Docker + Exim + Dovecot。不允许继电器
问题描述:
尝试使用this文章配置Exim邮件服务器。我可以在我的本地网络中使用这个服务器,但是当我尝试从互联网上使用它时,我会犯一些错误。端口10000-20000转换到服务器机器。我在CentOS 7的Docker镜像中所做的一切。也有CentOS 7的主机。Docker + Exim + Dovecot。不允许继电器
缩写:
- test_domain.tk - 我的测试域
- 为test1,test2的 - 测试用户
- [email protected] - 测试外部电子邮件
- 123.456.789.876 - 我外部IP(我有路由器与NAT)
- 10.0.7.30 - 码头的隧道
码头工人开始用命令:docker run -d --name mail -h test_domain.tk -p 10025:25 -p 10587:587 -p 10465:465 -p 10143:143 -p 10993:993 mail/server:localwork start_server
START_SERVER:
#!/bin/bash -e
/usr/sbin/dovecot && /usr/sbin/exim -v -bdf -q30m
/etc/exim/exim.conf文件:
primary_hostname = test_domain.tk
domainlist local_domains = @ : localhost : test_domain.tk
domainlist relay_to_domains =
hostlist relay_from_hosts =
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
av_scanner = clamd:/var/run/clamd.exim/clamd.sock
tls_advertise_hosts = *
tls_certificate = /etc/ssl/default.crt
tls_privatekey = /etc/ssl/default.key
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
allow_domain_literals
never_users = root
auth_advertise_hosts = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
begin acl
acl_check_mail:
deny condition = ${if eq{$sender_helo_name}{} {1}}
message = Nice boys say HELO first
warn condition = ${if eq{$sender_host_name}{} {1}}
set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
accept
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
acl_check_data:
warn condition = ${if !def:h_Message-ID: {1}}
set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
accept
acl_check_mime:
deny message = Blacklisted file extension detected
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
{1}{0}}
accept
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# if ipv6-enabled then instead use:
# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
begin transports
remote_smtp:
driver = smtp
remote_msa:
driver = smtp
port = 587
hosts_require_auth = *
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output
local_delivery:
driver = appendfile
directory = $home/Maildir
maildir_format
maildir_use_size_file
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
进出口日志:
8 LOG: MAIN
8 exim 4.84 daemon started: pid=8, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
16 LOG: host_lookup_failed MAIN
16 no host name found for IP address 123.456.789.876
16 LOG: MAIN REJECT
16 H=([10.0.7.30]) [123.456.789.876] X=SSLv3:DHE-RSA-AES128-SHA:128 F=<[email protected]_domain.tk> rejected RCPT <[email protected]>: relay not permitted
16 LOG: lost_incoming_connection MAIN
16 unexpected disconnection while reading SMTP command from ([10.0.7.30]) [123.456.789.876]
当我尝试从互联网连接时,邮件客户端中出现超时错误,并且在Exim中出现空日志。这可能是与路由器工作的问题。如何使它工作?
问我是否需要更多数据。提前致谢。
答
你有你的码头内部端口(例如10025)映射到标准的smtp端口(例如25),但你有倾向于标准端口,而不是映射内部端口。配置exim以在10025,10465,10587上侦听并查看行为是否改变。
答
根据这个古老的post似乎有反向DNS查询的问题。尝试禁用host_lookup
,看看是否可行:
host_lookup = 0.0.0.0/0
如果确实如此,你必须修复您的DNS设置映射正确的域名到您的主机。
它实际上是相反的,OP在主机上将端口10025映射到容器中的25个。 – 2015-02-14 03:00:13
如果是这样的话,它永远无法工作。外部没有任何东西会知道要传送到端口10025,而不是端口25,这是默认的SMTP端口。必须做的第一件事是修复他的容器端口映射,以便外部的25映射到内部正在监听的任何exim。 – 2015-02-16 13:54:59