以下是我到目前为止的尝试:
1.)我在以下部分中将465 inet n – – – – smtpd添加到/etc/postfix/master.cf:
# Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd 465 inet n - - - - smtpd
2.)然后我通过键入systemctl stop postfix,然后输入systemctl start postfix,然后输入systemctl status postfix重新启动postfix.
3.)接下来,我将防火墙中的端口25和端口465分配给SMTP服务.我通过键入nc my.SERVER.ip.addr 465<测试确认防火墙允许端口465. / dev / null进入devBox终端,并看到它通过打印220 mydomain.com ESMTP Postfix回复.然后我测试了防火墙允许端口25通过从不同的服务器发送测试电子邮件并且看到它被该服务器接收,显然通过端口25来允许端口25进行SMTP访问. 4.)我确认我的devBox上的Thunderbird客户端在me@mydomain.com帐户中为传出的smtp设置了端口465,我试图使用我的devBox的Thunderbird客户端从服务器发送电子邮件. 5.)然后我在服务器终端中键入tcpdump -n -i任何tcp端口465,并在devBox终端中键入tcpdump -n -i任何tcp端口465. 6.)完成所有这些设置后,我尝试使用Thunderbird将测试电子邮件从me@mydomain.com发送到some_other_test_account@someotherdomain.com. Thunderbird在没有发送电子邮件的情况下超时,但是在两台机器的终端上都打印了以下tcpdump. 在SERVER中,这导致:
tcpdump: verbose output suppressed,use -v or -vv for full protocol decode listening on any,link-type LINUX_SLL (Linux cooked),capture size 65535 bytes 15:26:40.204817 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40555: Flags [S.],seq 1955299233,ack 152228482,win 14480,options [mss 1460,sackOK,TS val 1056230222 ecr 5576928,nop,wscale 7],length 0 15:26:40.293442 IP my.DEVBox.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [.],ack 1,win 115,options [nop,TS val 5577014 ecr 1056230222],length 0 15:26:40.293926 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40555: Flags [P.],seq 1:43,win 114,TS val 1056230312 ecr 5577014],length 42 15:26:40.298215 IP my.DEVBox.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [F.],seq 1,TS val 5577015 ecr 1056230222],length 0 15:26:40.298521 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40555: Flags [F.],seq 43,ack 2,TS val 1056230316 ecr 5577015],length 0 15:26:40.384890 IP my.DEVBox.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [.],ack 43,TS val 5577104 ecr 1056230312],length 0 15:26:40.389738 IP my.DEVBox.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [.],ack 44,TS val 5577113 ecr 1056230316],length 0 15:28:49.598741 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [S],seq 1432245308,win 14600,TS val 5706324 ecr 0,length 0 15:28:49.598807 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40557: Flags [S.],seq 706641072,ack 1432245309,TS val 1056359616 ecr 5706324,length 0 15:28:49.685239 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.],TS val 5706409 ecr 1056359616],length 0 15:28:49.685304 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [P.],seq 1:186,length 185 15:28:49.685328 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40557: Flags [.],ack 186,win 122,TS val 1056359703 ecr 5706409],length 0 15:28:49.700806 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40557: Flags [P.],TS val 1056359719 ecr 5706409],length 42 15:28:49.783363 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.],TS val 5706510 ecr 1056359719],length 0 15:28:49.783411 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40557: Flags [P.],seq 43:154,TS val 1056359801 ecr 5706510],length 111 15:28:49.868122 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.],ack 154,TS val 5706592 ecr 1056359801],length 0 15:30:36.430512 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [F.],seq 186,TS val 5813157 ecr 1056359801],length 0 15:30:36.430912 IP my.SERVER.ip.addr.urd > my.DEVBox.ip.addr.40557: Flags [F.],seq 154,ack 187,TS val 1056466449 ecr 5813157],length 0 15:30:36.513221 IP my.DEVBox.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.],ack 155,TS val 5813243 ecr 1056466449],length 0 ^C 19 packets captured 20 packets received by filter 0 packets dropped by kernel
在DEVBox,这导致:
tcpdump: verbose output suppressed,capture size 65535 bytes 12:32:00.232924 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [S.],length 0 12:32:00.232992 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.],length 0 12:32:00.233212 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [P.],length 185 12:32:00.319025 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [.],length 0 12:32:00.334311 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [P.],length 42 12:32:00.334359 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.],length 0 12:32:00.415529 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [P.],length 111 12:32:00.415586 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.],length 0 12:33:46.981077 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [F.],length 0 12:33:47.066884 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [F.],length 0 12:33:47.066946 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.],length 0 ^C 11 packets captured 12 packets received by filter 0 packets dropped by kernel
请注意,服务器输出中的前7项显示在先前的测试中,尽管tcpdump -n -i任何tcp端口465命令(服务器和devBox)同时运行.
