从新服务器通过 Postfix 发送失败。有什么故障排除建议吗?

tag-icon tag-icon email postfix smtp
从新服务器通过 Postfix 发送失败。有什么故障排除建议吗?

背景
我的组织从托管在 Linode VPS 上的 Wordpress 中的 Mailpoet 插件发送列表电子邮件。

我们有第二个安装了 Postfix 的 VPS,它用作 Mailpoet 列表发送的 SMTP 服务器。(它运行的是 Debian GNU/Linux 4.0r9)

我们正准备将 Wordpress 网站移至新主机(Kinsta)。

问题
在测试时,我们确定 Mailpoet 无法通过 Kinsta 安装的 Postfix SMTP 服务器发送。

我不熟悉 Postfix,但阅读文档后发现mynetworks配置变量应该设置允许哪些 IP 通过 Postfix 发送(或中继)。我已将 Kinsta IP 添加到该列表中,并确认postconf配置已更新。

Kinsta IP 未显示在 Postfixmail.errmail.warn日志中。

据我所知,VPS 上没有运行防火墙(但我怀疑连接可能被 Postfix 以外的其他地方阻止了)。

如果有用的话,我可以在这里发布 Postfix 配置。

问题
我还没有找到解决这个问题的好方法。您如何确定 Postfix 连接未被接受的原因?

除了值之外,您是否知道mynetworks还需要在哪些地方将新 IP 添加到 Postfix?

我没有关于 VPS 设置的文档。您建议查看什么来确定来自 Kinsta 服务器的连接是否在系统的其他地方被阻止?

感谢您的帮助!

编辑:这是 /etc/postfix/main.cf 的内容:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

#needed for backscatter prevention
unknown_local_recipient_reject_code = 550

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = yes

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mail.ic.org
alias_maps = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, 74.50.52.128
#mydestination = ic.org, mail.ic.org, localhost,74.50.52.128

#Mailman config lines
relay_domains = ic.org, lists.ic.org
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1

# 15MB maximum message size
message_size_limit = 25000000
mynetworks = 127.0.0.0/8, 65.216.227.186,216.145.134.0/24, 72.249.39.3, 35.245.151.137, 35.230.170.90
# Added Kinsta 35.245.151.137 and 35.230.170.90 IPs 2020-06-30

mailbox_command = procmail
mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

## Use the ordb.org Real Time Black Hole list
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/whitelist, reject_rbl_client sbl-xbl.spamhaus.org, permit
## Don't accept email when the email address used isn't a real domain
smtpd_sender_restrictions = reject_unknown_sender_domain

default_rbl_reply = $rbl_code Service unavailable; Your message has been blocked because your server is listed in spamhaus (see http://www.spamhaus.org/faq/)


#smtpd_tls_auth_only = yes

#turned these off 8/30/07
#smtp_use_tls = yes
#smtpd_use_tls = yes

#smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/tls/smtpd.key
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem

smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high


smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


fork_delay = 5s

default_process_limit = 50

maximal_queue_lifetime = 3d


content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
qmgr_message_active_limit = 200
queue_run_delay = 2000s
maximal_backoff_time = 8000s
minimal_backoff_time = 2000s

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

编辑:mail.info 日志文件的输出涵盖了从 Kinsta 服务器尝试发送消息的时间,如下所示:

Jul  1 15:07:25 mail postfix/smtpd[10655]: warning: unknown[185.143.72.25]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:07:25 mail postfix/smtpd[13838]: warning: unknown[185.143.73.58]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:07:25 mail postfix/smtpd[10541]: connect from unknown[212.70.149.2]
Jul  1 15:07:25 mail postfix/smtpd[10431]: disconnect from unknown[185.143.73.162]
Jul  1 15:07:26 mail postfix/smtpd[13838]: disconnect from unknown[185.143.73.58]
Jul  1 15:07:26 mail postfix/smtpd[10655]: disconnect from unknown[185.143.72.25]
Jul  1 15:07:27 mail postfix/smtpd[10400]: connect from unknown[46.38.150.47]
Jul  1 15:07:27 mail postfix/smtpd[10648]: connect from unknown[185.143.72.16]
Jul  1 15:07:30 mail postfix/smtpd[13838]: connect from unknown[212.70.149.2]
Jul  1 15:07:31 mail postfix/smtpd[10400]: warning: unknown[46.38.150.47]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:07:32 mail postfix/smtpd[10541]: warning: unknown[212.70.149.2]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:07:32 mail postfix/smtpd[10655]: connect from unknown[212.70.149.50]
Jul  1 15:07:32 mail postfix/smtpd[10400]: disconnect from unknown[46.38.150.47]
Jul  1 15:07:33 mail postfix/smtpd[10648]: warning: unknown[185.143.72.16]: SASL LOGIN

Kinsta IP 未出现在日志中。

这是涵盖从当前(linode)服务器成功发送测试邮件的日志输出:

Jul  1 15:18:04 mail postfix/smtpd[15020]: connect from li1258-185.members.linode.com[45.79.159.185]
Jul  1 15:18:04 mail postfix/smtpd[15803]: warning: unknown[185.143.73.175]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:18:05 mail postfix/smtpd[14820]: warning: unknown[141.98.10.192]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:18:05 mail postfix/smtpd[14820]: disconnect from unknown[141.98.10.192]
Jul  1 15:18:05 mail postfix/smtpd[15466]: warning: unknown[185.143.73.93]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:18:05 mail postfix/smtpd[15020]: 7146B139516: client=li1258-185.members.linode.com[45.79.159.185], sasl_method=LOGIN, sasl_username=noreply
Jul  1 15:18:05 mail postfix/smtpd[15802]: connect from unknown[185.143.73.58]
Jul  1 15:18:05 mail postfix/cleanup[16040]: 7146B139516: message-id=<[email protected]>
Jul  1 15:18:05 mail postfix/smtpd[15466]: disconnect from unknown[185.143.73.93]
Jul  1 15:18:05 mail postfix/smtpd[15803]: disconnect from unknown[185.143.73.175]
Jul  1 15:18:05 mail postfix/smtpd[15020]: disconnect from li1258-185.members.linode.com[45.79.159.185]
Jul  1 15:18:06 mail postfix/smtpd[15461]: connect from unknown[185.143.73.148]
Jul  1 15:18:07 mail postfix/smtpd[15019]: warning: unknown[212.70.149.82]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:18:07 mail postfix/smtpd[14030]: warning: unknown[46.38.150.72]: SASL LOGIN authentication failed: authentication failure
Jul  1 15:18:07 mail postfix/smtpd[14030]: disconnect from unknown[46.38.150.72]
Jul  1 15:18:07 mail postfix/smtpd[15019]: disconnect from unknown[212.70.149.82]
Jul  1 15:18:07 mail postfix/qmgr[6066]: 7146B139516: from=<[email protected]>, size=1079, nrcpt=1 (queue active)

答案1

在@MichaelHampton 的提示下,我最终意识到该问题与 Postfix 根本无关。

Mailpoet 使用 PHP 的stream_socket_client()函数连接到远程 SMTP 服务器。我编写了一个使用此函数和相同参数的测试脚本,并从 Kinsta 服务器和另外两个任意服务器尝试了该脚本。其他服务器连接正常,而 Kinsta 服务器超时。

与 Kinsta 支持人员进行了长时间的聊天后,很明显,Kinsta 运行的 Google Cloud 基础设施禁止所有到端口 25 的出站连接。

因此,最终的解决方案是编辑 Postfix 的 master.cf 文件以允许端口 587 上的连接,然后在 Mailpoet 中使用该端口。

感谢提供该解决方案的线索。

相关内容