1. Zuhause
  2. Frage und Antwort
  3. Relay-Zugriff verweigert, wenn E-Mail vom Client gesendet wird - Postfix-Fehlkonfiguration?

Relay-Zugriff verweigert, wenn E-Mail vom Client gesendet wird - Postfix-Fehlkonfiguration?

2017-12-05 4 views
-1

Ich habe einen E-Mail-Server mit Postfix und Dovecot gebaut. Ich habe es funktioniert mit Roundcube, es sendet und empfängt E-Mails, wie es sollte. Aber wenn ich versuche, eine E-Mail von einem externen Client zu senden (zB: Standard Android Mail-Client), wird die E-Mail abgelehnt und ich diesen Fehler in den Protokollen: NOQUEUE: reject: RCPT from staticline-my-public-ip.toya.net.pl[my-public-ip]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[10.3.177.176]>Relay-Zugriff verweigert, wenn E-Mail vom Client gesendet wird - Postfix-Fehlkonfiguration?

ich denke, es könnte eine Postfix Fehlkonfiguration sein, Das ist das erste Mal, dass ich einen E-Mail-Server erstelle.

postconf -n gibt diese:

alias_database = hash:/etc/aliases 
alias_maps = hash:/etc/aliases 
append_dot_mydomain = no 
biff = no 
home_mailbox = Maildir/ 
inet_interfaces = all 
inet_protocols = ipv4 
mailbox_size_limit = 0 
mydestination = $myhostname localhost.$mydomain localhost $mydomain laiancu.ro 
mydomain = luckypizza.ro 
myhostname = mail.luckypizza.ro 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 
mynetworks_style = class 
myorigin = $mydomain 
recipient_delimiter = + 
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3 
smtp_tls_protocols = !SSLv2,!SSLv3 
smtp_tls_security_level = may 
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU) 
smtpd_recipient_restrictions = permit_sasl_authenticated 
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_path = private/auth 
smtpd_sasl_security_options = noplaintext,noanonymous 
smtpd_sasl_type = dovecot 
smtpd_tls_auth_only = yes 
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.luckypizza.ro/fullchain.pem 
smtpd_tls_key_file = /etc/letsencrypt/live/mail.luckypizza.ro/privkey.pem 
smtpd_tls_mandatory_ciphers = high 
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 
smtpd_tls_protocols = !SSLv2,!SSLv3 
smtpd_use_tls = yes 
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256 
tls_preempt_cipherlist = yes 
virtual_gid_maps = static:5000 
virtual_mailbox_base = /home/vmail 
virtual_mailbox_domains = /etc/postfix/vhosts 
virtual_mailbox_maps = hash:/etc/postfix/vmaps 
virtual_minimum_uid = 1000 
virtual_uid_maps = static:5000

Und meine master.cf

# 
# Postfix master process configuration file. For details on the format 
# of the file, see the master(5) manual page (command: "man 5 master" or 
# on-line: http://www.postfix.org/master.5.html). 
# 
# Do not forget to execute "postfix reload" after editing this file. 
# 
# ========================================================================== 
# service type private unpriv chroot wakeup maxproc command + args 
#    (yes) (yes) (no) (never) (100) 
# ========================================================================== 
smtp  inet n  -  y  -  -  smtpd 
#smtp  inet n  -  y  -  1  postscreen 
#smtpd  pass -  -  y  -  -  smtpd 
#dnsblog unix -  -  y  -  0  dnsblog 
#tlsproxy unix -  -  y  -  0  tlsproxy 
submission inet n  -  -  -  -  smtpd 
    -o syslog_name=postfix/submission 
    -o smtpd_tls_wrappermode=no 
    -o smtpd_tls_security_level=encrypt 
    -o smtpd_sasl_auth_enable=yes 
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject 
    -o milter_macro_daemon_name=ORIGINATING 
    -o smtpd_sasl_type=dovecot 
    -o smtpd_sasl_path=private/auth 
smtps  inet n  -  y  -  -  smtpd 
    -o syslog_name=postfix/smtps 
    -o smtpd_tls_wrappermode=yes 
    -o smtpd_sasl_auth_enable=yes 
# -o smtpd_reject_unlisted_recipient=no 
# -o smtpd_client_restrictions=$mua_client_restrictions 
# -o smtpd_helo_restrictions=$mua_helo_restrictions 
# -o smtpd_sender_restrictions=$mua_sender_restrictions 
# -o smtpd_recipient_restrictions= 
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject 
# -o milter_macro_daemon_name=ORIGINATING 
#628  inet n  -  y  -  -  qmqpd 
pickup unix n  -  y  60  1  pickup 
cleanup unix n  -  y  -  0  cleanup 
qmgr  unix n  -  n  300  1  qmgr 
#qmgr  unix n  -  n  300  1  oqmgr 
tlsmgr unix -  -  y  1000? 1  tlsmgr 
rewrite unix -  -  y  -  -  trivial-rewrite 
bounce unix -  -  y  -  0  bounce 
defer  unix -  -  y  -  0  bounce 
trace  unix -  -  y  -  0  bounce 
verify unix -  -  y  -  1  verify 
flush  unix n  -  y  1000? 0  flush 
proxymap unix -  -  n  -  -  proxymap 
proxywrite unix -  -  n  -  1  proxymap 
smtp  unix -  -  y  -  -  smtp 
relay  unix -  -  y  -  -  smtp 
#  -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 
showq  unix n  -  y  -  -  showq 
error  unix -  -  y  -  -  error 
retry  unix -  -  y  -  -  error 
discard unix -  -  y  -  -  discard 
local  unix -  n  n  -  -  local 
virtual unix -  n  n  -  -  virtual 
lmtp  unix -  -  y  -  -  lmtp 
anvil  unix -  -  y  -  1  anvil 
scache unix -  -  y  -  1  scache 
# 
# ==================================================================== 
# Interfaces to non-Postfix software. Be sure to examine the manual 
# pages of the non-Postfix software to find out what options it wants. 
# 
# Many of the following services use the Postfix pipe(8) delivery 
# agent. See the pipe(8) man page for information about ${recipient} 
# and other message envelope options. 
# ==================================================================== 
# 
# maildrop. See the Postfix MAILDROP_README file for details. 
# Also specify in main.cf: maildrop_destination_recipient_limit=1 
# 
maildrop unix -  n  n  -  -  pipe 
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} 
# 
# ==================================================================== 
# 
# Recent Cyrus versions can use the existing "lmtp" master.cf entry. 
# 
# Specify in cyrus.conf: 
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 
# 
# Specify in main.cf one or more of the following: 
# mailbox_transport = lmtp:inet:localhost 
# virtual_transport = lmtp:inet:localhost 
# 
# ==================================================================== 
# 
# Cyrus 2.1.5 (Amos Gouaux) 
# Also specify in main.cf: cyrus_destination_recipient_limit=1 
# 
#cyrus  unix -  n  n  -  -  pipe 
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} 
# 
# ==================================================================== 
# Old example of delivery via Cyrus. 
# 
#old-cyrus unix -  n  n  -  -  pipe 
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} 
# 
# ==================================================================== 
# 
# See the Postfix UUCP_README file for configuration details. 
# 
uucp  unix -  n  n  -  -  pipe 
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) 
# 
# Other external delivery methods. 
# 
ifmail unix -  n  n  -  -  pipe 
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) 
bsmtp  unix -  n  n  -  -  pipe 
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient 
scalemail-backend unix - n n - 2 pipe 
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} 
mailman unix -  n  n  -  -  pipe 
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py 
    ${nexthop} ${user}