请注意,在服务器上键入postconf -n会导致:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailBox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname,localhost.$mydomain,localhost newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550
此外,在服务器上键入postconf -M会导致:
smtp inet n - n - - smtpd 465 inet n - - - - smtpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache
该时间段内/ var / log / maillog的内容为:
Mar 3 15:22:05 mydomain postfix/postfix-script[8565]: starting the Postfix mail system Mar 3 15:22:05 mydomain postfix/master[8567]: daemon started -- version 2.10.1,configuration /etc/postfix Mar 3 15:23:40 mydomain postfix/smtpd[8572]: connect from unknown[my.DEVBox.ip.addr] Mar 3 15:25:26 mydomain postfix/smtpd[8572]: lost connection after UNKNOWN from unknown[my.DEVBox.ip.addr] Mar 3 15:25:26 mydomain postfix/smtpd[8572]: disconnect from unknown[my.DEVBox.ip.addr] Mar 3 15:26:40 mydomain postfix/smtpd[8572]: connect from unknown[my.DEVBox.ip.addr] Mar 3 15:26:40 mydomain postfix/smtpd[8572]: lost connection after CONNECT from unknown[my.DEVBox.ip.addr] Mar 3 15:26:40 mydomain postfix/smtpd[8572]: disconnect from unknown[my.DEVBox.ip.addr] Mar 3 15:28:49 mydomain postfix/smtpd[8578]: connect from unknown[my.DEVBox.ip.addr] Mar 3 15:30:36 mydomain postfix/smtpd[8578]: lost connection after UNKNOWN from unknown[my.DEVBox.ip.addr] Mar 3 15:30:36 mydomain postfix/smtpd[8578]: disconnect from unknown[my.DEVBox.ip.addr] Mar 3 15:33:40 mydomain postfix/anvil[8574]: statistics: max connection rate 1/60s for (465:my.DEVBox.ip.addr) at Mar 3 15:23:40 Mar 3 15:33:40 mydomain postfix/anvil[8574]: statistics: max connection count 1 for (465:my.DEVBox.ip.addr) at Mar 3 15:23:40 Mar 3 15:33:40 mydomain postfix/anvil[8574]: statistics: max cache size 1 at Mar 3 15:23:40
Thunderbird中的传出服务器设置是:
Description: <Not Specified> Server Name: mydomain.com Port: 465 User Name: me Authentication Method: Normal Password Connection Security: SSL/TLS
我解释这意味着阻塞是在后缀.那么为了获得postfix以允许远程客户端通过端口465发送同时仍然允许通过端口25从其他服务器接收邮件,我该如何更改?
编辑:
在/etc/postfix/main.cf中我取消注释以下行:
smtpd_tls_security_level = may
在/etc/postfix/master.cf中,我取消注释以下两行:
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
但是,当我尝试发送测试电子邮件时,Thunderbird回复了以下错误对话框:
Sending of message Failed. The message could not be sent because the connection to SMTP server mydomain.com was lost in the middle of the transaction. Try again or contact your network administrator.
编辑#2
根据Esa Jokinen的建议,我尝试了以下几个命令.
在DEVBox上,我输入了telnet mydomain.com 587并得到以下回复.请注意,即使终端中没有#,我添加输入的两行在它们前面都有#.我添加了#强调/清晰度:
Trying my.Server.ip.addr... Connected to mydomain.com. Escape character is '^]'. 220 mydomain.com ESMTP Postfix # EHLO mydomain.com 250-mydomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN # STARTTLS 454 4.7.0 TLS not available due to local problem
接下来,在SERVER上,我键入了openssl s_client -host localhost -port 587 -starttls smtp.这导致以下输出:
CONNECTED(00000003) 140634999289760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 244 bytes and written 284 bytes --- New,(NONE),Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
在SERVER上,我再次键入postconf -n,现在获得以下输出:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailBox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname,localhost newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_cert_file = </etc/pki/dovecot/certs/dovecot.pem smtpd_tls_key_file = </etc/pki/dovecot/private/dovecot.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes unknown_local_recipient_reject_code = 550
在SERVER上,我再次键入postconf -M并获得以下内容:
smtp inet n - n - - smtpd 587 inet n - - - - smtpd submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache
