我一直在关注这个教程:http://flurdy.com/docs/postfix/index.html
出于某种原因,即使我确保设置正确,它也不会向外部域发送任何邮件。它仍然可以从外部域接收邮件,但发送结果如下:
postfix/smtpd[26338]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<domain.com>
我已启用 TLS 和 amavis。禁用其中一个(或两个)不会改变任何内容。我也可以发送到我自己的域,并且它会正确到达。
这是我的 /etc/postfix/main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myorigin = domain.com
masquerade_domains = mail.domain.com
masquerade_exceptions = root
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/postfix/postfix.cert
smtpd_tls_key_file=/etc/postfix/postfix.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = mail.domain.com
mydestination = domain.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
local_recipient_maps =
mydestination =
delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximum_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 32
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit_sasl_authenticated, permit
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_unauth_destination, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
content_filter = amavis:[127.0.0.1]:10024
# SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = domain.com
答案1
reject_unauth_destination
从......中去除smtpd_client_restrictions
。
编辑
您正在使用邮件传输协议发送电子邮件,因此即使您是从 连接,postfix
仍会使用全部。这些将应用于以下方面smtpd_*_restrictions
127.0.0.1
smtpd_*_restrictions
命令:客户端、helo、发送方、接收方、数据或数据结束。reject_unauth_destination
拒绝任何邮件,除非域名回执单匹配$mydestionation
或$relay_domains
。在你的情况下,当reject_unauth_destination
在中使用时smtpd_client_restrictions
,首先检查,你的邮件几乎立即(在检查两个 RBL 后)被拒绝,因为你postfix
显然不是 gmail.com 的最终目的地,并且所有允许从本地或经过身份验证的客户端(permit_mynetworks
,permit_sasl_authenticated
)中继邮件的规则都是跳过因为您已经收到了 REJECT smtpd_client_restrictions
。
答案2
谢谢,我整理了所有 smtpd_client_restrictions,我的配置成功了
这是一个应该起作用的配置:
smtpd_recipient_restrictions =
check_policy_service unix:/var/spool/postfix/postgrey/socket,
reject_rbl_client xbl.spamhaus.org,
reject_rbl_client pbl.spamhaus.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client multi.uribl.com,
reject_rbl_client rbl-plus.mail-abuse.org,
reject_rbl_client dialups.mail-abuse.org,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain
排序很重要。
答案3
我遇到了类似的问题,这救了我:
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
答案4
您必须配置您的服务器以进行中继。
尝试为选项relayhost添加一个外部smtp主机:
postconf -e 'relayhost = smtp.example.com'