我遇到了一个非常棘手的问题:
我有一台 Postfix 2.6.6 / CentOS 6 服务器,它被设置为将邮件从特定别名转发到特定目的地。这是通过 mysqlvirtual_alias_maps表完成的,因为别名/目的地是由基于 Web 的前端生成的。
问题是有时以及没有明显原因Postfix 并不会在 virtual_alias_maps 中查找,并为某些别名提供“中继访问被拒绝”状态。
我无法将其归咎于配置或数据库问题,因为在交付失败期间:
- 我能
postmap -q [email protected] mysql:/etc/postfix/mysql_virtual_alias_maps.cftelnet成功了,即使在该命令之前和之后,当我进入 SMTP 服务器时,同一地址也收到“中继访问被拒绝”的信息。 - 查看 mysql 常规查询日志,我看到了对传输图和虚拟别名域的查询,但是不是虚拟别名映射。
- 新地址添加到 virtual_alias_maps mysql 表后,做工作。
postfix reload重新启动也无法解决问题;它似乎在任意时间自行解决,并且其间的日志中没有任何明显信息。
真正让我抓狂的是,当我找到几个不起作用的地址的例子时,我可以同时找到很多起作用的地址。
在所有情况下,地址都是 @mydomain.com 并且可以使用 成功查找postmap -q。
我在任何日志 (mysql/postfix/syslog) 中都没有看到任何故障。看来 Postfix 只是跳过了虚拟别名映射的查找。
Postfix 调试日志(失败案例):
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: < debug_peer.something.com[64.34.10.20]: rcpt to:[email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: extract_addr: input: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: smtpd_check_addr: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr request = rewrite
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr rule = local
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr address = [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: 0
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: address
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: address
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: (list terminator)
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: (end)
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: rewrite_clnt: local: [email protected] -> [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr request = resolve
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr sender =
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr address = [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: 0
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: transport
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: transport
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: smtp
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: nexthop
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: nexthop
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: mydomain.com
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: recipient
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: recipient
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: 4096
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: (list terminator)
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: (end)
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: resolve_clnt: `' -> `[email protected]' -> transp=`smtp' host=`mydomain.com' rcpt=`[email protected]' flags= class=default
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: ctable_locate: install entry key [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: extract_addr: in: [email protected], result: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr request = rewrite
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr rule = local
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: send attr address = double-bounce
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: flags
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: 0
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: address
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: address
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute value: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: private/rewrite socket: wanted attribute: (list terminator)
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: input attribute name: (end)
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: rewrite_clnt: local: double-bounce -> [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: >>> START Recipient address RESTRICTIONS <<<
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: generic_checks: name=permit_mynetworks
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: permit_mynetworks: debug_peer.something.com 64.34.10.20
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: match_hostname: debug_peer.something.com ~? 127.0.0.0/8
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: match_hostaddr: 64.34.10.20 ~? 127.0.0.0/8
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: match_list_match: debug_peer.something.com: no match
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: match_list_match: 64.34.10.20: no match
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: generic_checks: name=permit_mynetworks status=0
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: generic_checks: name=reject_unauth_destination
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: reject_unauth_destination: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: permit_auth_destination: [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: ctable_locate: leave existing entry key [email protected]
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: NOQUEUE: reject: RCPT from debug_peer.something.com[64.34.10.20]: 450 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<fuack>
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: generic_checks: name=reject_unauth_destination status=2
May 28 16:37:39 ext-node01 postfix/smtpd[28115]: > debug_peer.something.com[64.34.10.20]: 450 4.7.1 <[email protected]>: Relay access denied
Postfix 调试日志(成功案例)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: < debug_peer.something.com[64.34.10.20]: rcpt to:[email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: extract_addr: input: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: smtpd_check_addr: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: send attr request = rewrite
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: send attr rule = local
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: send attr address = [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: flags
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: flags
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: 0
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: address
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: address
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: (list terminator)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: (end)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: rewrite_clnt: local: [email protected] -> [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: send attr request = resolve
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: send attr sender =
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: send attr address = [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: flags
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: flags
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: 0
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: transport
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: transport
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: error
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: nexthop
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: nexthop
