我的 Postfix 服务器运行在 Debian Stretch 上。它能够毫无问题地将电子邮件发送到 GMail 地址,这些电子邮件不会被视为垃圾邮件。在 DNS 级别,我配置了 DKIM、SPF 和 DMARC,GMail 会通知我这三个的“Pass”值。消息也由我的域名加密(Google 不会放置红色挂锁来表示消息未加密)。我使用 Let's Encrypt 来加密我的域名。我只需要 Postfix,仅用于从服务器发送邮件。
当我向 Gmail 地址发送邮件时,日志正常并显示:
Jul 1 11:46:25 mydomain-linux postfix/smtp[16054]: Trusted TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1a]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Jul 1 11:46:25 mydomain-linux postfix/smtp[16054]: 35AB4600BB6: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1a]:25, delay=0.81, delays=0.12/0.01/0.38/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK 1593085583 r2si6295852wrp.70 - gsmtp)
另一方面,发往其他快递公司(例如 Protonmail 或 GMX)的邮件无法收到。status=deferred我的日志文件中始终显示此错误消息/Var/log/mail.log:
Jul 1 18:36:28 mydomain-linux postfix/error[13029]: 28F18600BF6: to=<[email protected]>, relay=none, delay=23, delays=0.13/23/0/0.06, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
Jul 1 18:36:31 mydomain-linux postfix/smtp[12946]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
Jul 1 18:36:31 mydomain-linux postfix/smtp[12946]: DAFA8600BF2: to=<[email protected]>, relay=none, delay=60, delays=0.12/0.03/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
但我没有发现问题。
这是我的 Postfix 配置:
文件/etc/postfix/main.cf:
# ----------------------------------------------------------
# - General Settings
# ----------------------------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
delay_warning_time = 4h
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
myhostname = mydomain-linux.fr
myorigin = mydomain-linux.fr
mydestination = localhot localhost.$myhostname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# ----------------------------------------------------------
# - TLS parameters
# ----------------------------------------------------------
tls_medium_cipherlist = EECDH+AESGCM:EDH+AESGCM
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
broken_sasl_auth_clients = yes
lmtp_tls_session_cache_database = btree:${data_directory}/lmtp_scache
# SMTPD
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_authenticated_header = yes
smtpd_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_dh1024_param_file = $config_directory/dh2048.pem
smtpd_tls_dh512_param_file = $config_directory/dh512.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtpd_tls_CApath = /etc/letsencrypt/live/mydomain-linux.fr/fullchain.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain-linux.fr/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain-linux.fr/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_dh1024_param_file = $config_directory/dh2048.pem
smtpd_tls_dh512_param_file = $config_directory/dh512.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# SMTP ( INCOMING / Client )
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_CAfile = /etc/ssl/certs/ca.cert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, 3DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH
# ----------------------------------------------------------
# - OpenDKIM
# ----------------------------------------------------------
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 6
文件/etc/postfix/master.cf:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem
-o content_filter=spamassassin
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}