Home | 簡體中文 | 繁體中文 | 雜文 | 知乎專欄 | Github | OSChina 博客 | 雲社區 | 雲棲社區 | Facebook | Linkedin | 視頻教程 | 打賞(Donations) | About
知乎專欄多維度架構 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者”

62.9. FAQ

62.9.1. SMTP ERROR: RCPT TO command failed: 501 5.1.3 Bad recipient address syntax

客戶端反饋

			
SMTP ERROR: RCPT TO command failed: 501 5.1.3 Bad recipient address syntax
2015-09-23 08:06:12	SMTP Error: The following recipients failed: root@example.com: Bad recipient address syntax
<strong>SMTP Error: The following recipients failed: root@example.com: Bad recipient address syntax			
			
			

/var/log/maillog

			
Sep 23 16:12:00 smtp1 postfix/smtpd[982]: NOQUEUE: reject: RCPT from unknown[202.130.101.34]: 554 5.7.1 <netkiller@msn.com>: Relay access denied; from=<root@mail.example.com> to=<netkiller@msn.com> proto=ESMTP helo=<localhost.localdomain>
			
			

問題原因是 mynetworks 配置項沒有放行客戶端

				[root@netkiller.github.io ~]# postconf | grep permit_mynetworks
				smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
			

設置mynetworks配置項,允許IP使用SMTP發送郵件

				[root@netkiller.github.io ~]# postconf -n | grep mynetworks
				mynetworks = 202.130.101.34
			

62.9.2. connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c00::1a]:25: Network is unreachable

問題分析,上面2607:f8b0:400e:c00::1a是IPv6地址,在google預設是ipv6,但大陸機房几乎不支持ipv6.

				Aug 26 03:19:52 localhost postfix/smtp[6468]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c00::1a]:25: Network is unreachable
				Aug 26 03:19:53 localhost postfix/smtpd[6151]: connect from unknown[175.43.242.13]
			

解決方法禁用ipv6

				postconf -e "inet_protocols = ipv4"
				systemctl reload postfix
			

62.9.3. opendkim[5762]: 3012A802C1DD: [49.213.11.18] [49.213.11.18] not internal

發送電子郵件併進行DKIM簽名的前提是你郵件客戶端的IP地址在 TrustedHosts 列表中

				Aug 26 03:52:36 localhost opendkim[5762]: 3012A802C1DD: [49.213.11.18] [49.213.11.18] not internal
				Aug 26 03:52:36 localhost opendkim[5762]: 3012A802C1DD: not authenticated
				Aug 26 03:52:36 localhost opendkim[5762]: 3012A802C1DD: no signature data
			

解決方法

添加 not internal IP地址到 /etc/opendkim/TrustedHosts 檔案中,然後reload opendkim 進程。

62.9.4. opendkim[12578]: 4CC5C802C382: no signature data

			
Aug 26 02:46:52 localhost postfix/smtpd[5441]: connect from unknown[202.130.101.34]
Aug 26 02:46:53 localhost postfix/smtpd[5441]: 4CC5C802C382: client=unknown[202.130.101.34]
Aug 26 02:46:53 localhost postfix/cleanup[5445]: 4CC5C802C382: message-id=<860176544.0.1472194012792@Server>
Aug 26 02:46:53 localhost opendkim[12578]: 4CC5C802C382: [202.130.101.34] [202.130.101.34] not internal
Aug 26 02:46:53 localhost opendkim[12578]: 4CC5C802C382: not authenticated
Aug 26 02:46:53 localhost opendkim[12578]: 4CC5C802C382: no signature data
Aug 26 02:46:53 localhost postfix/qmgr[4605]: 4CC5C802C382: from=<neo@netkiller.cn>, size=530, nrcpt=1 (queue active)
Aug 26 02:46:53 localhost postfix/smtpd[5441]: disconnect from unknown[202.130.101.34]
Aug 26 02:46:54 localhost postfix/smtp[5446]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c00::1b]:25: Network is unreachable
Aug 26 02:46:54 localhost postfix/smtp[5446]: 4CC5C802C382: to=<netkiller@msn.com>, relay=gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=1.3, delays=0.57/0.01/0.41/0.27, dsn=2.0.0, status=sent (250 2.0.0 OK 1472194014 m185si19680934pfc.265 - gsmtp)
Aug 26 02:46:54 localhost postfix/qmgr[4605]: 4CC5C802C382: removed
			
			

