由 SuKai July 16, 2022
各大邮件服务商都有严格的反垃圾邮件规则,一旦IP或者域名进入了垃圾邮件黑名单,那么各大厂商都会拒收来自这个IP或者域名的所有邮件,并且只有解决掉垃圾邮件问题才能从黑名单中移除,无法申诉黑名单例外。所以几乎所有云平台厂商都默认禁止使用云平台的IP向外发送邮件,业务需要时可以申请并遵守协议才开放有限的IP发送邮件。那么有什么技术解决方案,满足用户发送邮件的需求呢?一些云平台厂商提供了SMTP中继服务,用户可将邮件通过云平台的中继服务器代发邮件,中继服务器在进行垃圾邮件过滤后再转发出去。
下面我们看一下如何使用Postfix搭建邮件中继服务器,搭建邮件中继服务器过程如下:
1,生成TLS证书,SMTP使用安全连接传输邮件。
2,安装Postfix,提供邮件发送服务。
3,安装dovecot,用于Postfix的SMTP服务认证smtp-auth。
4,安装spamassassin,用于垃圾邮件扫描。
5,用户配置路由,使用中继服务器发送邮件。
基本概念
Smarthost/SMTP relay
SMTP是简单邮件发送协议简称,SMTP relay,SMTP中继,SMTP relay提供邮件代发服务,用户的邮件服务器通过配置,将邮件发送到SMTP relay服务器,SMTP relay服务器将邮件发送到目的邮件服务器。Smarthost也是SMTP relay服务,smarthost需要认证才能使用代发服务,面向部分特定用户。中继服务器一般只提供SMTP发送邮件服务,不提供IMAP/POP3邮箱服务。
SASL
Simple Authentication and Security Layer, 简单验证和安全层,SASL为应用程序和共享库的开发者提供了用于验证、数据完整性检查和加密的机制。SASL特别适用于使用SMTP、IMAP应用程序,SMTP、IMAP这些协议全都支持SASL。SASL对用户使用两个重要的标识符,验证ID(authid)用于验证用户的用户ID,授予用户系统访问权限。授权ID(userid)用于检查是否允许用户使用特定选项。SASL客户端和服务器应用程序协商SASL机制和安全级别,双方协商验证机制后,交换验证数据进行验证。
SMTP over SSL/TLS
SSL(Secure Socket Layer)是加密传输层,TLS(Transport Layer Security)是SSL的升级版,提供更好的安全性和性能。STARTTLS是升级非安全连接为安全连接的协议,当服务端支持时,客户端和服务端协商将已经建立的连接升级到SSL加密。
设置主机名和DNS
DNS中添加主机名解析,同时在域名的SPF记录中添加允许这台中继服务器发送邮件。
# 主机名配置FQDN域名
root@mx1:~# vi /etc/hostname
mx1.primebooksnepal.com
# 在DNS上添加A记录解析主机名
root@mx1:~# dig mx1.primebooksnepal.com +short
220.182.46.201
root@mx1:~# dig txt primebooksnepal.com +short
"v=spf1 +a +mx +ip4:103.98.131.78 +ip4:220.182.46.201 include:_spf.google.com -all"
"google-site-verification=z0qEJnwgxS04QWO_g_jlKLQCDKeqskPgMddZ39HI8-c"
root@mx1:~#
安装Let’s encrypt
通过DNS认证方式生成SSL证书,CA证书 /etc/letsencrypt/live/mx1.primebooksnepal.com/fullchain.pem,私有key /etc/letsencrypt/live/mx1.primebooksnepal.com/key.pem。certbot会自动创建任务进行证书更新。
root@mx1:~# apt install certbot
root@mx1:~# certbot certonly --manual --rsa-key-size 4096 --agree-tos --preferred-challenges dns -d mx1.primebooksnepal.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for mx1.primebooksnepal.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.mx1.primebooksnepal.com with the following value:
YSTOaSM3KyIEklYNcOuHM4O9bQVMh0G6RZWFpYxe5s4
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mx1.primebooksnepal.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mx1.primebooksnepal.com/privkey.pem
Your cert will expire on 2022-10-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@mx1:~# cat /etc/cron.d/certbot
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
安装Postfix
apt install postfix sasl2-bin mailutils
Postfix configuration
1, mail server configuration type选择Internet site
2,system mail name填写域名primebooksnepal.com
配置Postfix
/etc/postfix/main.cf配置TLS,Dovecot
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# 使用TLS加密传输连接
smtpd_tls_cert_file=/etc/letsencrypt/live/mx1.primebooksnepal.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mx1.primebooksnepal.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# 使用dovecot用户认证
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
# 配置smtpd的约束限制条件,permit允许,reject拒绝,defer婉拒
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mx1.primebooksnepal.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, primebooksnepal.com, mx1.primebooksnepal.com, localhost.primebooksnepal.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 103.98.131.78
