无法通过 Gmail 从 Postfix 发送电子邮件(连接到 smtp.google.com:连接超时)

无法通过 Gmail 从 Postfix 发送电子邮件(连接到 smtp.google.com:连接超时)

我想配置一个 Ubuntu Linode VPS,以便将 Fail2Ban、Apache ModSecurity 和其他监控工具的日志信息发送到我的电子邮件地址。但是,我不想配置整个电子邮件服务器:相反,我想利用 Gmail 作为中继,从那里发送我的所有电子邮件。基本上,所有内容都应该从我的 Ubuntu VPS 发送到 Gmail

考虑到这一点,我

  1. 在我的 Linode DNS 管理器中成功添加了相关的 Google MX 记录:如果我从我的个人电子邮件帐户向 address@<my_Linode_domain>.com 发送电子邮件,它就会到达。
  2. 请求 Linode解除对 SMTP 端口 25、465、587 的限制他们就照做了。
  3. 我按照本指南安装 Postfix 并将其配置为使用 Gmail。
  4. 在 UFW 上,我打开了端口 25、465 和 587 以允许传出通信。

之后,我尝试通过以下方式发送电子邮件:

mail -s "Mail from Linode activated" <my_personal_email>@gmail.com

但邮件从未发送。检查日志 ( less /var/log/mail.log) 后,我收到:

May  9 09:21:34 www postfix/qmgr[2127]: E4003695A6: from=<main_dev@<server_domain>>, size=556, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: 5D102695B3: from=<main_dev@<server_domain>>, size=462, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: 1F27C69735: from=<main_dev@<server_domain>>, size=462, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: DCBF76973C: from=<main_dev@<server_domain>>, size=475, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: 057EB6972C: from=<main_dev@<server_domain>>, size=464, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: F00AA6972D: from=<main_dev@<server_domain>>, size=436, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: 280D8695B0: from=<main_dev@<server_domain>>, size=450, nrcpt=1 (queue active)
May  9 09:21:34 www postfix/qmgr[2127]: DD85269734: from=<main_dev@<server_domain>>, size=464, nrcpt=1 (queue active)
May  9 09:22:04 www postfix/smtp[2130]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
May  9 09:22:04 www postfix/smtp[2132]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
May  9 09:22:04 www postfix/smtp[2133]: connect to smtp.google.com[74.125.138.27]:587: Connection timed out
May  9 09:22:04 www postfix/smtp[2134]: connect to smtp.google.com[142.251.15.26]:587: Connection timed out
May  9 09:22:04 www postfix/smtp[2135]: connect to smtp.google.com[74.125.138.27]:587: Connection timed out
May  9 09:22:24 www postfix/pickup[2126]: BC49569587: uid=1000 from=<main_dev>
May  9 09:22:24 www postfix/cleanup[2140]: BC49569587: message-id=<20230509142224.BC49569587@www.<server_domain>.com>
May  9 09:22:24 www postfix/qmgr[2127]: BC49569587: from=<main_dev@<server_domain>.com>, size=458, nrcpt=1 (queue active)
May  9 09:22:34 www postfix/smtp[2130]: connect to smtp.google.com[74.125.138.27]:587: Connection timed out
May  9 09:22:34 www postfix/smtp[2132]: connect to smtp.google.com[142.251.15.26]:587: Connection timed out
May  9 09:22:34 www postfix/smtp[2133]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out
May  9 09:22:34 www postfix/smtp[2134]: connect to smtp.google.com[142.251.15.27]:587: Connection timed out
May  9 09:22:35 www postfix/smtp[2135]: connect to smtp.google.com[64.233.176.27]:587: Connection timed out

我首先怀疑 Linode 实际上没有打开相关端口,所以我运行traceroute -n -T -p 25 gmail-smtp-in.l.google.com看看我的消息是否至少从服务器发出了。结果如下,我相信我的消息确实离开了服务器:

sudo traceroute -n -T -p 25 gmail-smtp-in.l.google.com
traceroute to gmail-smtp-in.l.google.com (64.233.176.27), 30 hops max, 60 byte packets
 1  10.204.4.35  0.087 ms  0.045 ms  0.030 ms
 2  10.204.35.30  0.212 ms 10.204.35.29  0.233 ms  0.225 ms
 3  10.204.64.37  0.156 ms 10.204.64.38  0.183 ms 10.204.64.37  0.150 ms
 4  74.207.239.106  0.309 ms  0.314 ms *
 5  23.203.144.38  0.630 ms 23.203.144.36  0.627 ms  0.611 ms
 6  23.203.144.49  2.603 ms 23.203.144.213  0.492 ms  0.502 ms
 7  108.170.249.108  1.093 ms * *
 8  108.170.249.33  1.401 ms 66.249.95.175  3.374 ms 209.85.246.230  0.542 ms
 9  108.170.249.98  0.569 ms 108.170.249.162  0.487 ms 108.170.249.98  1.030 ms
10  108.170.233.9  2.420 ms 142.251.51.7  2.765 ms 64.233.175.187  2.888 ms
11  * 142.251.51.108  1.729 ms *
12  216.239.63.221  3.175 ms 216.239.48.111  2.142 ms *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  64.233.176.27  1.151 ms *  1.189 ms

没有错误表明登录凭据错误,而且我使用应用程序密码登录 Google。但正如您所见,日志也不是很详细。

有谁见过类似的事情吗?

这是我的 Postfix 配置文件:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp_use_tls = yes
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = www.<my_hostname>.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, www.<domain>.com, localhost.<domain>.com, localhost
relayhost = smtp.google.com:587
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = ipv4

这些是我的 UFW 规则,但我怀疑这是一个防火墙问题,因为根据 traceroute,消息离开服务器并且关闭 UFW 不会改变输出:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
21/tcp                     DENY        Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
21/tcp (v6)                DENY        Anywhere (v6)             

25                         ALLOW OUT   Anywhere                  
465                        ALLOW OUT   Anywhere                  
587                        ALLOW OUT   Anywhere                  
25 (v6)                    ALLOW OUT   Anywhere (v6)             
465 (v6)                   ALLOW OUT   Anywhere (v6)             
587 (v6)                   ALLOW OUT   Anywhere (v6)

相关内容