Postfix:中继访问被拒绝

Postfix:中继访问被拒绝

我的 SMTP 服务从未正常工作过,现在我准备再试一次。

该服务器是 FreeBSD 8.1-RELEASE-p1,postfix 是作为 Webmin/Virtualmin install.sh 的一部分安装的

我读过了Postfix 虚拟域名托管指南,但却无法将各个部分组合在一起。

# postconf -n
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = caesar.wulffit.dk, localhost.wulffit.dk, localhost, wulffit.dk, mail.wulffit.dk
mydomain = wulffit.dk
myhostname = caesar.wulffit.dk
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

这是我最近尝试发送电子邮件的邮件日志输出。

# tail -n 1000 /var/log/maillog | grep 194.255.38.237
Jan 19 18:33:30 caesar dovecot: imap-login: Login: user=<philip-espersen>, method=PLAIN, rip=194.255.38.237, lip=194.255.38.233, TLS
Jan 19 18:33:47 caesar postfix/smtpd[63803]: warning: 194.255.38.237: address not listed for hostname dominos.dk
Jan 19 18:33:47 caesar postfix/smtpd[63803]: connect from unknown[194.255.38.237]
Jan 19 18:33:47 caesar postfix/smtpd[63803]: 86DA2DA80C: client=unknown[194.255.38.237]
Jan 19 18:33:47 caesar postfix/smtpd[63803]: disconnect from unknown[194.255.38.237]
Jan 19 18:33:48 caesar postfix/smtp[63815]: 97199DA85F: to=<[email protected]>, relay=mail.dominos.dk[194.255.38.237]:25, delay=0.96, delays=0/0.01/0.01/0.94, dsn=2.6.0, status=sent (250 2.6.0  <[email protected]> Queued mail for delivery)
Jan 19 18:34:02 caesar postfix/smtpd[63803]: warning: 194.255.38.237: address not listed for hostname dominos.dk
Jan 19 18:34:02 caesar postfix/smtpd[63803]: connect from unknown[194.255.38.237]
Jan 19 18:34:02 caesar postfix/smtpd[63803]: NOQUEUE: reject: RCPT from unknown[194.255.38.237]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<[127.0.0.1]>
Jan 19 18:34:07 caesar postfix/smtpd[63803]: disconnect from unknown[194.255.38.237]
Jan 19 18:34:21 caesar postfix/smtpd[63803]: warning: 194.255.38.237: address not listed for hostname dominos.dk
Jan 19 18:34:21 caesar postfix/smtpd[63803]: connect from unknown[194.255.38.237]
Jan 19 18:34:21 caesar postfix/smtpd[63803]: 25FABDA80C: client=unknown[194.255.38.237]
Jan 19 18:34:21 caesar postfix/smtpd[63803]: disconnect from unknown[194.255.38.237]
Jan 19 18:38:20 caesar postfix/anvil[63805]: statistics: max connection rate 3/60s for (smtp:194.255.38.237) at Jan 19 18:34:21
Jan 19 18:38:20 caesar postfix/anvil[63805]: statistics: max connection count 1 for (smtp:194.255.38.237) at Jan 19 18:33:47
Jan 19 18:47:46 caesar postfix/smtpd[64139]: warning: 194.255.38.237: address not listed for hostname dominos.dk
Jan 19 18:47:46 caesar postfix/smtpd[64139]: connect from unknown[194.255.38.237]
Jan 19 18:47:46 caesar postfix/smtpd[64139]: NOQUEUE: reject: RCPT from unknown[194.255.38.237]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<[127.0.0.1]>
Jan 19 18:47:47 caesar postfix/smtpd[64139]: disconnect from unknown[194.255.38.237]

/usr/local/lib/sasl2/smtpd.conf

# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

答案1

那么,您在这里想做什么,在服务器上保存 dominos.dk 的邮件,还是使用该服务器中继该域用户的邮件?

如果这是 dominos.dk 的目标服务器,您需要将其添加到 mydestinations,否则,如果您想允许经过身份验证的用户进行中继,只需正确配置 cyrus-sasl 即可

答案2

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

因此,您已设置为允许 SASL 身份验证用户或属于“mynetworks”的用户。您的配置列出了

mynetworks_style = host

这意味着未经身份验证时只允许本地主机。如果您知道中继流量的来源,则可以定义

mynetworks = 127.0.0.0/8 x.x.x.x/x

其中x.x.x.x/x等于中继器的子网(例如192.168.1.0/24)。

对于身份验证,您需要安装 Dovecot SASL 或 Cyrus SASL 并将其内置到 Postfix 中。您可以使用 检查它们是否可用postconf -a。使用哪个由您决定,但请确保您要用于用户/密码数据库的后端(例如 LDAP、*SQL 等)可用于 SASL 实现。

有关配置的更多详细信息请参见此处:http://www.postfix.org/SASL_README.html

答案3

问题解决了。

这一切都归结于 postfix/main.cf 中的 saslauth 配置不正确

# postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = caesar.wulffit.dk, localhost.wulffit.dk, localhost, wulffit.dk, mail.wulffit.dk
mydomain = wulffit.dk
myhostname = caesar.wulffit.dk
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

这些线是最重要的

virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_sasl_path = /var/run/dovecot/auth-client
broken_sasl_auth_clients = yes

/usr/local/etc/dovecot.conf我也对添加用户和组进行了更改授权默认值部分

auth default {  
  socket listen {
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  } 
  mechanisms = plain login
}

不知道这是否重要,但我确实这么做了# touch /usr/local/etc/saslauthd.conf

重启 dovecot 和 postfix

# /usr/local/etc/rc.d/dovecot restart
# /usr/local/etc/rc.d/postfix restart

在今天之前,我可能已经做了很多其他的事情。有些事情可能让我走上了正确的道路,有些事情却让我走上了错误的道路。无论如何,现在一切都正常了 :)

相关内容