我的问题简而言之:
我在 ubuntu 服务器 18.04 上有一个本地邮件服务器(postfix 和 dovecot 并使用自分配 SSL、openssl),我可以从同一网络中的另一台电脑登录(仅收到有关自分配 SSL 的警告)。
但是当我尝试发送电子邮件(给同一个用户或另一个用户)时,我会在已发送文件夹中看到该邮件,但收件箱中却没有任何内容。这是我的 /var/log/mail.log 输出:
May 25 13:44:17 tsun postfix/submission/smtpd[19418]: Anonymous TLS connection established from unknown[192.168.7.17]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
May 25 13:44:17 tsun postfix/submission/smtpd[19418]: BBA4C802F5: client=unknown[192.168.7.17], sasl_method=PLAIN, sasl_username=veelst
May 25 13:44:17 tsun postfix/cleanup[19425]: BBA4C802F5: message-id=<[email protected]>
May 25 13:44:17 tsun postfix/qmgr[19411]: BBA4C802F5: from=<[email protected]>, size=584, nrcpt=1 (queue active)
May 25 13:44:17 tsun postfix/smtp[19426]: BBA4C802F5: to=<[email protected]>, relay=none, delay=0.06, delays=0.05/0.01/0/0, dsn=5.4.6, status=bounced (mail for tsun.net loops back to myself)
May 25 13:44:17 tsun postfix/cleanup[19425]: D3AE1802F7: message-id=<[email protected]>
May 25 13:44:17 tsun postfix/submission/smtpd[19418]: disconnect from unknown[192.168.7.17] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
May 25 13:44:17 tsun postfix/bounce[19427]: BBA4C802F5: sender non-delivery notification: D3AE1802F7
May 25 13:44:17 tsun postfix/qmgr[19411]: D3AE1802F7: from=<>, size=2425, nrcpt=1 (queue active)
May 25 13:44:17 tsun postfix/qmgr[19411]: BBA4C802F5: removed
May 25 13:44:17 tsun postfix/smtp[19426]: D3AE1802F7: to=<[email protected]>, relay=none, delay=0.04, delays=0.04/0/0/0, dsn=5.4.6, status=bounced (mail for tsun.net loops back to myself)
May 25 13:44:17 tsun postfix/qmgr[19411]: D3AE1802F7: removed
May 25 13:44:18 tsun dovecot: imap(veelst)<19277><Nqj5HnmmNMzAqAcR>: Connection closed (IDLE running for 0.001 + waiting input for 0.002 secs, 0.001 in locks, 2 B in + 10 B out, state=wait-input) in=906 out=301$
May 25 13:44:18 tsun dovecot: imap-login: Login: user=<veelst>, method=PLAIN, rip=192.168.7.17, lip=192.168.7.146, mpid=19429, TLS, session=</PPpLHmmhM3AqAcR>
详细信息:
我有一个运行 Ubuntu Server 18.04 的本地邮件服务器,其 IP 地址为 192.168.7.146
hostnamectl 的输出:
veelst@tsun:/var/mail$ hostnamectl
Static hostname: tsun
...
Operating System: Ubuntu 18.04.1 LTS
Kernel: Linux 4.15.0-101-generic
Architecture: x86-64
有 postfix 和 dovecot:
postconf mail_version
mail_version = 3.3.0
dovecot --version
2.3.10.1 (a3d0e1171)
在另一台机器上我安装了 BIND9 DNS 服务器,并指定以下区域指向邮件服务器:
$ttl 38400
tsun.net. IN SOA thome.local. admin.tsun.net. (
1589393672
10800
3600
604800
38400 )
tsun.net. IN NS thome.local.
mail.tsun.net. 3600 IN A 192.168.7.146
tsun.net. 3600 IN MX 0 mail.tsun.net.
tsun.net. 3600 IN TXT "v=spf1 mx ~all"
tsun.net. IN A 192.168.7.146
正如我上面所说,我可以使用 thunderbird 在同一个网络上的 PC 正常登录。也可以从我的 PC 正常访问 porst,sudo nmap mail.tsun.net 命令的输出为:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-25 13:34 +03
Nmap scan report for mail.tsun.net (192.168.7.146)
Host is up (0.00074s latency).
rDNS record for 192.168.7.146: msun
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
Nmap done: 1 IP address (1 host up) scanned in 4.04 seconds
关于我的设置的其他一些有用信息:
鸽舍-n:
# 2.3.10.1 (a3d0e1171): /etc/dovecot/dovecot.conf
# OS: Linux 4.15.0-101-generic x86_64 Ubuntu 18.04.1 LTS
# Hostname: tsun
auth_mechanisms = plain login
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = create
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl_cert = </var/www/cert/certificate.pem
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
postconf-n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:private/dovecot-lmtp
message_size_limit = 52428800
mydestination = $myhostname, localhost.tsun.net, localhost
myhostname = mail.tsun.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /var/www/cert/certificate.pem
smtpd_tls_key_file = /var/www/cert/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtputf8_enable = no
我还使用此命令创建了我的 SSL
$openssl genrsa -out key.pem 2048
$openssl req -new -sha256 -key key.pem -out csr.csr
$sudo openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
$openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA256" && echo "All is well" || echo "This certificate will stop working in 2017! You must update OpenSSL to generate a widely-compatible certificate"
(我得到了“一切都好”的输出)
解决我的问题后,我在日志中收到新的错误:
[private/dovecot-lmtp]: Connection refused
通过在 /etc/dovecot/dovecot.conf 中的协议中添加 lmtp 来修复此问题:
protocols = imap pop3 lmtp
这修复了连接被拒绝的错误。
然后我收到新的错误,即未找到用户。必须通过转到 /etc/dovecot/conf.d/10-auth.conf 并取消注释该行来修复它:
auth_username_format = %n
现在我可以从同一个网络正常发送和接收邮件!
答案1
Postfix 会告诉你具体原因:
status=bounced (mail for tsun.net loops back to myself)
尝试在 中添加tsun.net
以下行。您告诉它应该为域“localhost.tsun.net”和“localhost”添加的行。可能是拼写错误?mydestination
/etc/postfix/main.cf
然后重新启动你的 Postfix 守护进程:
/etc/init.d/postfix restart