默认情况下,我的 Postfix 允许中继电子邮件发送到我的域 (domain1.com) 或仅允许密码验证客户端或“myhostname”地址。这是大多数邮件服务器的常见情况。
如果我在 Exchange Online 中设置连接器以通过我的 postfix 发送出站电子邮件,则客户端(例如,Outlook)通常会使用 Exchange 凭据发送电子邮件,然后 Exchange 服务会将发送的电子邮件转发到我的 postfix。
主文件:
relay_domains = domain1.com
...
smtpd_relay_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unverified_sender,
reject_unknown_client_hostname,
reject_unknown_helo_hostname,
defer_unauth_destination
Postfix 将拒绝并显示“454 4.7.1 中继访问被拒绝”代码:
Anonymous TLS connection established from mail-ve1eur122p0672.outbound.protection.outlook.com[213.199.154.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
NOQUEUE: reject: RCPT from mail-ve1eur122p0672.outbound.protection.outlook.com[213.199.154.150]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<EUR03-VE1-obe.outbound.protection.outlook.com>
disconnect from mail-ve1eur122p0672.outbound.protection.outlook.com[213.199.154.150]
这是正常的,因为主机“ve1eur122p0672.outbound.protection.outlook.com”不在 myhostname 中,并且该主机不使用 smtp-auth。
我试过:
smtpd_relay_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/trusted_servers,
reject_unauth_destination,
reject_invalid_hostname,
reject_unverified_sender,
reject_unknown_client_hostname,
reject_unknown_helo_hostname,
defer_unauth_destination
和:
# less /etc/postfix/trusted_servers
.outbound.protection.outlook.com OK
# postmap /etc/postfix/trusted_servers
但没有结果。
是否可以允许 postfix 接受从 *.outbound.protection.outlook.com 到任何域的回复邮件,但对于其他域只允许密码验证?
答案1
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/trusted_servers
不是smtpd_relay_restrictions部分。请阅读:http://www.postfix.org/postconf.5.html#check_client_access