Various problems encountered in sending emails on Alibaba Cloud Centos6.X

Preface:

I have newly installed an Alibaba cloud host to provide web services. All environments have been set up and are able to provide services. However, I did not expect to encounter various pitfalls in sending emails in the final monitoring phase. I would like to share this with you here. Have you also encountered this pitfall?

NetEase 163 free mailbox related server information:

1. Installation and Configuration:

1.1. Installation

[root@linux-node2 ~]# yum install mailx -y

Loaded plugins: fastestmirror, security

Setting up Installation Process

Determining fastest mirrors

 * base: mirrors.aliyun.com

 * extras: mirrors.aliyun.com

 * updates: mirrors.aliyun.com

base | 3.7 kB 00:00  

epel | 3.2 kB 00:00  

epel/primary | 3.2 MB 00:00  

epel 12521/12521

extras | 3.4 kB 00:00  

icehouse | 2.9 kB 00:00

updates | 3.4 kB 00:00  

updates/primary_ | 1.2 MB 00:00  

Package mailx-12.4-8.el6_6.x86_64 already installed and latest version

Nothing to do

1.2. Configuration (taking 163 mailbox as an example)

First of all, your mailbox must support your needs. Go to the mailbox to configure

Then add to the /etc/mail.rc configuration file

set from=admin@163.com smtp=smtp.163.com smtp-auth-user=admin smtp-auth-password=xxxxxx smtp-auth=login

[root@linux-node2 ~]# echo "12345" | mail -v -s "test" admin@163.com

So far, there should be no problem, but I just can't receive emails. Ok, let’s start troubleshooting! After completing all the network and configuration checks, I still couldn't receive emails. Finally, I checked the port and found a problem! ! !

[root@linux-node2 ~]# telnet smtp.163.com 25

Trying 220.181.12.17...

^C

[root@orcherstrator ~]# nc -vz -w 1 smtp.163.com 25

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

nc: connect to smtp.163.com port 25 (tcp) timed out: Operation now in progress

It turned out that the server could not establish a connection with the third-party mailbox at all. After finding the problem and starting to deal with it, I found out that the Alibaba Cloud server had blocked port 25 and I needed to apply to unblock it. All right! Log in to the management console to start your application! ! !

Alibaba Cloud's review speed is quite fast, and the results were fed back in more than two hours. But just looking at it makes me spit blood! ! !

We can only think of other ways! ! Finally decided to use the 465 encryption port of the 163 mailbox

[root@orcherstrator ~]# telnet smtp.163.com 465

Trying 220.181.12.14...

Connected to smtp.163.com.

Escape character is '^]'.

^C

Connection closed by foreign host.

root@orcherstrator ~]# nc -vz -w 1 smtp.163.com 465

Connection to smtp.163.com 465 port [tcp/urd] succeeded!

Looks like there's hope! ! ! Modify the configuration of /etc/mail.rc

set from=admin@163.com

set smtp="smtps://smtp.163.com:465"

set smtp-auth-user=admin@163.com

set smtp-auth-password=xxxxx

set smtp-auth=login

set smtp-use-starttls

set ssl-verify=ignore

set nss-config-dir=/etc/pki/nssdb/

[root@linux-node2 ~]# echo 'hello' |mail -v -s "test" yueyuancun@163.com

Resolving host smtp.163.com . . . done.

Connecting to 123.125.50.133 . . . connected.

Error in certificate: Peer's certificate issuer is not recognized. ##No peer certificate

Comparing DNS name: "*.163.com"

SSL parameters: cipher=AES-128-GCM, keysize=128, secretkeysize=128,

issuer=CN=GeoTrust SSL CA - G3,O=GeoTrust Inc.,C=US

subject=CN=*.163.com,O="NetEase (Hangzhou) Network Co., Ltd",L=HangZhou,ST=ZheJiang,C=CN

220 163.com Anti-spam GT for Coremail System (163com[20141201])

>>> EHLO linux-node2

250-mail

250-PIPELINING

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UFVHs-cUCa0xDrUUUUj

250-STARTTLS

250 8BITMIME

>>> AUTH LOGIN

334 dXNlcm5hbWU6

>>> eXVleXVhbmN1bkAxNjMuY29t

334 UGFzc3dvcmQ6

>>> aGVsbG9uaWhhbzE5ODkxMA==

535 Error: authentication failed

smtp-server: 535 Error: authentication failed

"/root/dead.letter" 11/299

. . . message not sent. ##The email was not sent.

So far, all the cases online say that emails can be received, but I just can’t receive them. So let’s solve it according to the error! ! ! Get a certificate

[root@linux-node2 ~]# mkdir -p /root/.certs/

[root@linux-node2 ~]# echo -n | openssl s_client -connect smtp.163.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/163.crt

depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA

verify return:1

depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3

verify return:1

depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com

verify return:1

DONE

[root@linux-node2 ~]# certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt

[root@linux-node2 ~]# certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt

[root@linux-node2 ~]# certutil -L -d /root/.certs

Certificate Nickname Trust Attributes

SSL,S/MIME,JAR/XPI

GeoTrust SSL CA C,,

[root@linux-node2 ~]# cd /root/.certs/

[root@linux-node2 .certs]# certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i 163.crt

Notice: Trust flag u is set automatically if the private key is present.

[root@linux-node2 .certs]# cd

[root@linux-node2 ~]# vim /etc/mail.rc

set from=admin@163.com

set smtp="smtps://smtp.163.com:465"

set smtp-auth-user=admin@163.com

set smtp-auth-password=xxxxx

set smtp-auth=login

set smtp-use-starttls

set ssl-verify=ignore

set nss-config-dir=/root/.certs

[root@linux-node2 ~]# echo 'hello' |mail -v -s "test" admin@163.com

Resolving host smtp.163.com . . . done.

Connecting to 123.125.50.132 . . . connected.

Comparing DNS name: "*.163.com"

SSL parameters: cipher=AES-128-GCM, keysize=128, secretkeysize=128,

issuer=CN=GeoTrust SSL CA - G3,O=GeoTrust Inc.,C=US

subject=CN=*.163.com,O="NetEase (Hangzhou) Network Co., Ltd",L=HangZhou,ST=ZheJiang,C=CN

220 163.com Anti-spam GT for Coremail System (163com[20141201])

>>> EHLO linux-node2

250-mail

250-PIPELINING

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UF6b612UCa0xDrUUUUj

250-STARTTLS

250 8BITMIME

>>> AUTH LOGIN

334 dXNlcm5hbWU6

>>> eXVleXVhbmN1bkAxNjMuY29t

334 UGFzc3dvcmQ6

>>> aGVsbG9uaWhhbzE5ODk=

235 Authentication successful

>>> MAIL FROM:<admin@163.com>

250 Mail OK

>>> RCPT TO:<admin@163.com>

250 Mail OK

>>> DATA

354 End data with <CR><LF>.<CR><LF>

>>> .

250 Mail OK queued as smtp2,DNGowADH53eJp5BbGYUHAA--.2S2 1536206732

>>> QUIT

221 Bye

Finally succeeded! ! ! !

Note: Regardless of whether the problem you encounter can be solved or not, you are welcome to communicate with each other and improve together!