Ubuntu 服务器 18.04.6 LTS,带有功能齐全的 postfix/dovecot 邮件服务器。当使用手机发送邮件时,用户 Joe 收到以下信息错误:
An error occurred while sending mail. The mail server responded:
4.7.25 Client host rejected: cannot find your hostname, [178.197.200.200].
Please check the message recipient "[email protected]" and try again.
以下内容/var/log/mail.log
Oct 24 08:49:23 vps postfix/submission/smtpd[25163]: connect from unknown[178.197.200.200]
Oct 24 08:49:23 vps postfix/submission/smtpd[25163]: NOQUEUE: reject: RCPT from unknown[178.197.200.200]: 450 4.7.25 Client host rejected: cannot find your hostname, [178.197.200.200]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.184.19]>
当他回到家并使用另一家 ISP 时,邮件就正确发送了。 /var/log/mail.log内容如下:
Oct 24 08:59:21 vps postfix/submission/smtpd[25331]: connect from 84-75-202-59.dclient.hispeed.ch[84.75.202.59]
Oct 24 08:59:22 vps postfix/submission/smtpd[25331]: 386394150E: client=84-75-202-59.dclient.hispeed.ch[84.75.202.59], sasl_method=PLAIN, [email protected]
Oct 24 08:59:22 vps postfix/cleanup[25335]: 386394150E: message-id=<[email protected]>
Oct 24 08:59:22 vps postfix/qmgr[6203]: 386394150E: from=<[email protected]>, size=1105, nrcpt=1 (queue active)
起初我以为提交端口可能被 ISP 阻止了,但我不明白为什么在这种情况下邮件服务器仍然可以访问。
在 /etc/postfix/main.cf 中我设置了以下限制:
smtpd_client_restrictions =
permit_mynetworks
reject_unknown_client_hostname
check_client_access hash:/etc/postfix/access_client
smtpd_helo_restrictions =
permit_mynetworks
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
check_helo_access hash:/etc/postfix/access_helo
smtpd_sender_restrictions =
permit_mynetworks
reject_unknown_sender_domain
reject_non_fqdn_sender
check_sender_access hash:/etc/postfix/access_sender
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
我可以允许unknown_client_hostname,但让任何人的冰箱连接到这里难道不会损害安全性吗?可以删除 和 的限制reject_non_fqdn_helo_hostname 并reject_invalid_helo_hostname让用户进行身份验证吗?这意味着给机器人一个尝试获取凭据的机会。
在这种情况下,有没有办法允许用户发送邮件而不牺牲安全性?