Postfix邮件服务器拒绝来自外部邮件服务器的连接

我有一个SMTP监听端口587的Postfix服务器，外部邮件服务器（如Gmail）无法访问这些服务器，因此从GMail发送电子邮件到[email protected]时收到此邮件传递失败：

收件人服务器不接受我们的连接请求。 请通过以下url了解详情： https ： //support.google.com/mail/answer/7720 [mail.mydomain.tld MailServerIP：（ 有趣的是这里没有端口！） socket error]

----- Original message ----- DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=pEP+FUpQu4YrUIJfRtRY72qvieH+prFPrjpP+XncC+A=; b=xWURH+CuLyCB2dCkDZTmlncHMmvAaP24KwgoqUxur1FxRye7cJ4qAHYDjEQLGoecJO U3ka/qkBSwcDnCsrBZc+I4YL7sN6pRJvBatv/EXbYdwoczq8LoizXWuYKxprCgSiVKu5 3eFdaFN8dCBXJncp4mMMOzKwonqe1fO+zuV5fI3ef7TCgThEBiCwZrEFUlPb64MCkQzY wKu/gwKVS5yvO2MvD3IJQJeqmaj2kegC9zIIQo5w9w/HeS4wasyVU9bIAAuCG9azdiL6 wR9CzV95xHJYWv/3YUcB0CBMuL7vrelDlVlRddhrhJRV4jkzOHOYlgvDVhd0GPj7/Mib KqOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=pEP+FUpQu4YrUIJfRtRY72qvieH+prFPrjpP+XncC+A=; b=lSA5HbBTMeKoIOp7/ZuktmhmO67v/oN4gAlk6kJDlPj2ue9yCDx8s0IdBlF4QENiae HQqug+EqwxQItawgwYO8ZGmQDs1nPPjxLJdymIGHCdIF4G149fk0GSkbE3+yhwvGvTXj JPYFZpDeQvnLBy293t2lIkxk5GGvaC2w7gZvP3Pt6qZAFZvbVxGTOoKwqp+zJ7valQhr xvmImfSJAw2fzIzTXE4Or4XXsPXpP5i1rcmRwDwGk8qQnXoCVfZLoyaQBPq2J5ChWPR0 w5nLlVSVB7IFfwmRZEfVwVxjOvHCMbXtu1Eeyl1JZ88vfD0OvbSeWn7RwBSoLWZoOiVl EuYg== X-Gm-Message-State: AD7BkJJ4ZaGY+7wGDmRTWxi4nvS2OwcKWPrcxB9LMV0I1cD9DTnaAiMAC+1nFhQx0/W8no4EPXCNk7rU7gk8Eg== X-Received: by 10.28.44.9 with SMTP id s9mr11997524wms.96.1459775140100; Mon, 04 Apr 2016 06:05:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.53.66 with HTTP; Mon, 4 Apr 2016 06:05:00 -0700 (PDT) In-Reply-To: <[email protected]> References: <[email protected]> From: Name Family <[email protected]> Date: Mon, 4 Apr 2016 17:35:00 +0430 Message-ID: <CAB4H0ddCYD=FfL4JsZSoqJtsmNKew+v_5KFpKfCeeOb7GD6fxQ@mail.gmail.com> Subject: Re: test To: Name <[email protected]> Content-Type: multipart/alternative; boundary=001a113d9e02ad7f4f052fa86217 

另外，从外部ISP挖掘检查DNSlogging结果：

dig MX mydomain.tld ：

• Postfix sender_dependent_relayhost_maps：不要中继一个特定的地址
• 邮件服务器不能接收电子邮件，但可以发送电子邮件 – Postfix，Dovecot，Postgresql
• 使用后缀自动为用户创build虚拟电子邮件
• postfix sender_bcc_maps到本地邮箱
• 后缀允许localhost只有本地用户

 ;; ANSWER SECTION: mydomain.tld. 21599 IN MX 10 mail.mydomain.tld. 

然后， dig A mail.mydomain.tld结果：

 ;; ANSWER SECTION: mail.mydomain.tld. 21599 IN A proper.ip.address 

我已经能够在邮件服务器之间发送和接收本地帐户之间的电子邮件，并发送到外部邮件服务器，如GMail，但我不能从外部接收。

我的后缀configuration是：

 # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_un$ myhostname = mydomain.tld alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mydomain.tld, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only inet_protocols = all 

Master.cf内容：

 # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== 587 inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy #submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup unix n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - nn - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - nn - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - nn - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - nn - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} 

netstat -tulpn：

  Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 2050/stunnel4 tcp 0 0 0.0.0.0:21976 0.0.0.0:* LISTEN 877/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 907/named tcp 0 0 127.0.0.1:51101 0.0.0.0:* LISTEN 2310/irssi tcp 0 0 127.0.0.1:51102 0.0.0.0:* LISTEN 2292/rtorrent tcp 0 0 0.0.0.0:51103 0.0.0.0:* LISTEN 2292/rtorrent tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 879/dovecot tcp 0 0 0.0.0.0:51106 0.0.0.0:* LISTEN 2324/python tcp 0 0 0.0.0.0:51107 0.0.0.0:* LISTEN 2317/python tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 879/dovecot tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 963/mysqld tcp 0 0 0.0.0.0:1194 0.0.0.0:* LISTEN 1027/openvpn tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 11162/master tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 879/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 879/dovecot tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2224/perl tcp 0 0 0.0.0.0:4433 0.0.0.0:* LISTEN 2317/python tcp 0 0 0.0.0.0:21201 0.0.0.0:* LISTEN 656/vsftpd 

iptables -L：

 Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ctstate NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp spt:submission Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:smtp ctstate ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp spt:submission 

有人可以帮我吗？ 谢谢。