Frage zu check_recipient_access in bei einem relayhost

Boris Behrens bb at kervyn.de
Fr Mär 23 10:27:26 CET 2018


> Sende bitte mal die Ausgabe von 'postconf -n' und nicht die von 'cat
> main.cf'.
> Und bitte auch ein vollständiges Log einer E-Mail von einem der vServer
> an die angegebene Adresse.

Ich hab die Config und den Logauszug von beiden gemacht.

# postconf -n (testhost.kervyn.de)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = loopback-only
mailbox_size_limit = 0
message_size_limit = 512000000
mydestination = localhost
myhostname = testhost.kervyn.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = $myhostname
readme_directory = no
recipient_delimiter = +
relayhost = fra.mail.kervyn.de
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = secure
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_relay_restrictions = check_recipient_access
hash:/etc/postfix/host-specific-blacklisted, permit_mynetworks,
defer_unauth_destination, reject_unknown_sender_domain

#grep 7106AA0132 /var/log/mail.log (testhost.kervyn.de)
Mar 23 10:22:31 testhost postfix/pickup[31527]: 7106AA0132: uid=0 from=<root>
Mar 23 10:22:31 testhost postfix/cleanup[31627]: 7106AA0132:
message-id=<20180323092231.7106AA0132 at testhost.kervyn.de>
Mar 23 10:22:31 testhost postfix/qmgr[28977]: 7106AA0132:
from=<root at testhost.kervyn.de>, size=319, nrcpt=1 (queue active)
Mar 23 10:22:31 testhost postfix/smtp[31629]: 7106AA0132:
to=<bb at kervyn.de>, relay=fra.mail.kervyn.de[10.211.100.5]:25,
delay=0.13, delays=0.03/0.01/0.02/0.06, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 7FF308115F)
Mar 23 10:22:31 testhost postfix/qmgr[28977]: 7106AA0132: removed

# postconf -n (fra.mail.kervyn.de)
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 512000000
milter_default_action = accept
milter_protocol = 6
myhostname = relay03.mail.kervyn.de
mynetworks = cidr:/etc/postfix/client_access
myorigin = relay03.mail.kervyn.de
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
sender_canonical_classes = envelope_sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sender_dependent_default_transport_maps = pcre:/etc/postfix/transport
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_soft_error_limit = 10
smtpd_tls_CAfile = /etc/ssl/mail.kervyn.de.ca
smtpd_tls_cert_file = /etc/ssl/mail.kervyn.de.crt
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
smtpd_tls_key_file = /etc/ssl/mail.kervyn.de.key
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4,
MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5,
CBC3-SHA
smtpd_tls_received_header = yes
smtpd_use_tls = yes
transport_maps = pcre:/etc/postfix/transport hash:/etc/postfix/spamtraps
virtual_alias_domains = hash:/etc/postfix/virtual,
pcre:/etc/postfix/virtual_fallback
virtual_alias_maps = hash:/etc/postfix/virtual,
pcre:/etc/postfix/virtual_fallback

# grep 7FF308115F /var/log/maillog (fra.mail.kervyn.de)
Mar 23 10:22:31 relay03 postfix/smtpd[7285]: 7FF308115F:
client=testhost.kervyn.de[10.211.100.75]
Mar 23 10:22:31 relay03 postfix/cleanup[7289]: 7FF308115F:
message-id=<20180323092231.7106AA0132 at testhost.kervyn.de>
Mar 23 10:22:31 relay03 opendkim[411]: 7FF308115F: no signing table
match for 'root at testhost.kervyn.de'
Mar 23 10:22:31 relay03 postfix/qmgr[6631]: 7FF308115F:
from=<root at testhost.kervyn.de>, size=662, nrcpt=1 (queue active)
Mar 23 10:22:32 relay03 postfix/smtp[7290]: 7FF308115F:
to=<bb at kervyn.de>, relay=ASPMX.L.GOOGLE.COM[74.125.140.27]:25,
delay=0.53, delays=0.05/0.01/0.27/0.19, dsn=2.0.0, status=sent (250
2.0.0 OK 1521796950 y61si6570083wrc.386 - gsmtp)
Mar 23 10:22:32 relay03 postfix/qmgr[6631]: 7FF308115F: removed


Mehr Informationen über die Mailingliste postfix-users