主文件:

主文件:

我有一个新安装的 Debian 8 服务器,用于替换在 Debian Lenny 上运行的旧 postfix 服务器。我已根据需要在新服务器上安装并重新配置了以下较新的软件包:

  • 后缀 2.11.3-1
  • dovecot 2.2.13-12~deb8u1
  • amavisd-new 2.10.1-2~deb8u1
  • spamassasin 3.4.0-6
  • clamav 0.99.2+dfsg-0+deb8u2
  • dkimproxy 1.4.1-3

我能够使用 Thunderbird 和 Squirrelmail 在本地用户之间发送和接收邮件。我还可以使用这两个邮件客户端向外部用户发送邮件。

我无法从服务器本身向任何用户(包括本地用户)发送报告。这不仅影响控制台程序“邮件”,还影响通过 cron 作业中调用的脚本发送的每日报告。尝试使用“邮件”或通过脚本文件尝试发送到本地帐户会导致:

status=deferred (delivery temporarily suspended: host 127.0.0.1[127.0.0.1] refused to talk to me: 421 Internal error (Next hop is down))

主文件:

mailbox_size_limit = 0
message_size_limit = 30000000

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = host.domain.com

myorigin = $mydomain

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

virtual_alias_maps = hash:/etc/postfix/virtual

mynetworks = 10.0.0.0/8, 127.0.0.0/8

relay_domains =

virtual_alias_domains = 

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

content_filter = smtp-amavis:[127.0.0.1]:10028
smtp-amavis_destination_concurrency_limit = 20

smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = no

header_checks = regexp:/etc/postfix/header_checks.regexp
nested_header_checks =

smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
        reject_unlisted_recipient,
        check_client_access    hash:/etc/postfix/GEN000_override,
        check_client_access  regexp:/etc/postfix/fqrdns.regexp,
        check_helo_access      hash:/etc/postfix/access,
        check_helo_access    regexp:/etc/postfix/helo_blacklist.regexp,
        check_sender_access    hash:/etc/postfix/blacklist,
        check_sender_access  regexp:/etc/postfix/sender_blacklist.regexp,
        check_sender_mx_access cidr:/etc/postfix/mx_access.txt,
        check_sender_access    hash:/etc/postfix/bdwl
        check_client_access    hash:/etc/postfix/broken_helos,
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        check_sender_access regexp:/etc/postfix/filter_10026_catchall,
        permit_mynetworks,
        reject_non_fqdn_hostname,
        reject_non_fqdn_recipient,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/restricted,
        reject_unknown_client,
        reject_unknown_hostname,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,

smtpd_data_restrictions =
        reject_unauth_pipelining

debug_peer_level = 2

debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.1.5/samples

readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
inet_protocols = ipv4

master.cf:

smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
        -o content_filter=dkimsign:127.0.0.1:10026
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

scache    unix  -       -       n       -       1       scache
discard   unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000    1       tlsmgr

smtp-amavis unix -      -       n     -       2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       n     -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

submission  inet  n     -       n       -       -       smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=yes
    -o content_filter=dkimsign:[127.0.0.1]:10027
    -o receive_override_options=no_address_mappings
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
    -o smtpd_client_restrictions=permit_mynetworks,reject

dkimsign    unix  -       -       n       -       10       smtp
    -o smtp_send_xforward_command=yes
    -o smtp_discard_ehlo_keywords=8bitmime,starttls

127.0.0.1:10028 inet  n  -      n       -       10      smtpd
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

我通过反复试验确定的是,在 master.cf 中禁用此内容过滤器...

pickup    fifo  n       -       n       60      1       pickup
        -o content_filter=dkimsign:127.0.0.1:10026

...允许处理通过“邮件”或 cron 作业发送的邮件。但是,如果在原始 postfix (2.5.5-1.1+lenny1) 服务器上启用该行,则不存在此问题。由于继承了旧服务器,我并不完全了解该行的作用,但旧服务器已经运行多年,所以我不想盲目地删除该行,因为我不知道在此过程中可能会破坏什么。

以下是 netstat -tapn 的一些输出,显示服务器正在监听端口 10026:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1/init
tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      4404/postgrey.pid -
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      4731/amavisd-new (m
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      4699/master
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      4385/mysqld
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      4424/perl
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      4699/master
tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN      4442/perl
tcp        0      0 127.0.0.1:10028         0.0.0.0:*               LISTEN      4699/master
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      3205/rpcbind

以下是原始全功能服务器的相同内容:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:60000         0.0.0.0:*               LISTEN      3649/postgrey.pid -
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      4254/dovecot
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      3504/amavisd (maste
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      4186/master
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      4098/perl
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      3573/mysqld
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      4186/master
tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN      4106/perl
tcp        0      0 127.0.0.1:10028         0.0.0.0:*               LISTEN      4186/master
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      4146/inetd
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      4254/dovecot

除 postgrey 端口外,我已确保所有 100xx 端口都与两个服务器上的功能匹配。

目前我不知道该去哪里找。如果可以的话请帮忙!

答案1

我找到答案了!原来,之前的管理员忘记在 master.cf 中添加一个部分来指示在 dkimproxy_in.conf 文件中指定的中继端口:

# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10026

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10029

将本节添加到 master.cf 可以解决问题:

127.0.0.1:10029 inet  n  -      n       -       10      smtpd
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

显然,在 lenny 上运行的原始系统以某种方式容忍了这种遗漏,而不会引起任何问题或以任何方式抱怨。

感谢那些花时间阅读和/或回复的人!

答案2

这似乎是一个没有解决方案的问题。

在您的“main.cf”中更改以下内容,然后让我知道它是否对您有用,在您的立场上,我会一次尝试一个解决方案,以查看哪一个实际导致了错误,(但如果大声思考)我认为所有这些都应该改变。

1.

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

改成:

mydestination = $myhostname, $mydomain, localhost.localdomain, localhost

2.

mynetworks = 10.0.0.0/8, 127.0.0.0/8

改成:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

3. 添加:

inet_interfaces = all

4. 添加:

relayhost = [127.0.0.0]

RelayHost 定义:

中继主机(默认:空)

非本地邮件的下一跳目的地;覆盖收件人地址中的非本地域。此信息由relay_transport、sender_dependent_default_transport_maps、default_transport、sender_dependent_relayhost_maps和transport(5)表决定。

在内联网上,指定组织域名。如果您的内部 DNS 不使用 MX 记录,请改为指定内联网网关主机的名称。

对于 SMTP,请指定域名、主机名、主机名:端口、[主机名]:端口、[主机地址] 或 [主机地址]:端口。格式 [主机名] 会关闭 MX 查找。

如果您通过 UUCP 连接,请参阅 UUCP_README 文件获取有用信息。

例子:

relayhost = $mydomain

relayhost = [gateway.example.com]

relayhost = uucphost

relayhost = [an.ip.add.ress]

在查看了中继主机示例后,我几乎想提供如下解决方案:

relayhost = mynetworks

相关内容