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
/etc/postfix/master.cf配置Postfix邮件处理过程,这个配置文件用来协调各个组件的工作。
定义spamassassin服务,spamassassin服务执行spamd命令进行垃圾邮件扫描。
修改smtp服务,添加content_filter参数调用spamassassin服务。
修改submission服务,开启sasl认证dovecot,使用tls安全连接。
smtp inet n - y - - smtpd
-o content_filter=spamassassin
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
配置文件验证
使用postconf命令查看配置
root@mx1:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = $myhostname, primebooksnepal.com, mx1.primebooksnepal.com, localhost.primebooksnepal.com, localhost
myhostname = mx1.primebooksnepal.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 103.98.131.78
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx1.primebooksnepal.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mx1.primebooksnepal.com/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
root@mx1:~#
root@mx1:~#
root@mx1:~# postconf -Mf
smtp inet n - y - - smtpd
-o content_filter=spamassassin
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks,
reject_non_fqdn_hostname, reject_invalid_hostname, permit -o
smtpd_sender_restrictions=permit_sasl_authenticated,reject -o
smtpd_recipient_restrictions= -o
smtpd_relay_restrictions=permit_sasl_authenticated,reject -o
milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks,
reject_non_fqdn_hostname, reject_invalid_hostname, permit -o
smtpd_sender_restrictions=permit_sasl_authenticated,reject -o
smtpd_recipient_restrictions= -o
smtpd_relay_restrictions=permit_sasl_authenticated,reject -o
milter_macro_daemon_name=ORIGINATING
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe flags=FR
user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
${user}
spamassassin unix - n n - - pipe user=spamd
argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
root@mx1:~#
安装dovecot
apt install dovecot-core dovecot-pop3d dovecot-imapd
配置dovecot
因为我们是搭建SMTP中继服务,只用到dovecot的认证功能,不需要使用dovecot的mailbox邮箱功能,所以配置上比较简单。dovecot支持数据库存储管理虚拟用户。
vi /etc/dovecot/dovecot.conf
listen = *, ::
# 因为我们只用到认证服务,所以只配置auth服务,其他服务不配置。因为是中继服务认证,所以只配置smtp-auth认证。通过设置port = 0禁用pop,imap服务。
vi /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
#port = 143
port = 0
}
inet_listener imaps {
#port = 993
#ssl = yes
port = 0
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
service pop3-login {
inet_listener pop3 {
#port = 110
port = 0
}
inet_listener pop3s {
#port = 995
#ssl = yes
port = 0
}
}
service auth {
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}
# 不用TLS连接禁止plaintext认证,认证机制plain,使用系统用户认证。因为使用了TLS加密安全连接,所以使用plain认证也没有问题。
vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-system.conf.ext
创建系统用户
adduser sukai --disabled-login
# 验证用户认证
root@mx1:~# doveadm auth login sukai
Password:
passdb: sukai auth succeeded
extra fields:
user=sukai
userdb extra fields:
sukai
system_groups_user=sukai
uid=1000
gid=1000
home=/home/sukai
安装spamassassin
spamassassin使用打分制,当邮件分数大于设定值,标记邮件为垃圾邮件。
apt install spamassassin spamc
adduser spamd --disabled-login
vi /etc/default/spamassassin
HOMEDIR="/home/spamd/"
