Estou tentando configurar um servidor de e-mail no Ubuntu 16.04.5 LTS com o Postfix e o Dovecot.
Eu posso enviar e-mails sem nenhum problema e os e-mails enviados do host local também entram na caixa de entrada. No entanto, os e-mails enviados de fora (digamos, o Gmail) não estão aparecendo.
Há muitas perguntas semelhantes no serverfault e em outros sites, mas ainda não consigo fazê-lo funcionar.
Meu main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/MYDOMAIN.FI/fullchain.pem
smtpd_tls_key_file =/etc/letsencrypt/live/MYDOMAIN.FI/privkey.pem
smtpd_use_tls = yes
smtpd_tls_security_level=may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_protocols = !SSLv2, !SSLv3
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.MYDOMAIN.FI
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.MYDOMAIN.FI, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
Como você pode ver, eu uso um certificado SSL da letsencrypt.
Eu substituí meu domínio real por MYDOMAIN.FI caso haja algumas falhas horríveis que deixei na minha configuração por engano.
Ouput de sudo lsof -iTCP -sTCP:LISTEN -P
:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 29u IPv4 2041021 0t0 TCP *:143 (LISTEN)
systemd 1 root 44u IPv6 2041022 0t0 TCP *:143 (LISTEN)
systemd 1 root 56u IPv4 2041023 0t0 TCP *:993 (LISTEN)
systemd 1 root 59u IPv6 2041024 0t0 TCP *:993 (LISTEN)
sshd 1589 root 3u IPv4 14438 0t0 TCP *:22 (LISTEN)
sshd 1589 root 4u IPv6 14448 0t0 TCP *:22 (LISTEN)
mysqld 1870 mysql 22u IPv4 16248 0t0 TCP mail.MYDOMAIN.FI:330 6 (LISTEN)
apache2 1876 root 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 1876 root 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
miniserv. 2050 root 5u IPv4 16967 0t0 TCP *:10000 (LISTEN)
apache2 3762 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3762 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 3763 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3763 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 3766 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3766 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 3767 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3767 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 3771 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3771 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 3842 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3842 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 3843 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 3843 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
apache2 4465 www-data 4u IPv6 16115 0t0 TCP *:80 (LISTEN)
apache2 4465 www-data 6u IPv6 16119 0t0 TCP *:443 (LISTEN)
master 20916 root 13u IPv4 2039338 0t0 TCP *:25 (LISTEN)
master 20916 root 14u IPv6 2039339 0t0 TCP *:25 (LISTEN)
master 20916 root 28u IPv4 2044183 0t0 TCP *:465 (LISTEN)
master 20916 root 111u IPv6 2044184 0t0 TCP *:465 (LISTEN)
master 20916 root 114u IPv4 2044888 0t0 TCP *:587 (LISTEN)
master 20916 root 115u IPv6 2044889 0t0 TCP *:587 (LISTEN)
dovecot 21229 root 3u IPv4 2041021 0t0 TCP *:143 (LISTEN)
dovecot 21229 root 4u IPv6 2041022 0t0 TCP *:143 (LISTEN)
dovecot 21229 root 5u IPv4 2041023 0t0 TCP *:993 (LISTEN)
dovecot 21229 root 6u IPv6 2041024 0t0 TCP *:993 (LISTEN)
Ele lista o comando da porta 25 como "mestre" em vez de "postfix" . Não tenho certeza se isso é relevante.
Eu também notei que há o comando mysqld escutando mail.MYDOMAIN.FI:330
. Isso é normal?
Saída de netstat -tulpn
:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1870/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 20916/master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2050/perl
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 20916/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1589/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 20916/master
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init
tcp6 0 0 :::587 :::* LISTEN 20916/master
tcp6 0 0 :::143 :::* LISTEN 1/init
tcp6 0 0 :::80 :::* LISTEN 1876/apache2
tcp6 0 0 :::465 :::* LISTEN 20916/master
tcp6 0 0 :::22 :::* LISTEN 1589/sshd
tcp6 0 0 :::25 :::* LISTEN 20916/master
tcp6 0 0 :::443 :::* LISTEN 1876/apache2
tcp6 0 0 :::993 :::* LISTEN 1/init
udp 0 0 0.0.0.0:10000 0.0.0.0:* 2050/perl
udp 0 0 0.0.0.0:68 0.0.0.0:* 1195/dhclient
O domínio deve ser configurado corretamente. Posso usar serviços on-line como o link e link para verificar as portas e todas as conexões OK.