Meine rohe main.cf-Datei:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU) 
biff = no 

# appending .domain is the MUA's job. 
append_dot_mydomain = no 

# Uncomment the next line to generate "delayed mail" warnings 
#delay_warning_time = 4h 

myhostname = mail.luckypizza.ro 
mydomain = luckypizza.ro 
myorigin = $mydomain 
mydestination = $myhostname localhost.$mydomain localhost $mydomain laiancu.ro 

alias_maps = hash:/etc/aliases 
alias_database = hash:/etc/aliases 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 
mynetworks_style = class 

mailbox_size_limit = 0 
home_mailbox = Maildir/ 

virtual_mailbox_domains = /etc/postfix/vhosts 
virtual_mailbox_base = /home/vmail 
virtual_mailbox_maps = hash:/etc/postfix/vmaps 
virtual_minimum_uid = 1000 
virtual_uid_maps = static:5000 
virtual_gid_maps = static:5000 

recipient_delimiter = + 

inet_interfaces = all 
inet_protocols = ipv4 

# TLS parameters 
smtpd_use_tls=yes 
smtpd_tls_auth_only = yes 
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.luckypizza.ro/fullchain.pem 
smtpd_tls_key_file = /etc/letsencrypt/live/mail.luckypizza.ro/privkey.pem 
smtp_tls_security_level = may 
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3 
smtpd_tls_protocols=!SSLv2,!SSLv3 
smtp_tls_protocols=!SSLv2,!SSLv3 

tls_preempt_cipherlist = yes 
smtpd_tls_mandatory_ciphers = high 
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_security_options = noplaintext,noanonymous 

smtpd_sasl_type = dovecot 
smtpd_sasl_path = private/auth 

smtpd_relay_restrictions = 
    permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_unauth_destination 

smtpd_recipient_restrictions = permit_sasl_authenticated

Was ich bisher versucht:

  • die smtpd_recipient_restrictions
  • Connect vom Client sowohl mit als auch ohne TLS
  • Ändern mydomain und/oder myhostname mit 'localhost'

Entfernen Ich denke Roundcube wegen der smtpd_relay_restrictions = permit_mynetworks Linie funktioniert, denn es ist los derselbe Host, sodass die externen Clients möglicherweise fehlschlagen, weil sie die permit_sasl_authenticated-Regel in smtpd_relay_restrictions nicht erfüllen. Allerdings verstehe ich nicht warum es nicht so ist.

Quelle

2017-12-05 Lucky

Antwort

0

Gelöst! Es ist wie das Problem sieht war auf dieser Linie:

smtpd_sasl_security_options = noplaintext,noanonymous

ich Dovecot bin mit der virtuellen Postfächer und deren Konfiguration erfordert plaintext Authentifizierung zu schaffen, so musste ich es ändern:

smtpd_sasl_security_options = noanonymous

(Die Deklaration kann auch vollständig aus der main.cf Datei entfernt werden, da noanonymous der Standardwert für diese Variable ist.

Quelle

2017-12-05 21:23:20 Lucky

Verwandte Themen

 Verwandte Themen