CentOS 6.4 [postfix+dovecot] 可以发送外部邮件但不能接收

CentOS 6.4 [postfix+dovecot] 可以发送外部邮件但不能接收

我正在尝试在托管 weberver 的 centos 6.4 VPS 上设置带有 postfix、dovecot 和 roundcube/thunderbird 的邮件服务器...我遇到了这种情况:我可以正常发送和接收内部邮件。我可以正常发送外部邮件。但是我不能接收外部邮件。

这是我的配置,请帮我找出错误所在。

后配置-n

[root@server ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = mail.dvdplaza.org, dvdplaza.org, localhost
mydomain = dvdplaza.org
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination, dvdplaza.org
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces permit_sasl_authenticated permit_mx_backup
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

主机名、邮件名和主机

[root@server ~]# tail /etc/hostname
#vmi15086.contabo.net
server.dvdplaza.org
#mail.dvdplaza.org


[root@server ~]# tail /etc/mailname
#vmi15086.contabo.net
mail.dvdplaza.org


[root@server ~]# tail /etc/hosts
127.0.0.1       dvdplaza.org server localhost localhost.localdomain
::1     localhost.localdomain   localhost6      localhost       server
#193.37.152.191 vmi15086.contabo.net vmi15086 server
193.37.152.191 dvdplaza.org server
#193.37.152.191 mail.dvdplaza.org mail

这是对我的 DNS 的分析,它显示了一个 SOA 问题,我不知道这个 SOA 问题是否与未收到外部邮件有关,是吗?

http://dnscheck.pingdom.com/?domain=dvdplaza.org×tamp=1373033981&view=1

当我从 Gmail 向我的服务器发送测试邮件时,通常会在几个小时后返回 Gmail 报告:

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

     [email protected]

Message will be retried for 2 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720
[(10) mail.dvdplaza.org. [193.37.152.191]:25: Connection timed out]

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=fs5BZXsmeKZqyvz3lvwzDvtNXXhjQV7YMmXk8eqya6w=;
        b=LrOy9McpY2N+d5D8/LfclSSEQmc7tw+8z4U6aMediQ/P/UcOLuRc/7fcnINB3owUYG
         /QQPUkiFidvYfGITavd0GP9WsaJ768UKFh8vDfrpkjzmgMVezOV5Mvc5cgmtqv6egWaj
         ySlq30TL5NTdep3oalJ9bbS6h+hQSzLfNiVdZHyzMzzUGi+obctncvSdrmYY/gV713ug
         /jLxYuTb1XZ9hSeIlvJKXZXaQ/oVqfdipXgTGNYdcYJnF+WoxFNPJqaBB562yxe9VGCx
         ixKTyb49BZ30WMc3nACHfVqsWFHwGDeoEDcfHUykvoKTzotATVdgyVCcUr7msNDjrbUN
         Lddg==
MIME-Version: 1.0
X-Received: by 10.180.80.6 with SMTP id n6mr19727998wix.59.1372893611365; Wed,
 03 Jul 2013 16:20:11 -0700 (PDT)
Received: by 10.194.122.165 with HTTP; Wed, 3 Jul 2013 16:20:11 -0700 (PDT)
In-Reply-To: <CAPSKjGdzZhsfxPgXykCyT6d3gzx4=DjpOBGiZEt5kjWNNNWHmQ@mail.gmail.com>
References: <[email protected]>
        <CAPSKjGdzZhsfxPgXykCyT6d3gzx4=DjpOBGiZEt5kjWNNNWHmQ@mail.gmail.com>
Date: Wed, 3 Jul 2013 20:20:11 -0300
Message-ID: <CAPSKjGcNrgo-bKbih6xmjTOh5O1UYnaThjtOvhSGVD_rw+2V_A@mail.gmail.com>
Subject: Re: Test message from Roundcube
From: frytec <[email protected]>
To: [email protected]
Content-Type: multipart/alternative; boundary=14dae9cc955c0519ac04e0a3b46c

编辑

[root@server ~]# iptables -L 输入 -v -n

Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 ACCEPT     tcp  --  !lo    *       8.8.4.4              0.0.0.0/0           tcp dpt:53
        0     0 ACCEPT     udp  --  !lo    *       8.8.4.4              0.0.0.0/0           udp dpt:53
        0     0 ACCEPT     tcp  --  !lo    *       8.8.4.4              0.0.0.0/0           tcp spt:53
        2   142 ACCEPT     udp  --  !lo    *       8.8.4.4              0.0.0.0/0           udp spt:53
        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0           tcp dpt:53
        0     0 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0           udp dpt:53
        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0           tcp spt:53
      133 14101 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0           udp spt:53
     374K   34M LOCALINPUT  all  --  !lo    *       0.0.0.0/0            0.0.0.0/0       
     6534 1094K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0        
     120K 5585K INVALID    tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0        
     286K   18M ACCEPT     all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       17   964 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21
        2   104 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
        5   284 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9091
       49  2548 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:51413
       30  1352 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:30000:35000
        0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:20
        0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:21
    61759 7853K ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:51413
        8   860 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5
        0     0 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           icmp type 0 limit: avg 1/sec burst 5
        0     0 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           icmp type 11
        3   634 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           icmp type 3
     2982  308K LOGDROPIN  all  --  !lo    *       0.0.0.0/0            0.0.0.0/0

[root@server ~]# netstat -lanp | grep 25

tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      1561/master
tcp        0      0 :::25                       :::*                        LISTEN      1561/master
udp        0      0 2a02:c200:0:10:250:56f:51413 :::*                                    1092/transmission-d
unix  2      [ ACC ]     STREAM     LISTENING     9925   1561/master         public/flush

更新:mxtoolbox 的新状态

    SMTP Reverse Banner Check   OK - 193.37.152.191 resolves to ip-191-152-37-193.static.contabo.net

    SMTP Reverse DNS Mismatch   Warning - Reverse DNS does not match SMTP Banner    Ignore
    SMTP TLS    Warning - Does not support TLS.     Ignore
    SMTP Connection Time    0 seconds - Good on Connection time     
    SMTP Open Relay     OK - Not an open relay.     
    SMTP Transaction Time   15.152 seconds - Not good! on Transaction Time  Ignore
Session Transcript:

SendSMTPCommand: Timeout waiting for response after 15 seconds.

MXTB-PWS3v2 16335ms

答案1

很明显,防火墙没有打开 25 号端口。请打开该端口以接收入站流量。

答案2

看起来好像有什么东西(防火墙/ISP)阻塞了 25 端口。您能显示以下命令的输出吗?

# iptables -L INPUT -v -n
# netstat -lanp | grep 25

答案3

我建议在端口 25 上的 ext 接口上运行 tcpdump,看看是否有数据包到达你的系统

# tcpdump -nnpi eth0 tcp port 25

相关内容