/etc/dovecot.conf
disable_plaintext_auth = no
mail_privileged_group = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
userdb {
driver = passwd
}
passdb {
args = %s
driver = pam
}
protocols = " imap"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl=required
ssl_cert = </etc/letsencrypt/live/MYDOMAIN.fi/fullchain.pem
ssl_key = </etc/letsencrypt/live/MYDOMAIN.fi/privkey.pem
log_path = /var/log/dovecot/dovecot.log
# Debug
mail_debug = yes
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
master.cfg:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
submission inet n - - - - smtpd -v
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
smtp inet n - y - - smtpd -v
smtps inet n - y - - smtpd -v
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
Alguma saída de log com verbose ativada:
Oct 30 11:21:08 mail postfix/smtpd[15895]: > mail-qt1-f180.google.com[209.85.160.180]: 250 DSN
Oct 30 11:21:08 mail postfix/smtpd[15895]: < mail-qt1-f180.google.com[209.85.160.180]: STARTTLS
Oct 30 11:21:08 mail postfix/smtpd[15895]: > mail-qt1-f180.google.com[209.85.160.180]: 220 2.0.0 Ready to start TLS
Oct 30 11:21:08 mail postfix/smtpd[15895]: send attr request = seed
Oct 30 11:21:08 mail postfix/smtpd[15895]: send attr size = 32
Oct 30 11:21:08 mail postfix/smtpd[15895]: private/tlsmgr: wanted attribute: status
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute name: status
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute value: 0
Oct 30 11:21:08 mail postfix/smtpd[15895]: private/tlsmgr: wanted attribute: seed
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute name: seed
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute value: 3dBahrjW0vbosyTKvktYBqwgAeKFMcaSFZXzLuCQJE8=
Oct 30 11:21:08 mail postfix/smtpd[15895]: private/tlsmgr: wanted attribute: (list terminator)
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute name: (end)
Oct 30 11:21:08 mail postfix/smtpd[15895]: send attr request = tktkey
Oct 30 11:21:08 mail postfix/smtpd[15895]: send attr keyname = [data 0 bytes]
Oct 30 11:21:08 mail postfix/smtpd[15895]: private/tlsmgr: wanted attribute: status
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute name: status
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute value: 0
Oct 30 11:21:08 mail postfix/smtpd[15895]: private/tlsmgr: wanted attribute: keybuf
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute name: keybuf
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute value: dyOgaB79c3WwkEvn7j2vy4l+BbNCdTfeefaIo1tc0RCukA/4SsmzUQMfefep4DH4T15cOEPT6EcbQ8Bvs9otmDdVPIJ0zxeiQUZqefefeSiabN9hbAAAAAA==
Oct 30 11:21:08 mail postfix/smtpd[15895]: private/tlsmgr: wanted attribute: (list terminator)
Oct 30 11:21:08 mail postfix/smtpd[15895]: input attribute name: (end)
Oct 30 11:21:08 mail postfix/smtpd[15895]: xsasl_dovecot_server_create: SASL service=smtp, realm=mail.MYDOMAIN.fi
Oct 30 11:21:08 mail postfix/smtpd[15895]: name_mask: noanonymous
Oct 30 11:21:08 mail postfix/smtpd[15895]: xsasl_dovecot_server_connect: Connecting
Oct 30 11:21:08 mail postfix/smtpd[15895]: warning: SASL: Connect to private/dovecot-auth failed: Connection refused
Oct 30 11:21:08 mail postfix/smtpd[15895]: fatal: no SASL authentication mechanisms