解決方案

				[root@localhost ~]# egrep -v "^#|^$" /etc/opendkim.conf
				PidFile /var/run/opendkim/opendkim.pid
				Mode sv
				Syslog yes
				SyslogSuccess yes
				LogWhy yes
				UserID opendkim:opendkim
				Socket inet:8891@localhost
				Umask 002
				SendReports yes
				SoftwareHeader yes
				Canonicalization relaxed/relaxed
				Selector default
				MinimumKeyBits 1024
				KeyFile /etc/opendkim/keys/default.private
				KeyTable /etc/opendkim/KeyTable
				SigningTable refile:/etc/opendkim/SigningTable
				InternalHosts refile:/etc/opendkim/TrustedHosts
				OversignHeaders From
			

注意下面幾項配置

				Mode sv (這裡預設是v便是校驗郵件但不簽名,s表示簽名郵件)
				KeyFile /etc/opendkim/keys/default.private
				KeyTable /etc/opendkim/KeyTable
				SigningTable refile:/etc/opendkim/SigningTable
				InternalHosts refile:/etc/opendkim/TrustedHosts
			

62.9.5. /etc/opendkim/keys/default.private: open(): No such file or directory

如果無法啟動請查看啟動日誌

				# grep opendkim /var/log/messages
				Aug 25 01:24:57 localhost yum[10052]: Installed: libopendkim-2.10.3-7.el7.x86_64
				Aug 25 01:25:00 localhost yum[10052]: Installed: opendkim-2.10.3-7.el7.x86_64
				Aug 25 01:55:08 localhost opendkim: /etc/opendkim/keys/default.private: open(): No such file or directory
				Aug 25 01:55:08 localhost opendkim: opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory
				Aug 25 01:55:08 localhost systemd: opendkim.service: control process
				exited, code=exited status=78
				Aug 25 01:55:08 localhost systemd: Unit opendkim.service entered failed state.
				Aug 25 01:55:08 localhost systemd: opendkim.service failed.
				Aug 25 01:56:10 localhost opendkim: /etc/opendkim/keys/default.private: open(): No such file or directory
				Aug 25 01:56:10 localhost opendkim: opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory
				Aug 25 01:56:10 localhost systemd: opendkim.service: control process exited, code=exited status=78
				Aug
				25 01:56:10 localhost systemd: Unit opendkim.service entered failed state.
				Aug 25 01:56:10 localhost systemd: opendkim.service failed.
			

修改配置檔案,指向你的密鑰檔案

				KeyFile /etc/opendkim/keys/default.private
			

62.9.6. fatal: parameter inet_interfaces: no local interface found for ::1

			
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# 改為
inet_protocols = ipv4
			
			

62.9.7. NOQUEUE: reject: MAIL from unknown[192.168.3.31]: 552 5.3.4 Message size exceeds fixed limit;

			
NOQUEUE: reject: MAIL from unknown[192.168.3.31]: 552 5.3.4 Message size exceeds fixed limit;			
			
			

查看 message_size_limit 配置,預設是 10MB

			
neo@netkiller ~ % postconf -d | grep message_size_limit
message_size_limit = 10240000		
			
			
			
neo@netkiller ~ % sudo postconf -e 'message_size_limit = 1024000000'
neo@netkiller ~ % sudo systemctl reload postfix
			
			

62.9.8. 452 4.3.1 Insufficient system storage

message_size_limit 設置不合理

			
neo@netkiller ~ % sudo postconf -e 'message_size_limit = 10240000000'	
			
			

62.9.9. 454 Relay access denied

			
Jul 10 08:22:43 netkiller postfix/smtpd[2820]: NOQUEUE: reject: RCPT from unknown[192.168.3.31]: 454 4.7.1 <netkiller@kindle.cn>: Relay access denied; from=<neo@netkiller.cn> to=<netkiller@kindle.cn> proto=ESMTP helo=<1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa>			
			
			

			
neo@netkiller ~ % sudo postconf -e 'smtpd_recipient_restrictions=permit_mynetworks' 
			
			

配置 permit_mynetworks 後,需要將網卡的IP地址配置到 mynetworks,這裡是 192.168.3.0/24

			
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.0/24
			
			

例 62.1. SMTP 伺服器配置實例

配置例子

			
neo@netkiller ~ % postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
message_size_limit = 10240000000
mydestination = $myhostname, netkiller.cn, mail.netkiller.cn, localhost
myhostname = mail.netkiller.cn
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination permit_inet_interfaces
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes