Proxmox(이전에는 VMWare) 전용 서버가 있습니다. Mailcow-dockerized가 설치된 가상 머신이 있습니다. 하이퍼바이저의 인터페이스가상 머신 BR0NAT가 완료되었습니다(서브넷 192.168.200.0/24의 물리적 NIC에 대한 NAT). Mailcow VM의 LAN IP는 192.168.200.4/24이고 인터넷의 트래픽은 가장 무도회가 활성화된 Firewalld 규칙을 사용하여 전달됩니다.
하이퍼바이저의 OS: Debian 11 Bullseye, 네트워크 수동 구성:
iface enp9s0 inet static
address 65.21.XXX.XXX
netmask 255.255.255.192
gateway 65.21.XXX.XXX
# route 65.21.XXX.XXX/26 via 65.21.XXX.XXX
up route add -net 65.21.XXX.XXX netmask 255.255.255.192 gw 65.21.XXX.XXX dev enp9s0
auto vmbr0
iface vmbr0 inet static
address 192.168.200.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.200.0/24' -o enp9s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.200.0/24' -o enp9s0 -j MASQUERADE
Firewall-cmd의 규칙:
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8006/tcp
protocols:
forward: no
masquerade: yes
forward-ports:
port=25:proto=tcp:toport=25:toaddr=192.168.200.4
port=143:proto=tcp:toport=143:toaddr=192.168.200.4
port=465:proto=tcp:toport=465:toaddr=192.168.200.4
port=587:proto=tcp:toport=587:toaddr=192.168.200.4
port=993:proto=tcp:toport=993:toaddr=192.168.200.4
port=443:proto=tcp:toport=443:toaddr=192.168.200.4
source-ports:
icmp-blocks:
rich rules:
문제는 mailcow(및 기타 메일 서버)가 이메일을 보낼 수 없지만 올바르게 수신한다는 것입니다. 텔넷을 사용하여 모든 포트에 연결했는데 모두 올바르게 응답했습니다. 메일 서버 라우팅(라우팅에 문제가 있는 것 같지만 확실하지는 않습니다):
root@mta01:~# ip r l
default via 192.168.200.1 dev ens18 onlink
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.22.1.0/24 dev br-mailcow proto kernel scope link src 172.22.1.1
192.168.200.0/24 dev ens18 proto kernel scope link src 192.168.200.4
root@mta01:~#
라우팅에 문제가 있는 것 같아요. 그러나 나는 인터페이스를 NAT로 연결하는 것이 문제라고 생각합니다. 하지만 확실하지 않습니다. DNS(A, MX, TXT, SPF, DMARC 및 DKIM 다시 확인) 및 Mailcow 관리 패널에서 도메인을 올바르게 활성화하고 설정합니다.
포트 25에서 메일 서버에서 Google SMTP(IP: 64.233.184.26)로 텔넷을 통해 확인: 성공
root@mta01:~# telnet mta01.X.dev 25
Trying 65.21.139.244...
Connected to mta01.X.dev.
Escape character is '^]'.
220 mta01.X.dev ESMTP Postcow
HELO mta01.X.dev
250 mta01.X.dev
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
554 5.7.1 <[email protected]>: Relay access denied
또 다른 확인 - DNS 확인(인터럽트의 경우 MTA02의 우선순위가 더 높으며 문제는 MTA01에 있음):
root@mta01:~# dig +short MX X.dev
10 mta01.X.dev.
1 mta02.X.dev.
root@mta01:~# dig +short A mta01.X.dev
65.21.XXX.XXX
root@mta01:~# dig +short mx gmail.com
10 alt1.gmail-smtp-in.l.google.com.
20 alt2.gmail-smtp-in.l.google.com.
5 gmail-smtp-in.l.google.com.
40 alt4.gmail-smtp-in.l.google.com.
30 alt3.gmail-smtp-in.l.google.com.
그럼 파서가 잘 작동하는 것 같군요
로그 오류:
32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:16 859ac05b9a6a postfix/smtp[2703]: connect to gmail-smtp-in.l.google.com[2a00:1450:4010:c08::1b]:25: Network is unreachable
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:16 859ac05b9a6a postfix/postscreen[2704]: CONNECT from [192.168.200.1]:60460 to [172.22.1.253]:25
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:16 859ac05b9a6a whitelist_forwardinghosts: Look up 192.168.200.1 on whitelist, result 200 DUNNO
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/postscreen[2704]: PASS OLD [192.168.200.1]:60460
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/smtpd[2724]: connect from unknown[192.168.200.1]
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/smtp[2703]: warning: host gmail-smtp-in.l.google.com[64.233.165.26]:25 greeted me with my own hostname mta01.stelmaszyk.dev
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/smtp[2703]: warning: host gmail-smtp-in.l.google.com[64.233.165.26]:25 replied to HELO/EHLO with my own hostname mta01.stelmaszyk.dev
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/smtp[2703]: 7EA791C0F9E: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.165.26]:25, delay=6.6, delays=2.9/0.01/3.7/0, dsn=5.4.6, status=bounced (mail for gmail.com loops back to myself)
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/smtpd[2724]: disconnect from unknown[192.168.200.1] ehlo=1 quit=1 commands=2
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/cleanup[2727]: 5FD1C1C10EB: message-id=<[email protected]>
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/bounce[2726]: 7EA791C0F9E: sender non-delivery notification: 5FD1C1C10EB
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/qmgr[353]: 5FD1C1C10EB: from=<>, size=3406, nrcpt=1 (queue active)
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/qmgr[353]: 7EA791C0F9E: removed
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/lmtp[2728]: 5FD1C1C10EB: to=<[email protected]>, relay=dovecot[fd4d:6169:6c63:6f77::12]:24, delay=0.04, delays=0.01/0.01/0/0.03, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> YEEeGI/qRmFqGgAAggiFYw Saved)
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:45:19 859ac05b9a6a postfix/qmgr[353]: 5FD1C1C10EB: removed
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:48:39 859ac05b9a6a postfix/anvil[2725]: statistics: max connection rate 1/60s for (smtpd:192.168.200.1) at Sep 19 09:45:19
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:48:39 859ac05b9a6a postfix/anvil[2725]: statistics: max connection count 1 for (smtpd:192.168.200.1) at Sep 19 09:45:19
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:48:39 859ac05b9a6a postfix/anvil[2725]: statistics: max cache size 1 at Sep 19 09:45:19
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:50:47 859ac05b9a6a postfix/smtps/smtpd[2741]: connect from unknown[192.168.200.1]
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:51:17 859ac05b9a6a postfix/smtps/smtpd[2741]: SSL_accept error from unknown[192.168.200.1]: lost connection
ESC[32mpostfix-mailcow_1 |ESC[0m Sep 19 09:51:17 859ac05b9a6a postfix/smtps/smtpd[2741]: lost connection after CONNECT from unknown[192.168.200.1
구성에 문제가 있는 사람이 있나요?