Ubuntu Postfix:邮件循环返回到我自己,主机使用我自己的主机名向我打招呼

Ubuntu Postfix:邮件循环返回到我自己,主机使用我自己的主机名向我打招呼

我的主要.cf:

smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    permit
myhostname = mail.neonnuke.tech
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, localhost.neonnuke.tech, mail.neonnuke.tech
relayhost =
mynetworks = 127.0.0.0/8 192.168.0.0/24 209.85.220.0/24 209.85.216.0/24 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes 
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_helo_hostname,
    permit
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_client_hostname,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    permit
smtpd_sender_restrictions =
    reject_unknown_sender_domain,
    reject_sender_login_mismatch
 smtpd_sender_login_maps = $virtual_mailbox_maps
unknown_address_reject_code = 550 
unknown_hostname_reject_code = 550
unknown_client_reject_code = 550
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/private/ssl-chain-mail-yourdomain.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-key-decrypted-mail-yourdomain.key
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_ciphers = high
smptd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
canonical_maps =  hash:/etc/postfix/canonical
message_size_limit = 104857600
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains =  hash:/etc/postfix/virtual-mailbox-domains
virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
relay_destination_concurrency_limit = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
milter_default_action = accept
milter_connect_macros = j {daemon_name} v {if_name} _
non_smtpd_milters = $smtpd_milters
smtpd_milters = unix:/spamass/spamass.sock unix:/clamav/clamav-milter.ctl unix:/opendkim/opendkim.sock
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_access_list = permit_mynetworks
postscreen_dnsbl_sites = zen.spamhaus.org, b.barracudacentral.org,bl.spamcop.net
virtual_maps = hash:/etc/postfix/virtusertable

我的邮件日志:

Jan  1 20:38:48 ubuntu-standard postfix/postscreen[18881]: CONNECT from [86.6.181.24]:38535 to [192.168.0.13]:25
Jan  1 20:38:48 ubuntu-standard postfix/dnsblog[18883]: addr 86.6.181.24 listed by domain zen.spamhaus.org as 127.0.0.11
Jan  1 20:38:49 ubuntu-standard postfix/postscreen[18881]: DNSBL rank 1 for [86.6.181.24]:38535
Jan  1 20:38:49 ubuntu-standard postfix/smtp[18879]: warning: host mail.neonnuke.tech[86.6.181.24]:25 greeted me with my own hostname mail.neonnuke.tech
Jan  1 20:38:49 ubuntu-standard postfix/smtp[18879]: warning: host mail.neonnuke.tech[86.6.181.24]:25 replied to HELO/EHLO with my own hostname mail.neonnuke.tech
Jan  1 20:38:49 ubuntu-standard postfix/smtp[18879]: B6E7741DEF: to=<[email protected]>, relay=mail.neonnuke.tech[86.6.181.24]:25, delay=0.61, delays=0.02/0/0.59/0, dsn=5.4.6, status=bounced (mail for neonnuke.tech loops back to myself)
Jan  1 20:38:49 ubuntu-standard postfix/postscreen[18881]: DISCONNECT [86.6.181.24]:38535
Jan  1 20:38:49 ubuntu-standard postfix/qmgr[18439]: B6E7741DEF: removed

即使我将我的公共 IP 添加到我的网络,这样 zenhaus 就不会检查它,它仍然是一样的。这是从同一网络上的另一台计算机发送的,但即使从 google 发送,它也会发送,但不会发送到 192.168.0.13。

例如:

