Oracle 云主机开通 25 号 SMTP 端口

2023-10-21 ⏳6.1分钟(2.4千字) g

我在七月份成功注册 Oracle 云账户1并创建一台 x86 虚拟主机,永久免费。本不想凑这个热闹,但我的服务商年底下架免费邮件服务2,所以想用 Oracle 云主机做邮件服务器。注册后才发现 Oracle 默认屏蔽 25 号端口3,得工单才能开通。但是永久免费账号不能提工单。快就年底了,邮件服务必须迁移。这两天就折腾了一把,成功给 Oracle 云主机开通了 25 号端口。

首先就得从永久免费账户升级到付费账户。大家也不要怕,这里的付费其实也是按需付费。在菜单中找到 Billing & Cost Management 然后选 Upgrade and Manage Payment,在最下面升级到 Pay As You Go 就好了。Oracle 会从你信用卡扣一百多块新币,不过放心后面会退还。我用的是招商银行,点升级后收到两条短信通知,

一条说扣费成功:

您尾号XXXX的招行信用卡10月XX日XX:XX网上交易138.XX新加坡元。

另一条说交易失败:

您尾号XXXX的招行信用卡今日发生的一笔138.XX新加坡元的网上交易未成功,

如有需要可重新支付。

我看网上有说如果扣款失败可能会导致封号。所以赶紧给银行打电话。我以为是银行卡交易有限额。但沟通后发现是 Oracle 的网络问题导致交易不成功。这就没办法了,只能等。第二天收到邮件,说是已经升级到付费账号。

我有朋友听说后也尝试升级。但他运气不好,扣款成功,但退款失败。一直担心钱回不来,打了银行客服,对方说这笔钱不需要支付。所以大家操作的时候一定要查看自己的银行通知,如果有异常情况一定要及时联系客服。

升级到付费账号之后立马获得一个特权:申请 ARM 机器。用之前的免费账号申请总是提示无货。我马上搞了一台顶配的 ARM 虚拟机,4C24G。然后把原来的 x86 机器退了。节约是一种美德。

虽然不是免费账号了,但只要小心使用,就不会产生账单,原来的免费额度依然有效。比如前面提到的 ARM 虚拟机就不用付费。同时还可以再创建两台 x86 机器,也不要钱。不过有一点需要注意,Oracle 给的免费虚拟磁盘空间只有 200G。单台虚拟机最少 50G,所以最多可以创建四台虚拟机。超过了就会产生账单。

光有机器还不行,我们还得行使另一特权:提工单,开通 25 号端口!

按照官方的说法,要提 a service limits request 工单。但内容怎么写没说。我试着提了一个:

User Information

Email: mailto:XXX

Account Information

Tenancy OCID: ocid1.tenancy.xxxx

Region: us-sanjose-1

Summary: Resource limit update

Description:

Hello,

I have created a computer instance with id instance-xxxxxxxx-xxxx, and assigned both v4 and v6 IP address (xxx,xxx).

Please allow this instance translate outbound traffic on TCP port 25, because I need to use it as my own personal Email service. This Email service will be used for personal only, and I will guarantee it will no be used to send spam content or marketing content.

Thanks. Requested Information

Service Category: Others Resource: Other Limits

Current Limit: 300 Current Usage: 0 Requested Limit: 300 Approval Status: Pending approval

然后直接被拒绝了。说我不满足条件,让我联系售后。

Thank you for your interest in Oracle Cloud Infrastructure. We have received your request for an increase in your service limits and unfortunately we are not able to fulfill this request at this time. If you would like to discuss options available for meeting current requirements, please reach out to an Oracle Sales representative.

To find the appropriate team based on your region, please use the link below:

[https://www.oracle.com/corporate/contact/global.html#americas]

我就通过在线聊天找到售后电话 400-899-0890。跟客服扯了一通,他们要了工单号,说会继续跟进。然后就没了下文。我看网上也有人说可以直接走普通技术工单来开。死马当活马医。搞一把再说,于是再提工单:

I need to send verification emails to registered users of my website. Please help me unblock 25 port and set rDNS (PTR) pointed to XXX for VPS of address XXX and XXX

The OCID: ocid1.instance.oc1.xxx

随后客服跟进,但他基本上说了一堆费话、空话、套话:

Hello,

About your issue you can submit a request to increase your service limits from within the OCI Console. If you try to create a resource for which limit has been met, you’ll be prompted to submit a limit increase request.

