我最近向 LDAP 目录添加了一个新用户帐户。但不知何故,Postfix 在发送电子邮件时拒绝找到该用户。
帐户登录在任何地方都适用。我们的邮件服务器是一个拥有自己的 LDAP 的专用服务器,但这只是主 LDAP 的镜像。它看起来不像 LDAP 的错误。电子邮件目录已创建,并且条目确实正确显示在 LDAP 目录中。但登录时用户只会收到“未选择邮箱”的消息(Webmailer 是 SOGo)。但这还不够,当尝试向该用户发送电子邮件时,无论是来自 SOGo 还是其他客户,它都不起作用。
日志说
Apr 30 12:03:14 mail postfix/smtpd[1355]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <[email protected](opens in new tab)>: Recipient address rejected: User unknown in local recipient table; from=<[email protected](opens in new tab)> to=<[email protected](opens in new tab)> proto=ESMTP helo=<localhost>
通过将行“local_recipient_maps =”添加到后缀 main.cfg 来禁用本地收件人表时,错误将更改为
Mai 02 12:59:04 mail postfix/local[8909]: 1EA11100379: to=<[email protected](opens in new tab)>, relay=local, delay=0.22, delays=0.13/0.01/0/0.08, dsn=5.1.1, status=bounced (unknown user: "user")
我想不出任何解决该问题的方法。由于配置错误,我只能在哪里找到有关该主题的唯一讨论。但重点是,配置已经很长一段时间没有发生任何变化了。唯一发生变化的是收到更新的软件包。据我所知,该新用户是目前唯一有问题的用户。
关于我们的设置:
Debian 10.4 运行 SOGo 4 的夜间版本、postfix 3.4、slapd 2.4.47 和 dovecot 2.3.4.1 以及鸽子洞 0.5.4。
后缀配置:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/mail.domain.de.cert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.domain.de.private.pem
smtp_tls_CAfile = /etc/ssl/certs/CA.crt
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNull, MD5
tls_high_cipherlist=!EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:!CAMELLIA256:+AES256:!CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!CAMELLIA256-SHA:AES256-SHA:!CAMELLIA128-SHA:AES128-SHA
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.domain.de
alias_maps = hash:/etc/aliases
virtual_alias_maps = mysql:/etc/postfix/mysql-forwards.cf
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.de, mail.domain.de
relayhost = smarthost.maindomain.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
message_size_limit = 67108864
mailbox_command = /usr/lib/dovecot/deliver -d $USER
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
# Mailman config
relay_domains = lists.domain.de
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
# disable VRFY and EXPN command as per ITC recommendation
disable_vrfy_command = yes
# Older configurations combine relay control and spam control. To
# use this with Postfix ≥ 2.10 specify "smtpd_relay_restrictions=".
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# Configuration for rspamd
smtpd_milters=inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
PS:如果 postfix 配置看起来很奇怪,那么我们的邮件服务器没有直接连接到互联网。我们通过组织网络从组织中央服务器获取电子邮件。
答案1
好的,我现在发现了(非常奇怪的)错误。用户身份验证由 pam 通过 LDAP 完成。由于某种原因 nslcd 拒绝从本地 LDAP 获取最新用户。直接搜索 LDAP 显示了预期的所有内容,但id username
对于最新用户,只是返回“找不到用户”。我检查了几次配置,并将其与我们的桌面 Linux 机器的配置进行了比较。唯一的区别是桌面计算机运行的是 Debian 11 测试版而不是 10 稳定版,并且它使用了主 LDAP。
我通过将邮件服务器上的 nslcd 设置为主 LDAP,然后设置回本地 LDAP 目录来修复该错误。现在,即使使用 ,它也能找到新用户id username
,向他们发送电子邮件也没有问题。非常奇怪的错误,但最终很容易修复