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: User unknown in virtual alias table
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: recipient
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: recipient
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: flags
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: flags
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute value: 512
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: private/rewrite socket: wanted attribute: (list terminator)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: input attribute name: (end)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: resolve_clnt: `' -> `[email protected]' -> transp=`error' host=`User unknown in virtual alias table' rcpt=`[email protected]' flags= class=alias
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: ctable_locate: install entry key [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: extract_addr: in: [email protected], result: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: >>> START Recipient address RESTRICTIONS <<<
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: generic_checks: name=permit_mynetworks
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: permit_mynetworks: debug_peer.something.com 64.34.10.20
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_hostname: debug_peer.something.com ~? 127.0.0.0/8
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_hostaddr: 64.34.10.20 ~? 127.0.0.0/8
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_list_match: debug_peer.something.com: no match
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_list_match: 64.34.10.20: no match
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: generic_checks: name=permit_mynetworks status=0
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: generic_checks: name=reject_unauth_destination
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: reject_unauth_destination: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: permit_auth_destination: [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: ctable_locate: leave existing entry key [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: generic_checks: name=reject_unauth_destination status=0
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: >>> END Recipient address RESTRICTIONS <<<
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: >>> CHECKING RECIPIENT MAPS <<<
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: ctable_locate: leave existing entry key [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: maps_find: recipient_canonical_maps: [email protected]: not found
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_string: mydomain.com ~? mx01.mail.myhosting.net
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_list_match: mydomain.com: no match
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: maps_find: recipient_canonical_maps: @mydomain.com: not found
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: mail_addr_find: [email protected] -> (not found)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: maps_find: canonical_maps: [email protected]: not found
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_string: mydomain.com ~? mx01.mail.myhosting.net
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: match_list_match: mydomain.com: no match
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: maps_find: canonical_maps: @mydomain.com: not found
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: mail_addr_find: [email protected] -> (not found)
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: dict_mysql_get_active: attempting to connect to host 127.0.0.1
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: dict_mysql: successful connection to host 127.0.0.1
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: dict_mysql: successful query from host 127.0.0.1
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: dict_mysql_lookup: retrieved 1 rows
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: maps_find: virtual_alias_maps: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): [email protected] = [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: mail_addr_find: [email protected] -> [email protected]
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: smtpd_check_rewrite: trying: permit_inet_interfaces
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: permit_inet_interfaces: debug_peer.something.com 64.34.10.20
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping enable_milters
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping
May 28 17:14:20 ext-node01 postfix/smtpd[31233]: connect to subsystem public/cleanup
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: public/cleanup socket: wanted attribute: queue_id
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: input attribute name: queue_id
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: input attribute value: 012DCF8003F
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: public/cleanup socket: wanted attribute: (list terminator)
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: input attribute name: (end)
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: send attr flags = 178
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: 012DCF8003F: client=debug_peer.something.com[64.34.10.20]
May 28 17:14:21 ext-node01 postfix/smtpd[31233]: > debug_peer.something.com[64.34.10.20]: 250 2.1.5 Ok
请注意,这些日志片段上的时间戳相隔约 37 分钟。在那段时间里,我正在仔细查看日志,不是进行配置更改。
再次,在两个日志片段的前后紧接着:
postmap -q [email protected] mysql:/etc/postfix/mysql_virtual_alias_maps.cf
[email protected]
服务器负载较低。大概每 2-3 个 SMTP 会话分钟。
除了我自己的测试之外,我还在有效收件人和有效发件人的日志中看到了同样的行为,其中中继访问将被拒绝几次(因为上游 SMTP 服务器重试传递),然后突然成功而不需要我的干预。
我将拒绝状态设置为软故障(4xx)作为临时措施,以便其他 SMTP 服务器会随着时间的推移重试。
我还设置了一个 cron 作业,每五分钟执行一次postfix reload,但在实际中仍然观察到这没有帮助。
欢迎提出任何关于下一步该去哪里的建议。谢谢!
编辑: 输出postconf -n:
access_map_reject_code = 450
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debug_peer_list = 64.34.10.20
html_directory = no
inet_interfaces = localhost, 192.168.1.1 //SANITIZED IP
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_reject_code = 450
mydestination = mx01.mail.myhosting.net //SANITIZED HOST
myhostname = mx01.mail.myhosting.net //SANITIZED HOST
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
reject_code = 450
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
relay_domains_reject_code = 450
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_host_lookup = native
smtpd_client_connection_count_limit = 10
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_soft_error_limit = 10
transport_maps = mysql:/etc/postfix/mysql_transport_maps.cf
unknown_local_recipient_reject_code = 450
unknown_relay_recipient_reject_code = 450
unknown_virtual_alias_reject_code = 450
unknown_virtual_mailbox_reject_code = 450
virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
答案1
我遇到了非常类似的问题(一些别名停止工作),导致
NOQUEUE:拒绝:... 收件人地址被拒绝:虚拟邮箱表中的用户未知;
我尝试重新加载,然后重新启动 postfix;重新启动 MySQL 等。这些都没有效果。
最后我删除了虚拟别名的数据库条目并重新添加它(在 mysql 中),这解决了问题。postfix 上没有任何变化。
这不是一个令人满意的答案,因为我不知道它为什么有效。但是,如果它对你有用,它看起来比 cron、重启等更简洁。