Мой Postfix сервер работал нормально до последних дней, но теперь я не могу получать электронные письма извне (я имею в виду электронную почту с другим доменным именем, например, gmail). Я должен обратить внимание, что я могу отправлять электронную почту с сервера в Gmail.

Из того, что я видел, я думаю, что проблема может быть в моих правилах iptables:

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset

со следующим /etc/iptables/rules.v4 :

# Generated by iptables-save v1.4.14 on Tue Jun 28 02:59:45 2016
:INPUT DROP [4:160]
:OUTPUT ACCEPT [8850:1128793]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
# Completed on Tue Jun 28 02:59:45 2016
# Generated by iptables-save v1.4.14 on Tue Jun 28 02:59:45 2016
:PREROUTING ACCEPT [7537:917236]
:INPUT ACCEPT [7537:917236]
:OUTPUT ACCEPT [16961:1999319]
:POSTROUTING ACCEPT [16961:1999319]
# Completed on Tue Jun 28 02:59:45 2016
# Generated by iptables-save v1.4.14 on Tue Jun 28 02:59:45 2016
:OUTPUT ACCEPT [9344:563333]
# Completed on Tue Jun 28 02:59:45 2016

Более того, мой сервер, кажется, прослушивает 25 портов:

# netstat -an |grep 25
tcp        0      0    *               LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN     
unix  2      [ ]         DGRAM                    4255589627 /var/spool/postfix/dev/log
unix  15     [ ]         DGRAM                    4255589625 /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     4255652970 /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     4255590038 /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     4255711673 /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     4255711672 
unix  3      [ ]         STREAM     CONNECTED     4255711663 /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     4255711662 
unix  2      [ ]         DGRAM                    4255711642 
unix  3      [ ]         STREAM     CONNECTED     4255711639 /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     4255711638 
unix  2      [ ]         DGRAM                    4255711627 
unix  2      [ ]         DGRAM                    4255594798 
unix  2      [ ]         DGRAM                    4255590141 
unix  3      [ ]         STREAM     CONNECTED     4255590098 
unix  3      [ ]         STREAM     CONNECTED     4255590097 

и nmap на моем сервере (извне) возвращает:

Host is up (0.065s latency).
Not shown: 994 closed ports
22/tcp  open     ssh
80/tcp  open     http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open     https
445/tcp filtered microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 2.01 seconds

Наконец, вот мой /etc/postfix/master.cf :

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# Do not forget to execute "postfix reload" after editing this file.
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
  -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# ====================================================================
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
# ====================================================================
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
# ====================================================================
# Old example of delivery via Cyrus.
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# ====================================================================
# See the Postfix UUCP_README file for configuration details.
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# Other external delivery methods.
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

# spf postfix
policy  unix  -       n       n       -       -       spawn
        user=nobody argv=/usr/sbin/postfix-policyd-spf-perl

Вот ответ по электронной почте, полученный gmail, когда я отправлял gmail на свой постфиксный сервер:

This is an automatically generated Delivery Status Notification



Delivery to the following recipient has been delayed:


Message will be retried for 1 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720
[domain.com socket error]

Я не понимаю, почему netstat говорит мне, что он слушает порт 25, а nmap указывает, что этот порт не открыт.

Если бы кто-нибудь мог увидеть, что случилось, это было бы хорошо.

Заранее спасибо.

1 ответ1



iptables -I INPUT 5 -p tcp -m tcp --dport 25 -j ПРИНЯТЬ

Чтобы правило применялось немедленно.

Также отредактируйте ваш /etc/iptables/rules.v4 и сразу после правила с портом 443 добавьте

-A ВХОД -p tcp -m tcp --dport 25 -j ПРИНЯТЬ