# Options
# See man spamd for possible options. The -d option is automatically added.
# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="/var/run/spamd.pid"
# Set nice level of spamd
#NICE="--nicelevel 15"
# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
CRON=1
# Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject *****SPAM*****
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
use_bayes_rules 1
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0
测试从中继服务器发送邮件
root@mx1:~# echo "use relay server to send" | sudo mail -s "send from command" ycsk02@hotmail.com -aFrom:info@primebooksnepal.com
配置邮件服务器使用中继服务
cPanel配置Exim使用smarthost中继,除了本地域名邮件,其他邮件都路由到中继服务器代发。
Section: AUTH
SmartHostRelay_login:
driver = plaintext
public_name = LOGIN
client_send = : sukai: password
Section: POSTMAILCOUNT
send_via_SmartHostRelay:
driver = manualroute
domains = !+local_domains
transport = remote_smtp
route_list = * mx1.primebooksnepal.com::25
测试邮件发送
Gmail收到的邮件头
Authentication-Results,spf, dmarc邮件认证正常。
X-Spam-Status不是垃圾邮件
Delivered-To: sukai02@gmail.com
Received: by 2002:a02:1d0a:0:b0:33f:7a0d:5c94 with SMTP id 10csp397733jaj;
Sat, 16 Jul 2022 01:55:31 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vtlQKkTR6PVV3iU6A9k/qk5NVHL2gagY0RmIk27M5O3+bc4O1zK/i185PN2jLB+sU/Zs+j
X-Received: by 2002:a17:90a:fa01:b0:1ef:6e6a:4ff0 with SMTP id cm1-20020a17090afa0100b001ef6e6a4ff0mr20115870pjb.35.1657961730704;
Sat, 16 Jul 2022 01:55:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657961730; cv=none;
d=google.com; s=arc-20160816;
b=EscpZWh+aeLOGXg4eWHg2W2xyofE3oMmNXpGfC8HLWueMS9BOylCbDkjamzS5Io1bq
Dxqg6OwjC4ljQ32xkub7euEUBBnoZTLgxs4XeXoOR2gJZOxpSxXtoTyaESMr5054ftPC
pzrDma/jhmYUvfISpKBlsW2RPVN/OCHxLhQFSAVxN3Ua0EwqM44ljGuMociFxLkFYIBo
tD63jzBtrrDV1PanYX2QmHPyfmrflkrOC6vTpY1ABpfNeEjK8aoIwJuuzs+Iid1/zd2Z
yPrOg3eq7y5m0rrLGTT1i1n5Tdym2wlxU/pT11E6tDlqBet4limk2j+Sev6buiLsWyp7
/0CA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=message-id:mime-version:subject:to:from:date;
bh=i9gR2iM4V7efYkIz6kQhIBdJ/FhGHZ1Z+JrpY5WvANk=;
b=NOpEkVOPqRUzlHRQhWLB73iPKpuoCE5Z4IjSDw0Ser61mB/mu5rhs/V/k4F8P9eYdo
Tzc4bIW/clVlEVXzaTYNuCQomcXVYIukr6VkbhypG69wqd/dtmbsKhtgUT9S5kD/lbgU
ntcGhmLTqv07NkYKWEdiUI8mqkuSJgtlnIf/e1EjF0dUVQol+gliak+4D/ZpqfXYEtHT
gmvfG+sOlgF6Y5RgTHccg2y11aolpgdTomeBT+OgkFZZd+bC6zG0VMarDNhbsqSz1xJ3
kAE+t9I8W5z15SMcRt4nJY4ec+o3UFq87OlbZ3OyiB/3k0Q5TU5ZLpcd6yyTSgvchVCg
pJpA==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of info@primebooksnepal.com designates 220.182.46.201 as permitted sender) smtp.mailfrom=info@primebooksnepal.com;
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=primebooksnepal.com
Return-Path: <info@primebooksnepal.com>
Received: from mx1.primebooksnepal.com ([220.182.46.201])
by mx.google.com with ESMTPS id j33-20020a632321000000b00419d02d34bbsi6706900pgj.756.2022.07.16.01.55.29
for <sukai02@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 16 Jul 2022 01:55:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of info@primebooksnepal.com designates 220.182.46.201 as permitted sender) client-ip=220.182.46.201;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of info@primebooksnepal.com designates 220.182.46.201 as permitted sender) smtp.mailfrom=info@primebooksnepal.com;
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=primebooksnepal.com