This procedure applies to requests for service limit increases (including port 25 unblock). For details about the subscribed region limit and how to request an increase to that limit, see: https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm#limits

To request a service limit increase 1. Open the Help menu (Help menu icon). Under Support, click Request service limit increase.

  1. Enter the following:
  1. Click Create Support Request.

After you submit the request, it is processed. A response can take anywhere from a few minutes to a few days. If your request is granted, a confirmation email is sent to the address provided in the primary contact details.

If we need additional information about your request, a follow-up email is sent to the address provided in the primary contact details. https://docs.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm#Requesti Please let me know at your earliest convenience whether you have any follow up questions or if this support request can be closed. I look forward to hearing from you.

感觉像是 AI 生成的答案。我看到后很生气。本想回复质问,但想想还是算了,不解决问题。不过他说让我开申请 service limit increase 工单,还像模像样的让我选服务分类。我就回复问他要选哪一个分类:

Please let me known which Service Category and Resource should I selected.

Thank you.

BTW, the help center does not require me to enter any contact details.

然后他回复说分类选跟邮件服务,然后要求我提供详细信息:

if you still have issues following the previous instructions please provide the following information in order to proceed in your behalf.

我提交后大约过了一个小时就处理完了:

Hello, we have opened port 25 for you, could you please confirm.

所以说还是要走技术工单。

开通之后我得测试一下是否能连到主流的邮件服务商。于是找 ChatGPT 列出全网和国内前十家邮件服务商,共二十家。

Gmail @gmail.com
Outlook @outlook.com
Yahoo Mail @yahoo.com
Apple Mail @icloud.com
AOL Mail @aol.com
ProtonMail @protonmail.com
Zoho Mail @zoho.com
Yandex.Mail @yandex.com
GMX Mail @gmx.com
Mail.com @mail.com
QQ Mail @qq.com
163.com @163.com
126.com @126.com
Sina Mail @sina.com
Sohu Mail @sohu.com
Alibaba Cloud @aliyun.com
Tom Mail @tom.com
21CN Mail @21cn.com
China Email @china.com
CITIC Mail @citiz.net

肯定不能手工测,得写个自动化脚本。思路也不复杂,根据每个域名,查询对应的 MX 记录,然后使用 nc 检查 25 号端口是否可用。

有很多 DNS 工具可以查询 MX 记录,可以用 dig 也可以用 drill。但我用的 ARM Ubuntu 没法用 apt 安装 drill。于是就用了一个 Go 语言实现的查询工具 q4,安装比较方便。比如查询 GMail 的 SMTP 服务器列表:

q mx gmail.com
gmail.com. 29m16s MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 29m16s MX 5 gmail-smtp-in.l.google.com.
gmail.com. 29m16s MX 10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 29m16s MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 29m16s MX 40 alt4.gmail-smtp-in.l.google.com.

查测 25 号能否连通用以下命令:

nc -4 -z -v -w 5 gmail-smtp-in.l.google.com
Connection to gmail-smtp-in.l.google.com. (142.251.2.27) 25 port [tcp/smtp] succeeded!

-4 表示走 IPv4 网络,如果想测试 IPv6 就指定为 -6。-z 表示连接成功后退出。 -v 显示连接信息。-w 5 等待时间,如果超过五秒还没建立连接就认为不可用。

把所有的命令都串起来:

awk -F@ '{print $2}' mx.txt |\
xargs -I % q mx %|\
awk '{print $5}'|\
sort|uniq|\
xargs -I % nc -4 -z -v -w 5 % 25 2>&1|\
tee /tmp/mx4.txt

先用 awk 提取@后面的域名,然后配合xargs依次调用q查询对应的 MX 记录。所有的记录用sort|uniq排序并去重。最后配合xargs依次调用nc检查能否创建 TCP 连接。

这里需要注意xargs的参数-I % q mx %。它的意思是xargs每次从 stdin 中读一行,然后将后面的%替换成读到的内容。如果xargs读到了gmail.com,就会对应执行 q mx gmail.com。

测试下来发现,IPv4 网络全部都能联通。IPv6 网络就比较惨了,只有 Gmail, Yandex 和 QQ 支持通过 IPv6 访问。所以说普及 IPv6 还任重道远呐。

以上就是本次分享的全部内容了。最后还想强调一下,免费资源不要滥用,不然最终受害的还是自己。另外即便开通了 25 号端口也要务必小心,一旦被滥用会发送大量垃圾邮件,给他人造成困扰。如果发生了,轻则封号,重则可能需要负法律责任。大家都要善良。

后面会搞一套组合拳,把邮件服务搭起来,到时候再做分享。