我想配置一个 Ubuntu Linode VPS,以便将 Fail2Ban、Apache ModSecurity 和其他监控工具的日志信息发送到我的电子邮件地址。但是,我不想配置整个电子邮件服务器:相反,我想利用 Gmail 作为中继,从那里发送我的所有电子邮件。基本上,所有内容都应该从我的 Ubuntu VPS 发送到 Gmail。
考虑到这一点,我
- 在我的 Linode DNS 管理器中成功添加了相关的 Google MX 记录:如果我从我的个人电子邮件帐户向 address@<my_Linode_domain>.com 发送电子邮件,它就会到达。
- 请求 Linode解除对 SMTP 端口 25、465、587 的限制他们就照做了。
- 我按照本指南安装 Postfix 并将其配置为使用 Gmail。
- 在 UFW 上,我打开了端口 25、465 和 587 以允许传出通信。
之后,我尝试通过以下方式发送电子邮件:
mail -s "Mail from Linode activated" <my_personal_email>@gmail.com
但邮件从未发送。检查日志 ( less /var/log/mail.log
) 后,我收到:
May 9 09:21:34 www postfix/qmgr[2127]: E4003695A6: from=<main_dev@<server_domain>>, size=556, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: 5D102695B3: from=<main_dev@<server_domain>>, size=462, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: 1F27C69735: from=<main_dev@<server_domain>>, size=462, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: DCBF76973C: from=<main_dev@<server_domain>>, size=475, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: 057EB6972C: from=<main_dev@<server_domain>>, size=464, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: F00AA6972D: from=<main_dev@<server_domain>>, size=436, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: 280D8695B0: from=<main_dev@<server_domain>>, size=450, nrcpt=1 (queue active)
May 9 09:21:34 www postfix/qmgr[2127]: DD85269734: from=<main_dev@<server_domain>>, size=464, nrcpt=1 (queue active)
May 9 09:22:04 www postfix/smtp[2130]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
May 9 09:22:04 www postfix/smtp[2132]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
May 9 09:22:04 www postfix/smtp[2133]: connect to smtp.google.com[74.125.138.27]:587: Connection timed out
May 9 09:22:04 www postfix/smtp[2134]: connect to smtp.google.com[142.251.15.26]:587: Connection timed out
May 9 09:22:04 www postfix/smtp[2135]: connect to smtp.google.com[74.125.138.27]:587: Connection timed out
May 9 09:22:24 www postfix/pickup[2126]: BC49569587: uid=1000 from=<main_dev>
May 9 09:22:24 www postfix/cleanup[2140]: BC49569587: message-id=<20230509142224.BC49569587@www.<server_domain>.com>
May 9 09:22:24 www postfix/qmgr[2127]: BC49569587: from=<main_dev@<server_domain>.com>, size=458, nrcpt=1 (queue active)
May 9 09:22:34 www postfix/smtp[2130]: connect to smtp.google.com[74.125.138.27]:587: Connection timed out
May 9 09:22:34 www postfix/smtp[2132]: connect to smtp.google.com[142.251.15.26]:587: Connection timed out
May 9 09:22:34 www postfix/smtp[2133]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
May 9 09:22:34 www postfix/smtp[2134]: connect to smtp.google.com[142.251.15.27]:587: Connection timed out
May 9 09:22:35 www postfix/smtp[2135]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
我首先怀疑 Linode 实际上没有打开相关端口,所以我运行traceroute -n -T -p 25 gmail-smtp-in.l.google.com
看看我的消息是否至少从服务器发出了。结果如下,我相信我的消息确实离开了服务器:
sudo traceroute -n -T -p 25 gmail-smtp-in.l.google.com
traceroute to gmail-smtp-in.l.google.com (64.233.176.27), 30 hops max, 60 byte packets
1 10.204.4.35 0.087 ms 0.045 ms 0.030 ms
2 10.204.35.30 0.212 ms 10.204.35.29 0.233 ms 0.225 ms
3 10.204.64.37 0.156 ms 10.204.64.38 0.183 ms 10.204.64.37 0.150 ms
4 74.207.239.106 0.309 ms 0.314 ms *
5 23.203.144.38 0.630 ms 23.203.144.36 0.627 ms 0.611 ms
6 23.203.144.49 2.603 ms 23.203.144.213 0.492 ms 0.502 ms
7 108.170.249.108 1.093 ms * *
8 108.170.249.33 1.401 ms 66.249.95.175 3.374 ms 209.85.246.230 0.542 ms
9 108.170.249.98 0.569 ms 108.170.249.162 0.487 ms 108.170.249.98 1.030 ms
10 108.170.233.9 2.420 ms 142.251.51.7 2.765 ms 64.233.175.187 2.888 ms
11 * 142.251.51.108 1.729 ms *
12 216.239.63.221 3.175 ms 216.239.48.111 2.142 ms *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 64.233.176.27 1.151 ms * 1.189 ms
没有错误表明登录凭据错误,而且我使用应用程序密码登录 Google。但正如您所见,日志也不是很详细。
有谁见过类似的事情吗?
这是我的 Postfix 配置文件:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = www.<my_hostname>.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, www.<domain>.com, localhost.<domain>.com, localhost
relayhost = smtp.google.com:587
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = ipv4
这些是我的 UFW 规则,但我怀疑这是一个防火墙问题,因为根据 traceroute,消息离开服务器并且关闭 UFW 不会改变输出:
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
21/tcp DENY Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
25 ALLOW OUT Anywhere
465 ALLOW OUT Anywhere
587 ALLOW OUT Anywhere
25 (v6) ALLOW OUT Anywhere (v6)
465 (v6) ALLOW OUT Anywhere (v6)
587 (v6) ALLOW OUT Anywhere (v6)