Received: by mx1.primebooksnepal.com (Postfix, from userid 1001) id 3700714188E; Sat, 16 Jul 2022 16:55:27 +0800 (CST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx1.primebooksnepal.com
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=HTML_MESSAGE,MIME_BASE64_TEXT, TVD_SPACE_RATIO,TVD_SPACE_RATIO_MINFP autolearn=ham autolearn_force=no version=3.4.2
Received: from mail.primebooksnepal.com (srv.primebooksnepal.com [103.98.131.78]) by mx1.primebooksnepal.com (Postfix) with ESMTPS id 82CA1141887 for <sukai02@gmail.com>; Sat, 16 Jul 2022 16:55:26 +0800 (CST)
Received: from [172.16.3.2] (port=40992 helo=SuKai) by srv.primebooksnepal.com with esmtpsa
(TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <info@primebooksnepal.com>) id 1oCdIv-0004MT-KM for sukai02@gmail.com; Sat, 16 Jul 2022 08:37:38 +0000
Date: Sat, 16 Jul 2022 16:37:25 +0800
From: "info@primebooksnepal.com" <info@primebooksnepal.com>
To: sukai02 <sukai02@gmail.com>
Subject: restriction is changed
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.23.121[cn]
Mime-Version: 1.0
Message-ID: <2022071616371697937513@primebooksnepal.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart463850104685_=----"
抓包跟踪SMTP 25端口
SMTP使用了STARTTLS协议将连接升级为安全连接。
root@mx1:~# tcpdump -i eth0 -p -nn port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:25:48.531800 IP 103.98.131.78.38669 > 192.168.42.126.25: Flags [S], seq 2565976898, win 29200, options [mss 1460,sackOK,TS val 633268267 ecr 0,nop,wscale 7], length 0
18:25:48.531861 IP 192.168.42.126.25 > 103.98.131.78.38669: Flags [S.], seq 282531623, ack 2565976899, win 28960, options [mss 1460,sackOK,TS val 2538649899 ecr 633268267,nop,wscale 7], length 0
18:25:48.907165 IP 103.98.131.78.38669 > 192.168.42.126.25: Flags [.], ack 1, win 229, options [nop,nop,TS val 633268642 ecr 2538649899], length 0
18:25:48.908073 IP 192.168.42.126.25 > 103.98.131.78.38669: Flags [P.], seq 1:53, ack 1, win 227, options [nop,nop,TS val 2538650275 ecr 633268642], length 52: SMTP: 220 mx1.primebooksnepal.com ESMTP Postfix (Ubuntu)
18:25:49.282779 IP 103.98.131.78.38669 > 192.168.42.126.25: Flags [P.], seq 1:32, ack 53, win 229, options [nop,nop,TS val 633269018 ecr 2538650275], length 31: SMTP: EHLO mail.primebooksnepal.com
18:25:49.282816 IP 192.168.42.126.25 > 103.98.131.78.38669: Flags [.], ack 32, win 227, options [nop,nop,TS val 2538650650 ecr 633269018], length 0
18:25:49.282914 IP 192.168.42.126.25 > 103.98.131.78.38669: Flags [P.], seq 53:213, ack 32, win 227, options [nop,nop,TS val 2538650650 ecr 633269018], length 160: SMTP: 250-mx1.primebooksnepal.com
18:25:49.657022 IP 103.98.131.78.38669 > 192.168.42.126.25: Flags [P.], seq 32:42, ack 213, win 237, options [nop,nop,TS val 633269393 ecr 2538650650], length 10: SMTP: STARTTLS
18:25:49.657127 IP 192.168.42.126.25 > 103.98.131.78.38669: Flags [P.], seq 213:243, ack 42, win 227, options [nop,nop,TS val 2538651024 ecr 633269393], length 30: SMTP: 220 2.0.0 Ready to start TLS
18:25:50.047081 IP 103.98.131.78.38669 > 192.168.42.126.25: Flags [P.], seq 42:336, ack 243, win 237, options [nop,nop,TS val 633269782 ecr 2538651024], length 294: SMTP
查看日志
本地邮件服务器Exim
2022-07-16 10:42:02 SMTP connection from [172.16.3.2]:39609 (TCP/IP connection count = 1)
