Postfix 拒绝寻找新用户

Postfix 拒绝寻找新用户

我最近向 LDAP 目录添加了一个新用户帐户。但不知何故,Postfix 在发送电子邮件时拒绝找到该用户。
帐户登录在任何地方都适用。我们的邮件服务器是一个拥有自己的 LDAP 的专用服务器,但这只是主 LDAP 的镜像。它看起来不像 LDAP 的错误。电子邮件目录已创建,并且条目确实正确显示在 LDAP 目录中。但登录时用户只会收到“未选择邮箱”的消息(Webmailer 是 SOGo)。但这还不够,当尝试向该用户发送电子邮件时,无论是来自 SOGo 还是其他客户,它都不起作用。
日志说

Apr 30 12:03:14 mail postfix/smtpd[1355]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <[email protected](opens in new tab)>: Recipient address rejected: User unknown in local recipient table; from=<[email protected](opens in new tab)> to=<[email protected](opens in new tab)> proto=ESMTP helo=<localhost>

通过将行“local_recipient_maps =”添加到后缀 main.cfg 来禁用本地收件人表时,错误将更改为

Mai 02 12:59:04 mail postfix/local[8909]: 1EA11100379: to=<[email protected](opens in new tab)>, relay=local, delay=0.22, delays=0.13/0.01/0/0.08, dsn=5.1.1, status=bounced (unknown user: "user")

我想不出任何解决该问题的方法。由于配置错误,我只能在哪里找到有关该主题的唯一讨论。但重点是,配置已经很长一段时间没有发生任何变化了。唯一发生变化的是收到更新的软件包。据我所知,该新用户是目前唯一有问题的用户。

关于我们的设置:
Debian 10.4 运行 SOGo 4 的夜间版本、postfix 3.4、slapd 2.4.47 和 dovecot 2.3.4.1 以及鸽子洞 0.5.4。

后缀配置:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/mail.domain.de.cert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.domain.de.private.pem
smtp_tls_CAfile = /etc/ssl/certs/CA.crt
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNull, MD5
tls_high_cipherlist=!EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:!CAMELLIA256:+AES256:!CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!CAMELLIA256-SHA:AES256-SHA:!CAMELLIA128-SHA:AES128-SHA
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.domain.de
alias_maps = hash:/etc/aliases
virtual_alias_maps = mysql:/etc/postfix/mysql-forwards.cf
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.de, mail.domain.de
relayhost = smarthost.maindomain.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
message_size_limit = 67108864
mailbox_command = /usr/lib/dovecot/deliver -d $USER
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
# Mailman config
relay_domains = lists.domain.de
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
# disable VRFY and EXPN command as per ITC recommendation
disable_vrfy_command = yes
# Older configurations combine relay control and spam control. To
# use this with Postfix ≥ 2.10 specify "smtpd_relay_restrictions=".
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# Configuration for rspamd
smtpd_milters=inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept

PS:如果 postfix 配置看起来很奇怪,那么我们的邮件服务器没有直接连接到互联网。我们通过组织网络从组织中央服务器获取电子邮件。

答案1

好的,我现在发现了(非常奇怪的)错误。用户身份验证由 pam 通过 LDAP 完成。由于某种原因 nslcd 拒绝从本地 LDAP 获取最新用户。直接搜索 LDAP 显示了预期的所有内容,但id username对于最新用户,只是返回“找不到用户”。我检查了几次配置,并将其与我们的桌面 Linux 机器的配置进行了比较。唯一的区别是桌面计算机运行的是 Debian 11 测试版而不是 10 稳定版,并且它使用了主 LDAP。
我通过将邮件服务器上的 nslcd 设置为主 LDAP,然后设置回本地 LDAP 目录来修复该错误。现在,即使使用 ,它也能找到新用户id username,向他们发送电子邮件也没有问题。非常奇怪的错误,但最终很容易修复

相关内容