由于某些原因,我们有三个 MTA,即 MTA-A(IP:10.1.8.1)、MTA-B(IP:10.1.9.1)、MTA-C(IP:10.1.10.1):- MTA-A 是一个 MX 交换,仅负责本地投递;MTA-B 是一个 MTA,负责向所有子网中的各种服务器和服务投递外发邮件,而它只会将邮件转发给 MTA-C 进行实际投递。MTA-C 是一个负责实际投递并面向公众的 MTA。
因此,对于一般的外发电子邮件,路径将是:-
服务器 -> MTA-B -> MTA-C -> 互联网用户
对于内部电子邮件,路径为:-
服务器 -> MTA-B -> MTA-C -> MTA-A -> 内部用户
我发现,当我直接通过 telnet 连接到 MTA-C 25 端口时,我可以发送任何电子邮件,但是当我通过 telnet 连接到 MTA-B 发送电子邮件时,它会拒绝所有电子邮件,并且在 MTA-B 的 mail.log 中显示错误消息:-
Nov 1 18:14:27 MTA-B postfix/smtpd[6181]: NOQUEUE: reject: RCPT from server[10.1.8.166]: 550 5.1.1 <[email protected]>: Recipient address rejected: [10.1.10.1]; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<exampledomain.com>
当 MTA-B 出现错误时,MTA-C 中将不会记录任何消息。MTA-C 中 mail.log 的发送成功情况如下:-
Nov 3 15:27:02 MTA-C postfix/smtpd[71639]: disconnect from server.exampledomain.com[10.1.8.166]
Nov 3 15:27:02 MTA-C postfix/qmgr[71633]: 115B2184A70: from=<[email protected]>, size=1470, nrcpt=1 (queue active)
Nov 3 15:27:02 MTA-C postfix/smtp[71657]: 115B2184A70: to=<[email protected]>, relay=10.1.8.1[10.1.8.1]:25, delay=0.29, delays=0.01/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=200981] Queued mail for delivery)
Nov 3 15:27:02 MTA-C postfix/qmgr[71633]: 115B2184A70: removed
main.cf 如下:-
MTA-B 的 main.cf(IP:10.1.9.1)
biff = no
unknown_address_reject_code = 554
unknown_hostname_reject_code = 544
unknown_client_reject_code = 544
mailbox_size_limit = 0
inet_interfaces = all
mynetworks = 127.0.0.0/8, 10.1.8.0/24, 10.1.9.0/24, 10.1.10.0/24
mydomain = exampledomain.com
myhostname = MTA-B.$mydomain
myorigin = $myhostname
mydestination = $myhostname, localhost.localdomain.com, localhost.$mydomain, localhost
smtpd_banner = welcome
unknown_local_recipient_reject_code = 450
alias_maps = hash:/etc/postfix/maps/aliases
alias_database = hash:/etc/postfix/maps/aliases
transport_maps = hash:/etc/postfix/maps/transport
relayhost = [10.1.10.1]
receive_override_options = no_address_mappings
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_client_restrictions=
permit_mynetworks,
reject_invalid_hostname,
reject_unknown_client_hostname,
permit
smtpd_helo_restrictions=
permit_mynetworks,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_unknown_hostname,
reject_unknown_helo_hostname,
reject_invalid_hostname,
permit
smtpd_sender_restrictions=
permit_mynetworks,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions=
permit_mynetworks,
reject_unauth_piplining,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_multi_recipient_bounce,
permit
smtpd_data_restrictions=
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
MTA-C 的 main.cf(IP:10.1.10.1)
mailbox_size_limit = 0
mydomain_fallback = localhost
message_size_limit = 0
biff = no
recipient_delimiter = +
enable_server_options = yes
inet_interfaces = all
relayhost =
smtpd_helo_restrictions =
header_checks =
virus_db_update_enabled = 1
myhostname = MTA-C.$mydomain
mydomain = exampledomain.com
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 10.1.8.0/24, 10.1.9.0/24, 10.1.10.0/24, 127.0.0.0/8
smtpd_banner = welcome
unknown_local_recipient_reject_code = 450
alias_maps = hash:/etc/postfix/maps/aliases
alias_database = hash:/etc/postfix/maps/aliases
receive_override_options = no_address_mappings
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/maps/transport
smtpd_client_restrictions=
permit_mynetworks,
reject_unknown_client_hostname,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_helo_restrictions=
permit_mynetworks,
reject_unauth_pipelining,
permit
smtpd_sender_restrictions=
permit_mynetworks,
reject_unauth_pipelining,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions=
permit_mynetworks,
reject_unauth_pipelining,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_multi_recipient_bounce,
permit
smtpd_data_restrictions=
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_tls_loglevel = 0
根据上述配置文件,两个文件均已设置 permit_mynetworks,因此我想知道为什么当我通过 MTA-B 发送时会出现错误,但当我直接通过 MTA-C 发送时却可以成功发送电子邮件。
对于 MTA-B,postconf -n
alias_database = hash:/etc/postfix/maps/aliases
alias_maps = hash:/etc/postfix/maps/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_transport = error
disable_vrfy_command = yes
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.localdomain.com, localhost.$mydomain, localhost
mydomain = exampledomain.com
myhostname = MTA-B.$mydomain
mynetworks = 127.0.0.0/8, 10.1.8.0/24, 10.1.9.0/24, 10.1.10.0/24
myorigin = /etc/mailname
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_transport = error
relayhost = [10.1.10.1]
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = welcome
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/maps/client_access, reject_invalid_hostname, reject_unknown_client_hostname, permit
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_hostname, reject_unknown_hostname, reject_unknown_helo_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/maps/client_access, check_recipient_access hash:/etc/postfix/maps/catchall_recipients, reject_unauth_piplining, reject_unauth_destination, reject_unknown_recipient_domain, reject_multi_recipient_bounce, permit
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/maps/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 544
unknown_hostname_reject_code = 544
unknown_local_recipient_reject_code = 450
顺便说一句,MTA-B 是 ubuntu 8.04,MTA-C 是 MAC Snow Leopard Server,而它们都只是使用 postfix。无论如何,我尝试用另一个设备 MTA(ironport)替换 MTA-C,这将允许来自内部网络的任何电子邮件通过,但仍然遇到相同的错误。因此,我猜问题主要出在 MTA-B 上。
答案1
根据您提供的配置,该错误信息无法解释。