我最近更改了我的Postfix安装,使用TLS和由StartSSL颁发的证书。 然后,我运行SMTP和TLS检查没有错误或警告。 一切似乎工作正常。
我现在的问题是,接收邮件似乎并不适用于任何情况。 似乎有邮件服务器,我无法收到邮件。 这些例如亚马逊或暴雪。 在亚马逊的情况下,我的后缀日志有这样的说:
Jan 16 13:57:51 myhost postfix/smtpd[31551]: connect from mm-notify-out-127-214.amazon.com[176.32.127.214] Jan 16 13:57:51 myhost postfix/smtpd[31551]: lost connection after EHLO from mm-notify-out-127-214.amazon.com[176.32.127.214] Jan 16 13:57:51 myhost postfix/smtpd[31551]: disconnect from mm-notify-out-127-214.amazon.com[176.32.127.214] 从暴雪收到邮件时,日志看起来是一样的,只是缺less“丢失的连接”行。
我怀疑StartSSL证书可能不被这两家(也可能是更多的)公司所信任,而且我必须从一个大型的“可信任”的CA购买证书。
任何人都可以告诉我怀疑是否正确,或者在我的后缀configuration中是否有错误?
提前感谢您的帮助。
编辑:这是我从远程login会话的输出:
telnet host 587 Trying ip... Connected to host. Escape character is '^]'. 220 host ESMTP Postfix (Debian/GNU) ehlo host 250-host 250-PIPELINING 250-SIZE 134217728 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
编辑:启用了debug_peer_list的Postfix日志:
Jan 16 16:52:21 myhost postfix/smtpd[5712]: initializing the server-side TLS engine Jan 16 16:52:21 myhost postfix/tlsmgr[5714]: open smtpd TLS cache btree:/var/lib/postfix/smtpd_scache Jan 16 16:52:21 myhost postfix/tlsmgr[5714]: tlsmgr_cache_run_event: start TLS smtpd session cache cleanup Jan 16 16:52:21 myhost postfix/smtpd[5712]: connect from smtp-out-127-108.amazon.com[176.32.127.108] Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: auto_clnt_open: connected to private/anvil Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr request = connect Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr ident = smtp:176.32.127.108 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: count Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: count Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 1 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: rate Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: rate Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 1 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: (list terminator) Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: (end) Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 220 mail.myhost ESMTP Postfix (Debian/GNU) Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: EHLO smtp-out-127-108.amazon.com Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-mail.myhost Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-PIPELINING Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-SIZE 134217728 Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-VRFY Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-ETRN Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-STARTTLS Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-ENHANCEDSTATUSCODES Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-8BITMIME Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250 DSN Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: MAIL FROM:<[email protected]> SIZE=27930 Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 530 5.7.0 Must issue a STARTTLS command first Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: RSET Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 530 5.7.0 Must issue a STARTTLS command first Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: smtp_get: EOF Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr request = disconnect Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr ident = smtp:176.32.127.108 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: (list terminator) Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: (end) Jan 16 16:52:21 myhost postfix/smtpd[5712]: lost connection after EHLO from smtp-out-127-108.amazon.com[176.32.127.108] Jan 16 16:52:21 myhost postfix/smtpd[5712]: disconnect from smtp-out-127-108.amazon.com[176.32.127.108]
在logging节目时,您提供了STARTTLS,并且如您指定smtp_tls_security_level=encrypt您的服务器将不接受未encryption的邮件连接。
这由postfix手册确认:
在“encryption”TLS安全级别上,消息仅通过TLSencryption会话发送。 除非远程SMTP服务器支持STARTTLS ESMTPfunction,否则中止SMTP事务。
如何获得关于这个问题的更多信息是一个秘诀
尝试获取有关传入的SMTP连接导致问题的更多debugging信息。 使用debug_peer_listconfiguration选项:
debug_peer_list = amazon.com