接下来,我尝试使用远程devBox上的Thunderbird客户端通过服务器发送电子邮件.在此测试之后,在SERVER中键入nano / var / log / maillog会给出:
Mar 4 11:57:19 mydomain postfix/smtpd[11029]: error: open database /etc/postfix/virtual.db: No such file or directory Mar 4 11:57:19 mydomain postfix/smtpd[11029]: warning: cannot get RSA certificate from file </etc/pki/dovecot/certs/dovecot.pem: disabling TLS support Mar 4 11:57:19 mydomain postfix/smtpd[11029]: warning: TLS library problem: 11029:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fope$ Mar 4 11:57:19 mydomain postfix/smtpd[11029]: warning: TLS library problem: 11029:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: Mar 4 11:57:19 mydomain postfix/smtpd[11029]: warning: TLS library problem: 11029:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa$ Mar 4 11:57:19 mydomain postfix/smtpd[11029]: connect from unknown[98.244.12.133] Mar 4 11:57:20 mydomain postfix/cleanup[11032]: 1FD8680B3BCE: message-id=<20150304165720.1FD8680B3BCE@mydomain.com> Mar 4 11:57:20 mydomain postfix/qmgr[10139]: 1FD8680B3BCE: from=<double-bounce@mydomain.com>,size=873,nrcpt=1 (queue active) Mar 4 11:57:20 mydomain postfix/smtpd[11029]: disconnect from unknown[98.244.12.133] Mar 4 11:57:20 mydomain postfix/local[11034]: 1FD8680B3BCE: to=<root@mydomain.com>,orig_to=<postmaster>,relay=local,delay=0.07,delays=0.04/0.01/0/0.0$ Mar 4 11:57:20 mydomain postfix/qmgr[10139]: 1FD8680B3BCE: removed
这些读数表明问题出在证书上.请注意,我使用了/etc/dovecot/conf.d/10-ssl.conf中指定的证书.在使用nano确认每个文件存在并包含加密代码后,我只剪切并粘贴了两个证书/密钥文件的URL.并且还要确保将密钥指向密钥并将证书指向证书.
我这样做了吗?
编辑#3
我更改了密钥文件的url引用
smtpd_tls_cert_file = </etc/pki/dovecot/certs/dovecot.pem smtpd_tls_key_file = </etc/pki/dovecot/private/dovecot.pem
至
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
我也删除了两个< /etc/dovecot/conf.d/10-ssl.conf中的符号. (在此测试开始之前的那两个符号.)接下来,我键入sudo nano打开bpth证书和密钥以确保它们在给定位置可访问,并且它们是.然后我尝试使用我的devBox上的Thunderbird客户端通过服务器发送另一封电子邮件.这导致Thunderbird请求我为未知证书添加例外.当我接受未知证书时,Thunderbird然后给了我一个连接超时对话框并且无法发送电子邮件,而以下内容被写入/ var / log / maillog:
Mar 4 14:08:28 mydomain postfix/postfix-script[11361]: stopping the Postfix mail system Mar 4 14:08:28 mydomain postfix/master[11293]: terminating on signal 15 Mar 4 14:08:33 mydomain postfix/postfix-script[11444]: starting the Postfix mail system Mar 4 14:08:33 mydomain postfix/master[11446]: daemon started -- version 2.10.1,configuration /etc/postfix Mar 4 14:08:44 mydomain postfix/smtpd[11451]: error: open database /etc/postfix/virtual.db: No such file or directory Mar 4 14:08:44 mydomain postfix/smtpd[11451]: connect from unknown[my.DEVBox.ip.addr] Mar 4 14:08:44 mydomain postfix/smtpd[11451]: warning: SASL: Connect to private/auth Failed: No such file or directory Mar 4 14:08:44 mydomain postfix/smtpd[11451]: fatal: no SASL authentication mechanisms Mar 4 14:08:45 mydomain postfix/master[11446]: warning: process /usr/libexec/postfix/smtpd pid 11451 exit status 1 Mar 4 14:08:45 mydomain postfix/master[11446]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
注意:
删除<来自< /etc/pki/dovecot/certs/dovecot.pem和< /etc/pki/dovecot/private/dovecot.pem在/etc/dovecot/conf.d/10-ssl.conf中导致JavaMail imap连接从服务器上运行的应用程序停止工作.但是把<回来修复了这个问题.这可能是指链接文件夹.
在master.cf上,这应该在端口587上启用安全性良好的提交(带有TLS身份验证的SMTP):
submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
如果不需要,只需删除smtpd_sender_login_maps即可. Dovecot特定的线条并不完全是Dovecot特有的.相反,Postfix使用Dovecot进行SASL身份验证,您应该设置它.
对于TLS,您还需要在main.cf中添加这些参数(并且可能用您自己的证书路径替换snakeoil):
# TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
通过这些修改,它可能也适用于SMTPS(465):
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot ...
我认为这些可能对您有用:
http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
https://www.vultr.com/docs/simple-mailserver-postfix-dovecot-sieve-centos-7