2022-07-16 10:42:06 1oCfFN-0006d1-Nk <= info@primebooksnepal.com H=(SuKai) [172.16.3.2]:39609 P=esmtpsa X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=dovecot_login:info@primebooksnepal.com S=1638 id=2022071618420226883220@primebooksnepal.com T="trace the process" for ycsk02@hotmail.com
2022-07-16 10:42:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1oCfFN-0006d1-Nk
2022-07-16 10:42:06 1oCfFN-0006d1-Nk Sender identification U=primebooksnepal D=primebooksnepal.com S=info@primebooksnepal.com
2022-07-16 10:42:06 1oCfFN-0006d1-Nk SMTP connection outbound 1657968126 1oCfFN-0006d1-Nk primebooksnepal.com ycsk02@hotmail.com
2022-07-16 10:42:08 SMTP connection from (SuKai) [172.16.3.2]:39609 closed by QUIT
2022-07-16 10:42:11 1oCfFN-0006d1-Nk => ycsk02@hotmail.com R=send_via_SmartHostRelay T=remote_smtp H=mx1.primebooksnepal.com [220.182.46.201] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes C="250 2.0.0 Ok: queued as B786F141892"
2022-07-16 10:42:11 1oCfFN-0006d1-Nk Completed
Smarthost服务器Postfix
可以大概了解Postfix处理邮件的步骤,smtpd,qmgr,spamd,pickup,cleanup,pipe,smtpd。
Jul 16 18:42:07 mx1 postfix/smtpd[14150]: connect from srv.primebooksnepal.com[103.98.131.78]
Jul 16 18:42:09 mx1 postfix/smtpd[14150]: B786F141892: client=srv.primebooksnepal.com[103.98.131.78]
Jul 16 18:42:10 mx1 postfix/cleanup[14154]: B786F141892: message-id=<2022071618420226883220@primebooksnepal.com>
Jul 16 18:42:10 mx1 postfix/qmgr[11512]: B786F141892: from=<info@primebooksnepal.com>, size=1896, nrcpt=1 (queue active)
Jul 16 18:42:10 mx1 spamd[32601]: spamd: connection from 127.0.0.1 [127.0.0.1]:36166 to port 783, fd 5
Jul 16 18:42:10 mx1 spamd[32601]: spamd: setuid to spamd succeeded
Jul 16 18:42:10 mx1 spamd[32601]: spamd: processing message <2022071618420226883220@primebooksnepal.com> for spamd:1001
Jul 16 18:42:11 mx1 spamd[32601]: spamd: clean message (0.0/5.0) for spamd:1001 in 0.3 seconds, 1850 bytes.
Jul 16 18:42:11 mx1 spamd[32601]: spamd: result: . 0 - HTML_MESSAGE,MIME_BASE64_TEXT scantime=0.3,size=1850,user=spamd,uid=1001,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=36166,mid=<2022071618420226883220@primebooksnepal.com>,autolearn=ham autolearn_force=no
Jul 16 18:42:11 mx1 postfix/pickup[13584]: 217C6141894: uid=1001 from=<info@primebooksnepal.com>
Jul 16 18:42:11 mx1 postfix/cleanup[14154]: 217C6141894: message-id=<2022071618420226883220@primebooksnepal.com>
Jul 16 18:42:11 mx1 postfix/pipe[14155]: B786F141892: to=<ycsk02@hotmail.com>, relay=spamassassin, delay=1.4, delays=1.1/0/0/0.3, dsn=2.0.0, status=sent (delivered via spamassassin service)
Jul 16 18:42:11 mx1 postfix/qmgr[11512]: B786F141892: removed
Jul 16 18:42:11 mx1 postfix/qmgr[11512]: 217C6141894: from=<info@primebooksnepal.com>, size=2248, nrcpt=1 (queue active)
Jul 16 18:42:11 mx1 spamd[32600]: prefork: child states: II
Jul 16 18:42:11 mx1 postfix/smtpd[14150]: disconnect from srv.primebooksnepal.com[103.98.131.78] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 16 18:42:15 mx1 postfix/smtp[14159]: 217C6141894: to=<ycsk02@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.56.33]:25, delay=4.6, delays=0.01/0.01/1.9/2.7, dsn=2.6.0, status=sent (250 2.6.0 <2022071618420226883220@primebooksnepal.com> [InternalId=33831457394771, Hostname=PN3PR01MB7127.INDPRD01.PROD.OUTLOOK.COM] 9819 bytes in 0.389, 24.621 KB/sec Queued mail for delivery -> 250 2.1.5)
Jul 16 18:42:15 mx1 postfix/qmgr[11512]: 217C6141894: removed