知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
客戶端反饋
SMTP ERROR: RCPT TO command failed: 501 5.1.3 Bad recipient address syntax 2015-09-23 08:06:12 SMTP Error: The following recipients failed: root@example.com: Bad recipient address syntax <strong>SMTP Error: The following recipients failed: root@example.com: Bad recipient address syntax
/var/log/maillog
Sep 23 16:12:00 smtp1 postfix/smtpd[982]: NOQUEUE: reject: RCPT from unknown[202.130.101.34]: 554 5.7.1 <netkiller@msn.com>: Relay access denied; from=<root@mail.example.com> to=<netkiller@msn.com> proto=ESMTP helo=<localhost.localdomain>
問題原因是 mynetworks 配置項沒有放行客戶端
[root@netkiller.github.io ~]# postconf | grep permit_mynetworks smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
設置mynetworks配置項,允許IP使用SMTP發送郵件
[root@netkiller.github.io ~]# postconf -n | grep mynetworks mynetworks = 202.130.101.34
問題分析,上面2607:f8b0:400e:c00::1a是IPv6地址,在google預設是ipv6,但大陸機房几乎不支持ipv6.
Aug 26 03:19:52 localhost postfix/smtp[6468]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c00::1a]:25: Network is unreachable Aug 26 03:19:53 localhost postfix/smtpd[6151]: connect from unknown[175.43.242.13]
解決方法禁用ipv6
postconf -e "inet_protocols = ipv4" systemctl reload postfix
發送電子郵件併進行DKIM簽名的前提是你郵件客戶端的IP地址在 TrustedHosts 列表中
Aug 26 03:52:36 localhost opendkim[5762]: 3012A802C1DD: [49.213.11.18] [49.213.11.18] not internal Aug 26 03:52:36 localhost opendkim[5762]: 3012A802C1DD: not authenticated Aug 26 03:52:36 localhost opendkim[5762]: 3012A802C1DD: no signature data
解決方法
添加 not internal IP地址到 /etc/opendkim/TrustedHosts 檔案中,然後reload opendkim 進程。
Aug 26 02:46:52 localhost postfix/smtpd[5441]: connect from unknown[202.130.101.34] Aug 26 02:46:53 localhost postfix/smtpd[5441]: 4CC5C802C382: client=unknown[202.130.101.34] Aug 26 02:46:53 localhost postfix/cleanup[5445]: 4CC5C802C382: message-id=<860176544.0.1472194012792@Server> Aug 26 02:46:53 localhost opendkim[12578]: 4CC5C802C382: [202.130.101.34] [202.130.101.34] not internal Aug 26 02:46:53 localhost opendkim[12578]: 4CC5C802C382: not authenticated Aug 26 02:46:53 localhost opendkim[12578]: 4CC5C802C382: no signature data Aug 26 02:46:53 localhost postfix/qmgr[4605]: 4CC5C802C382: from=<neo@netkiller.cn>, size=530, nrcpt=1 (queue active) Aug 26 02:46:53 localhost postfix/smtpd[5441]: disconnect from unknown[202.130.101.34] Aug 26 02:46:54 localhost postfix/smtp[5446]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c00::1b]:25: Network is unreachable Aug 26 02:46:54 localhost postfix/smtp[5446]: 4CC5C802C382: to=<netkiller@msn.com>, relay=gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=1.3, delays=0.57/0.01/0.41/0.27, dsn=2.0.0, status=sent (250 2.0.0 OK 1472194014 m185si19680934pfc.265 - gsmtp) Aug 26 02:46:54 localhost postfix/qmgr[4605]: 4CC5C802C382: removed
解決方案
[root@localhost ~]# egrep -v "^#|^$" /etc/opendkim.conf PidFile /var/run/opendkim/opendkim.pid Mode sv Syslog yes SyslogSuccess yes LogWhy yes UserID opendkim:opendkim Socket inet:8891@localhost Umask 002 SendReports yes SoftwareHeader yes Canonicalization relaxed/relaxed Selector default MinimumKeyBits 1024 KeyFile /etc/opendkim/keys/default.private KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable InternalHosts refile:/etc/opendkim/TrustedHosts OversignHeaders From
注意下面幾項配置
Mode sv (這裡預設是v便是校驗郵件但不簽名,s表示簽名郵件) KeyFile /etc/opendkim/keys/default.private KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable InternalHosts refile:/etc/opendkim/TrustedHosts
如果無法啟動請查看啟動日誌
# grep opendkim /var/log/messages Aug 25 01:24:57 localhost yum[10052]: Installed: libopendkim-2.10.3-7.el7.x86_64 Aug 25 01:25:00 localhost yum[10052]: Installed: opendkim-2.10.3-7.el7.x86_64 Aug 25 01:55:08 localhost opendkim: /etc/opendkim/keys/default.private: open(): No such file or directory Aug 25 01:55:08 localhost opendkim: opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory Aug 25 01:55:08 localhost systemd: opendkim.service: control process exited, code=exited status=78 Aug 25 01:55:08 localhost systemd: Unit opendkim.service entered failed state. Aug 25 01:55:08 localhost systemd: opendkim.service failed. Aug 25 01:56:10 localhost opendkim: /etc/opendkim/keys/default.private: open(): No such file or directory Aug 25 01:56:10 localhost opendkim: opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory Aug 25 01:56:10 localhost systemd: opendkim.service: control process exited, code=exited status=78 Aug 25 01:56:10 localhost systemd: Unit opendkim.service entered failed state. Aug 25 01:56:10 localhost systemd: opendkim.service failed.
修改配置檔案,指向你的密鑰檔案
KeyFile /etc/opendkim/keys/default.private
# Enable IPv4, and IPv6 if supported inet_protocols = all # 改為 inet_protocols = ipv4
NOQUEUE: reject: MAIL from unknown[192.168.3.31]: 552 5.3.4 Message size exceeds fixed limit;
查看 message_size_limit 配置,預設是 10MB
neo@netkiller ~ % postconf -d | grep message_size_limit message_size_limit = 10240000
neo@netkiller ~ % sudo postconf -e 'message_size_limit = 1024000000' neo@netkiller ~ % sudo systemctl reload postfix
message_size_limit 設置不合理
neo@netkiller ~ % sudo postconf -e 'message_size_limit = 10240000000'
Jul 10 08:22:43 netkiller postfix/smtpd[2820]: NOQUEUE: reject: RCPT from unknown[192.168.3.31]: 454 4.7.1 <netkiller@kindle.cn>: Relay access denied; from=<neo@netkiller.cn> to=<netkiller@kindle.cn> proto=ESMTP helo=<1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa>
neo@netkiller ~ % sudo postconf -e 'smtpd_recipient_restrictions=permit_mynetworks'
配置 permit_mynetworks 後,需要將網卡的IP地址配置到 mynetworks,這裡是 192.168.3.0/24
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.0/24
例 62.1. SMTP 伺服器配置實例
配置例子
neo@netkiller ~ % postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no compatibility_level = 2 inet_interfaces = all inet_protocols = all mailbox_size_limit = 0 message_size_limit = 10240000000 mydestination = $myhostname, netkiller.cn, mail.netkiller.cn, localhost myhostname = mail.netkiller.cn mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.0/24 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination permit_inet_interfaces smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes