Ubuntu Postfix Mail Server 設定筆記 (七) 設定優化與疑難排解

Tiger Fok / / Linux, Server Management

本系列第七篇: 設定優化與疑難排解

本篇優化 Mail Server 設定, 修正各式小問題
並排解設定途中的遇到的問題

domain1.com did not encrypt this message

會發現郵件發到 Gmail 後,出現一個紅色的鎖頭?

點開後開到 “domain1.com did not encrypt this message”

Google 的 Learn More 沒有寫的很 Technical, 應該怕嚇到一般使用者吧

原來原因係 MTA 之間沒有用 TLS 加密,我們的設定就是 Postfix 和 Gmail Server 之間的溝通沒有開啓加密

Postfix 當然有内建這功能,只是預設沒有開啓…

來吧,修改 /etc/postfix/main.cf 加入

smtpd_tls_security_level = may
smtp_tls_security_level = may

重啓 Postfix 即可

dkim=pass (test mode)

Gmail 按 “Show Original” 可以看到雖然 DKIM Pass 了,但標示為 Test Mode

Delivered-To: [email protected]
Received: by 10.55.43.150 with SMTP id r22csp651909qkr;
        Wed, 26 Apr 2017 21:38:25 -0700 (PDT)
X-Received: by 10.84.217.153 with SMTP id p25mr4510935pli.188.1493267905447;
        Wed, 26 Apr 2017 21:38:25 -0700 (PDT)
Return-Path: <[email protected]>
Received: from domain1.com (li1469-***.members.linode.com. [139.162.***.***])
        by mx.google.com with ESMTPS id v67si1432999pgv.147.2017.04.26.21.38.25
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 26 Apr 2017 21:38:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 139.162.56.206 as permitted sender) client-ip=139.162.56.206;
Authentication-Results: mx.google.com;
       dkim=pass (test mode) [email protected];
       spf=pass (google.com: domain of [email protected] designates 139.162.56.206 as permitted sender) [email protected]
...

原來是 OpenDKIM 生成的 TXT Record 有 t=y; 這個 Flag, 刪除就好

v=DKIM1; k=rsa; t=y; p=MIG...QAB

Dovecot verbose log

設定 Dovecot 認證途中難免會遇到很多錯誤
所以我們開啟它的 verbose log 方便 Debug
但為了避免 Dovecot 把 /var/log/mail.log 刷的太快
這裡把它分離出來 /var/log/dovecot.log

Verbose Log 會暴露用戶密碼, 設定完成建議關掉

vim /etc/dovecot/conf.d/10-logging.conf

log_path = /var/log/dovecot.log

auth_verbose = yes
auth_verbose_passwords = yes
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes

另外設定 logrotate 避免 log 把 Server 弄爆

vim /etc/logrotate.d/dovecot

# dovecot SIGUSR1: Re-opens the log files.
/var/log/dovecot*.log {
missingok
notifempty
delaycompress
sharedscripts
postrotate
/bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true
endscript
}

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.