有任何问题
- 尝试 ipv6 传输- 我特意设定inet_协议到IPv4。
- email-smtp.us-east-1.amazonaws.com 周围是否有方括号 - 我尝试过使用和不使用方括号设置中继主机,并且始终小心地重新散列 sasl_passwd 文件。如果我放入方括号,错误会显示
type=A: Host not found, try again。如果我取出方括号,它会显示type=MX: Host not found, try again。这是唯一的区别。 - DNS 无法解析和/或 resolv.conf 不可读-- 一个
dig email-smtp.us-east-1.amazonaws.com命令总是会产生大约六个 AWS 地址。该文件/etc/resolv.conf是全球可读的。我还没有尝试在任何地方复制或符号链接此文件。 - 中继主机错误或缺少凭证- 所有邮件都应通过 Amazon SES 路由,这是我已将中继主机设置为的,并且该文件
/etc/postfix/sasl_passwd由 root 拥有/可读,并且它包含的凭据与 main.cf 中的中继主机匹配,也可以在另一台较旧的服务器上工作。
答案1
我可以通过在安装 postfix 后立即告诉 Postfix 使用 Google DNS 来解决此问题:
echo 'nameserver 8.8.8.8' >> /var/spool/postfix/etc/resolv.conf
答案2
我遇到了相同的错误消息和问题,解决方法是确保在 postfix 的 main.cf 以及 sasl-passwd 文件中的 AWS SES 服务器名称周围添加 [ ]。
编辑两个文件后,重新散列 sasl-passwd:
sudo postmap hash:/etc/postfix/sasl_passwd
然后重新启动 postfix:
sudo systemctl restart postfix