前言:
新上一台阿里的云主机,提供web服务,各种环境搭建完成,能够提供服务,没想到在最后的监控环节遇到各种发邮件的坑,这里分享给大家,你是否也遇到这种坑?
网易163免费邮箱相关服务器信息:
一、安装和配置:
1.1、安装
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[root@linux-node2 ~]# yum install mailx -yloaded plugins: fastestmirror, securitysetting up install processdetermining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.combase | 3.7 kb 00:00 epel | 3.2 kb 00:00 epel/primary | 3.2 mb 00:00 epel 12521/12521extras | 3.4 kb 00:00 icehouse | 2.9 kb 00:00updates | 3.4 kb 00:00 updates/primary_ | 1.2 mb 00:00 package mailx-12.4-8.el6_6.x86_64 already installed and latest versionnothing to do |
1.2、配置(以163邮箱为例)
首先你的邮箱要支持你的需求,到邮箱里去配置
然后到/etc/mail.rc的配置文件中去添加
set from=admin@163.com smtp=smtp.163.com smtp-auth-user=admin smtp-auth-password=xxxxxx smtp-auth=login
[root@linux-node2 ~]# echo “12345” | mail -v -s “test”
至此应该是没问题,但是就是收不到邮件。得了,开始排错!所有的网络、配置检查完成后,还是收不到邮件,最后检查到端口发现问题!!!
[root@linux-node2 ~]# telnet smtp.163.com 25
trying 220.181.12.17...
^c
[root@orcherstrator ~]# nc -vz -w 1 smtp.163.com 25
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
nc: connect to smtp.163.com port 25 (tcp) timed out: operation now in progress
原来服务器根本就不能和第三方邮箱建立连接,问题找到,开始处理,一查才知道阿里云服务器把25端口给封了,需要申请解封。好吧!登录管理控制台,开始申请!!!
阿里云的审核速度还挺快的,两个多小时后反馈结果了,不过看看就吐口老血!!!
只能想其他的办法呗!!最后决定使用163邮箱的465加密端口
[root@orcherstrator ~]# telnet smtp.163.com 465
trying 220.181.12.14...
connected to smtp.163.com.
escape character is '^]'.
^c
connection closed by foreign host.
root@orcherstrator ~]# nc -vz -w 1 smtp.163.com 465
connection to smtp.163.com 465 port [tcp/urd] succeeded!
看样子有戏哦!!!修改/etc/mail.rc的配置
set from=admin@163.com
set smtp="smtps://smtp.163.com:465"
set smtp-auth-user=admin@163.com
set smtp-auth-password=xxxxx
set smtp-auth=login
set smtp-use-starttls
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@linux-node2 ~]# echo 'hello' |mail -v -s "test" yueyuancun@163.com
resolving host smtp.163.com . . . done.
connecting to 123.125.50.133 . . . connected.
error in certificate: peer's certificate issuer is not recognized. ##没有对端的证书
comparing dns name: "*.163.com"
ssl parameters: cipher=aes-128-gcm, keysize=128, secretkeysize=128,
issuer=cn=geotrust ssl ca - g3,o=geotrust inc.,c=us
subject=cn=*.163.com,o="netease (hangzhou) network co., ltd",l=hangzhou,st=zhejiang,c=cn
220 163.com anti-spam gt for coremail system (163com[20141201])
>>> ehlo linux-node2
250-mail
250-pipelining
250-auth login plain
250-auth=login plain
250-coremail 1uxr2xkj7kg0xki17xgru7i0s8fy2u3uj8cz28x1uuuuu7ic2i0y2ufvhs-cuca0xdruuuuj
250-starttls
250 8bitmime
>>> auth login
334 dxnlcm5hbwu6
>>> exvlexvhbmn1bkaxnjmuy29t
334 ugfzc3dvcmq6
>>> agvsbg9uawhhbze5odkxma==
535 error: authentication failed
smtp-server: 535 error: authentication failed
"/root/dead.letter" 11/299
. . . message not sent. ##邮件没有发出去
至此,网上的case都说能收到邮件,但是我这就是收不到,那就根据错误来解决呗!!!搞证书
[root@linux-node2 ~]# mkdir -p /root/.certs/
[root@linux-node2 ~]# echo -n | openssl s_client -connect smtp.163.com:465 | sed -ne '/-begin certificate-/,/-end certificate-/p' > ~/.certs/163.crt
depth=2 c = us, o = geotrust inc., cn = geotrust global ca
verify return:1
depth=1 c = us, o = geotrust inc., cn = geotrust ssl ca - g3
verify return:1
depth=0 c = cn, st = zhejiang, l = hangzhou, o = "netease (hangzhou) network co., ltd", cn = *.163.com
verify return:1
done
[root@linux-node2 ~]# certutil -a -n "geotrust ssl ca" -t "c,," -d ~/.certs -i ~/.certs/163.crt
[root@linux-node2 ~]# certutil -a -n "geotrust global ca" -t "c,," -d ~/.certs -i ~/.certs/163.crt
[root@linux-node2 ~]# certutil -l -d /root/.certs
certificate nickname trust attributes
ssl,s/mime,jar/xpi
geotrust ssl ca c,,
[root@linux-node2 ~]# cd /root/.certs/
[root@linux-node2 .certs]# certutil -a -n "geotrust ssl ca - g3" -t "pu,pu,pu" -d ./ -i 163.crt
notice: trust flag u is set automatically if the private key is present.
[root@linux-node2 .certs]# cd
[root@linux-node2 ~]# vim /etc/mail.rc
set from=admin@163.com
set smtp="smtps://smtp.163.com:465"
set smtp-auth-user=admin@163.com
set smtp-auth-password=xxxxx
set smtp-auth=login
set smtp-use-starttls
set ssl-verify=ignore
set nss-config-dir=/root/.certs
[root@linux-node2 ~]# echo 'hello' |mail -v -s "test" admin@163.com
resolving host smtp.163.com . . . done.
connecting to 123.125.50.132 . . . connected.
comparing dns name: "*.163.com"
ssl parameters: cipher=aes-128-gcm, keysize=128, secretkeysize=128,
issuer=cn=geotrust ssl ca - g3,o=geotrust inc.,c=us
subject=cn=*.163.com,o="netease (hangzhou) network co., ltd",l=hangzhou,st=zhejiang,c=cn
220 163.com anti-spam gt for coremail system (163com[20141201])
>>> ehlo linux-node2
250-mail
250-pipelining
250-auth login plain
250-auth=login plain
250-coremail 1uxr2xkj7kg0xki17xgru7i0s8fy2u3uj8cz28x1uuuuu7ic2i0y2uf6b612uca0xdruuuuj
250-starttls
250 8bitmime
>>> auth login
334 dxnlcm5hbwu6
>>> exvlexvhbmn1bkaxnjmuy29t
334 ugfzc3dvcmq6
>>> agvsbg9uawhhbze5odk=
235 authentication successful
>>> mail from:<admin@163.com>
250 mail ok
>>> rcpt to:<admin@163.com>
250 mail ok
>>> data
354 end data with <cr><lf>.<cr><lf>
>>> .
250 mail ok queued as smtp2,dngowadh53ejp5bbgyuhaa--.2s2 1536206732
>>> quit
221 bye
终于成功了!!!!
注:不管能否解决你遇到的问题,欢迎相互交流,共同提高!
原文链接:http://blog.51cto.com/13162375/2173007
