我在server1和server2上都安装了sendmail。他们使用相同的配置文件:sendmail.mc。我可以使用PC上的电子邮件客户端向同一台服务器上的用户发送/接收邮件。但我无法向其他服务器上的用户发送电子邮件。例如,我无法使用电子邮件客户端从aaa@server1domain.com向bbb@server2domain.com发送电子邮件。我已将PC的IP地址添加到server1上的/ etc / mail / access(Connect:zz.zz.zz.zz RELAY)并重建了access.db。查看/ var / log / maillog,server1上的sendmail成功接受了来自PC的邮件,但在连接到server2时等了很长时间
Apr 3 07:21:06 server1 sendmail [19771]:v33BKxfr019769:server1.xxxxx.com上的SMTP传出连接
然后超时:
Apr 3 07:26:06 server1 sendmail [19771]:v33BKxfr019769:超时等待来自server2domain.com的输入。在客户问候期间
Apr 3 07:26:06 server1 sendmail [19771]:v33BKxfr019769:to =,ctladdr =(501/501),delay = 00:05:04,xdelay = 00:05:00,mailer = esmtp,pri = 121178,relay = server2domain.com。 [yy.yy.yy.yy],dsn = 4.0.0,stat =延期:与server2domain.com的连接超时。
在server2上,日志为:
Apr 3 07:18:02 server2 sendmail [20121]:v33BI2Os020121:已分配ID
Apr 3 07:18:02 server2 sendmail [20121]:NOQUEUE:从[xx.xx.xx.xx]连接
Apr 3 07:18:02 server2 sendmail [20121]:AUTH:available mech = ANONYMOUS, 允许mech = EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
Apr 3 07:18:02 server2 sendmail [20121]:v33BI2Os020121:Milter:没有活动过滤器
Apr 3 07:23:02 server2 sendmail [20121]:STARTTLS =服务器,信息:fds = 6/4,错误= 5
Apr 3 07:23:02 server2 sendmail [20121]:STARTTLS =服务器,错误:接受失败= 0,SSL_error = 5,错误= 0,重试= -1,中继= [xx.xx.xx.xx ]
Apr 3 07:23:02 server2 sendmail [20121]:v33BI2Os020121:断开级别1
Apr 3 07:23:02 server2 sendmail [20121]:v33BI2Os020121:在后台,pid = 20121
Apr 3 07:23:02 server2 sendmail [20121]:v33BI2Os020121:[xx.xx.xx.xx]在连接到MTA-SSL期间未发出MAIL / EXPN / VRFY / ETRN
我可以使用openssl命令成功向server1上的server2发送电子邮件,而无需输入用户名/密码。 sendmail.mc是:
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCRL', `/etc/pki/tls/certs/revoke.crl')
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl
CLIENT_OPTIONS(`Family=inet')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 465')
define(`ESMTP_MAILER_ARGS', `TCP $h 465')
MAILER(smtp)dnl
MAILER(procmail)dnl
两个sendmail都在端口465上侦听。我怀疑这个问题与auth有关,但不知道原因。
请帮助,谢谢!
采用Andrzej A. Filip的建议并删除sendmail.mc中的两行后,在server1上登录时出现以下错误:
Apr 3 13:02:25 server sendmail [19927]:v33BKxfr019769:makeconnection(server2domain.com。[yy.yy.yy.yy])失败:server2domain.com拒绝连接。 4月3日13:02:25服务器sendmail [19927]:v33BKxfr019769:makeconnection(server2domain.com。[yy.yy.yy.yy])失败:server2domain.com拒绝连接。 4月3日13:02:25服务器sendmail [19927]:v33BKxfr019769:to =,ctladdr =(501/501),delay = 05:41:23,xdelay = 00:00:01,mailer = esmtp,pri = 301178,中继= server2domain.com。 [yy.yy.yy.yy],dsn = 4.0.0,stat = Deferred:server2domain.com拒绝连接。
server2上没有记录任何消息。
我认为如果没有这两行,server1上的sendmail将尝试通过端口25连接server2,而不是sendmail正在侦听的端口465。
答案 0 :(得分:0)
smtps(465)在任何SMTP级别通信之前启动SSL会话。 AFAIR sendmail本身不支持传出连接 删除以下两行,将sendmail.mc重新编译为sendmail.cf,重启或(发送信号)HUP你的sendmail守护进程。
define(`RELAY_MAILER_ARGS', `TCP $h 465')
define(`ESMTP_MAILER_ARGS', `TCP $h 465')