Jan  1 20:47:11 ubuntu-standard postfix/postscreen[19621]: CONNECT from [209.85.220.175]:35280 to [192.168.0.13]:25
Jan  1 20:47:11 ubuntu-standard postfix/postscreen[19621]: WHITELISTED [209.85.220.175]:35280
 Jan  1 20:47:12 ubuntu-standard postfix/smtpd[19622]: connect from mail-qk0-f175.google.com[209.85.220.175]
Jan  1 20:47:12 ubuntu-standard postfix/smtpd[19622]: warning: connect to Milter service unix:/opendkim/opendkim.sock: No such file or directory
Jan  1 20:47:13 ubuntu-standard postfix/smtpd[19622]: E9FC24192A: client=mail-qk0-f175.google.com[209.85.220.175]
Jan  1 20:47:14 ubuntu-standard postfix/cleanup[19630]: E9FC24192A: message-id=<CAPppPrR=WOnYTUCDSDt2kz6QeN9d93QGr2H_+OeSxgQs4N_8sQ@mail.gmail.com>
Jan  1 20:47:14 ubuntu-standard spamc[19631]: connect(AF_UNIX) to spamd using --socket='/var/spool/postfix/spamassassin/spamd.sock' failed: Connection refused
Jan  1 20:47:14 ubuntu-standard postfix/qmgr[18439]: E9FC24192A: from=<[email protected]>, size=2624, nrcpt=1 (queue active)
Jan  1 20:47:14 ubuntu-standard postfix/smtpd[19622]: disconnect from mail-qk0-f175.google.com[209.85.220.175] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan  1 20:47:14 ubuntu-standard postfix/postscreen[19621]: CONNECT from [86.6.181.24]:38536 to [192.168.0.13]:25
Jan  1 20:47:14 ubuntu-standard postfix/dnsblog[19636]: addr 86.6.181.24 listed by domain zen.spamhaus.org as 127.0.0.11
 Jan  1 20:47:17 ubuntu-standard postfix/postscreen[19621]: DNSBL rank 1 for [86.6.181.24]:38536
Jan  1 20:47:17 ubuntu-standard postfix/smtp[19633]: warning: host mail.neonnuke.tech[86.6.181.24]:25 greeted me with my own hostname mail.neonnuke.tech
Jan  1 20:47:17 ubuntu-standard postfix/smtp[19633]: warning: host mail.neonnuke.tech[86.6.181.24]:25 replied to HELO/EHLO with my own hostname mail.neonnuke.tech
Jan  1 20:47:17 ubuntu-standard postfix/smtp[19633]: E9FC24192A: to=<[email protected]>, relay=mail.neonnuke.tech[86.6.181.24]:25, delay=3.7, delays=0.5/0.06/3.1/0, dsn=5.4.6, status=bounced (mail for neonnuke.tech loops back to myself)
Jan  1 20:47:17 ubuntu-standard postfix/postscreen[19621]: DISCONNECT [86.6.181.24]:38536
Jan  1 20:47:17 ubuntu-standard postfix/cleanup[19630]: 7E7C941DEE: message-id=<[email protected]>
Jan  1 20:47:17 ubuntu-standard postfix/qmgr[18439]: 7E7C941DEE: from=<>, size=4551, nrcpt=1 (queue active)
Jan  1 20:47:17 ubuntu-standard postfix/bounce[19643]: E9FC24192A: sender non-delivery notification: 7E7C941DEE
Jan  1 20:47:17 ubuntu-standard postfix/qmgr[18439]: E9FC24192A: removed

答案1

您尚未配置 Postfix 以接受发往该neonnuke.tech域的邮件,但您已配置 MX 记录以指向此邮件服务器。Postfix 在发现它已收到它试图发送的邮件后,不知道如何处理这封邮件。

要解决这个问题,您需要告诉 Postfix 接受 的邮件neonnuke.tech,例如将其添加到mydestinationvirtual_alias_domains


为了加分,您会收到有关主机使用您自己的主机名向我打招呼的消息,因为服务器位于某种 NAT 后面,因此不知道可以通过其全局 IP 地址访问它。一旦邮件服务器知道它对域的邮件具有权威性,这种情况也会消失。

答案2

因此,问题源于 Postfix发送中使用 SMTP 发送邮件,另一台主机用它自己的主机名来接收邮件:

   mail.neonnuke.tech[86.6.181.24]:25 replied to HELO/EHLO with my own hostname mail.neonnuke.tech

但为什么会这样呢?根据日志,86.6.181.24 已经尝试将邮件发送到日志来源的机器 (192.168.0.13)。为什么会这样呢?

    E9FC24192A: to=<[email protected]>, relay=mail.neonnuke.tech[86.6.181.24]:25,

似乎表明 86.6.181.24 并不认为自己是“neonnuke.tech”的最终目的地,因此将邮件转发给我们。

但是我们的机器也不认为自己是最终目的地——唉,neonnuke.tech 不在我的目的地:

   mydestination = localhost, localhost.neonnuke.tech, mail.neonnuke.tech

解决方案:更改我的目的地:

   mydestination = localhost, localhost.$mydomain, $myhostname, $mydomain

然后重试。

   Jan  1 20:47:12 ubuntu-standard postfix/smtpd[19622]: warning: connect to Milter service unix:/opendkim/opendkim.sock: No such file or directory

表示 opendkim milter 没有运行或在错误的目录中创建了它的套接字。

相关内容