发布时间: 2020-05-26 07:42:00
参考: https://www.spamhaus.org/faq/section/Spamhaus%20PBL#197
今天遇到了问题:我们的邮件服务器, 在pc可以发邮件,通过客户端就不行。
重现步骤:
1. qq邮箱app , 新建, 默认配置,完成。
2. 发送邮件,失败。
3. 查看服务器日志,提示:
Blocked using zen.spamhaus
完整日志:
May 26 05:42:13 mail postfix/postscreen[12280]: CONNECT from [223.104.100.21]:26447 to [172.104.96.199]:25 May 26 05:42:13 mail postfix/dnsblog[12282]: addr 223.104.100.21 listed by domain zen.spamhaus.org as 127.0.0.11 May 26 05:42:13 mail postfix/dnsblog[12282]: addr 223.104.100.21 listed by domain zen.spamhaus.org as 127.0.0.4 May 26 05:42:19 mail postfix/postscreen[12280]: DNSBL rank 3 for [223.104.100.21]:26447 May 26 05:42:19 mail postfix/postscreen[12280]: DISCONNECT [223.104.100.21]:26447
浪费了大半天的时间搞这个。
后来发现了根源所在: client软件使用的是imap (对了), 发件端口是 25。
我把对应的IP地址放到samphaus网站上查询:
https://www.spamhaus.org/query/ip/115.53.134.120 ( 就是简单的把IP地址放在这里)
发现,内容是:
Blocklist Lookup Results
115.53.134.120 is not listed in the SBL
115.53.134.120 is listed in the PBL, in the following records:
PBL281235 (这一行可以点击)
115.53.134.120 is not listed in the XBL
然后,点击上面的那一行,进入到页面:https://www.spamhaus.org/pbl/query/PBL281235 看到红色的字体:
Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.
这里说,如果是被blocked by spamhaus, 那么应该先检查服务器的STMP Authentication是否开启了。
于是我就查询 iredmail 的SMTP配置。
结果在 ired 的配置文件中,发现SMTP的authentication,是默认关闭的。官方建议使用587端口 (/etc/postfix/main.cf 文件)
于是,问题就解决了。
用英文来看这个问题:
(SMTP本身不擅长表达,啥错误都会说spam blocked ... 呃)
Enabling SMTP Authentication SMTP Authentication (SMTP AUTH) is required when sending email via most major ISP mail servers and corporate mail servers. SMTP Authentication is a username+password system which ensures only authorised senders (i.e: the ISP's customers) use the outgoing email server. If SMTP Authentication is not enabled in the user's email program or App (e.g: Outlook, Apple Mail, Thunderbird, etc.), or if the SMTP Authentication process fails (such as due to a wrong or mistyped username or password) most ISP email servers will not accept outbound email from the connection - and the reason why is very simple: Outbound email servers need to know the connections they accept are from authorised users/customers only. Unfortunately, mail servers are not very good at explaining why they have refused a connection, and because the Spamhaus PBL is used by mail servers to determine what to do with 'unauthenticated' connections, when Authentication fails, the error/reject messages (over which we have no control) tend to say "Blah blah, blocked... blah blah ...Spamhaus" without explaining that all the user actually needs to do is turn SMTP Authentication on. Things to double check if enabling SMTP Authentication does not work as expected: Is the information provided for the outgoing email server hostname, username, and password correct? Is SMTP Authentication working correctly on the email server? This may be a question for your ISP. Is the port number in use correct? For SMTP Authentication to function correctly, the port should be 587, not 25. For help with configuring specific email software for SMTP Authentication, please consult your ISP user manuals or help webpages. Most companies publish a user portal with instructions that can be easily found with a websearch.Back