我正在 Postfix 服务器上创建一个邮箱。我们有一个脚本,用于将 LDAP 同步到 Webmail(~RoundCube),然后我们必须在 Postfix 服务器上执行以下命令:
echo -e "[email protected]\tOK" >> /etc/postfix/virtual_mailbox
echo -e "[email protected]\[email protected]" >> /etc/postfix/virtual_alias # if we want an alias
postmap /etc/postfix/virtual_mailbox && postmap /etc/postfix/virtual_alias
/etc/init.d/postfix reload
此程序一直有效直到上周,我们无法解释/解决这个问题。
通过 Webmail 向新创建的邮箱发送测试邮件返回:
<[email protected]>: host 127.0.0.1[127.0.0.1] said: 550-Mailbox unknown. Either
there is no mailbox associated with this 550-name or you do not have
authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO
command)
但是,Postfix 响应250 2.1.0 Ok该命令:RCP TO:<[email protected]>
$ nc our.mail.server.tld 25
220 our.mail.server.tld ESMTP Postfix (CentOS)
HELO domain.tld
250 our.mail.server.tld
MAIL FROM:<>
250 2.1.0 Ok
RCPT TO:<[email protected]>
250 2.1.0 Ok
DATA
Subject: testing
test email
.
250 2.0.0 Ok: queued as 7E8B043
但邮件日志表明550 5.1.1 User unknow......(日志匿名)
# edited following Nikita Kipriyanov recommendation
Jul 8 15:07:36 srv postfix/smtp[30469]: > 127.0.0.1[127.0.0.1]:10024: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected]
Jul 8 15:07:36 srv postfix/smtp[30469]: < 127.0.0.1[127.0.0.1]:10024: 250 2.1.5 Recipient <[email protected]> OK
Jul 8 15:07:37 srv postfix/smtpd[30492]: < localhost[127.0.0.1]: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: extract_addr: input: <[email protected]>
Jul 8 15:07:37 srv postfix/smtpd[30492]: smtpd_check_addr: [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: send attr address = [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: input attribute value: [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: rewrite_clnt: local: [email protected] -> [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: send attr address = [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: input attribute value: [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: resolve_clnt: `' -> `[email protected]' -> transp=`lmtp' host=`127.0.0.1:24' rcpt=`[email protected]' flags= class=virtual
Jul 8 15:07:37 srv postfix/smtpd[30492]: ctable_locate: install entry key [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: extract_addr: in: <[email protected]>, result: [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: ctable_locate: leave existing entry key [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: milter_macro_lookup: result "[email protected]"
Jul 8 15:07:37 srv postfix/smtpd[30492]: ctable_locate: leave existing entry key [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: ctable_locate: leave existing entry key [email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: milter8_rcpt_event: milter inet:127.0.0.1:8891: rcpt <[email protected]> ORCPT=rfc822;[email protected]
Jul 8 15:07:37 srv postfix/smtpd[30492]: event: SMFIC_RCPT; macros: {rcpt_addr}[email protected] {rcpt_host}=127.0.0.1:24 {rcpt_mailer}=lmtp
Jul 8 15:07:37 srv postfix/lmtp[30505]: > 127.0.0.1[127.0.0.1]:24: RCPT TO:<[email protected]>
Jul 8 15:07:37 srv cyrus/lmtp[18927]: verify_user(user.test) failed: Mailbox does not exist
Jul 8 15:07:37 srv postfix/lmtp[30505]: send attr original_recipient = [email protected]
Jul 8 15:07:37 srv postfix/lmtp[30505]: send attr recipient = [email protected]
Jul 8 15:07:37 srv postfix/lmtp[30505]: send attr dsn_orig_rcpt = rfc822;[email protected]
Jul 8 15:07:37 srv amavis[23265]: (23265-17) Passed BAD-HEADER-7 {RelayedInternal}, MYNETS LOCAL [172.16.10.39]:2828 <> -> <[email protected]>, mail_id: nTFlKNl0Vr0b, Hits: 5.677, size: 300, queued_as: C7DB445, 1476 ms
Jul 8 15:07:37 srv postfix/smtp[30469]: 73B0143: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=49, delays=48/0/0/1.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as C7DB445)
Jul 8 15:07:37 srv postfix/lmtp[30505]: C7DB445: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:24, delay=0.11, delays=0.09/0/0/0.03, dsn=5.1.1, status=bounced (host 127.0.0.1[127.0.0.1] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))
您对这种行为有什么看法?为什么使用 netcatRCPT TO返回250 2.1.5 Ok,但最后却停留在550 5.1.1 User unknown?
主配置文件
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 8 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8,<other_valids_networks>
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
答案1
Postfix 只是返回 LMTP 服务告诉它的内容,它试图将邮件交给该服务进行投递。如果扩展的别名是正确的,您必须检查那服务,而不仅仅是 Postfix。
许多事情都可能导致这种情况,但很明显,Postfix 的用户/别名列表不再与服务器 Postfix 传递 mailto 的用户同步(通过 Amavis 的绕行使日志变得复杂,但似乎不是问题)。
下一步诊断:比较 MDA 可用的用户列表(赛勒斯 IMAPd(从错误消息来看)与后缀虚拟映射的实际结果之间的区别。
使用以下命令查询您的后缀映射:
postmap -v -v -q [email protected] hash:/etc/postfix/virtual_mailbox
postmap -v -v -q [email protected] hash:/etc/postfix/virtual_alias
像这样的查询比仅仅相信你正确执行了命令要好,因为这样重复和拼写错误会更加明显。我思考您的设置通常只会导致一两张地图。
使用您在其配置中找到的信息查询 LMTP 服务的用户列表,以验证邮箱是否确实存在。要直接查询 LDAP,请使用ldapsearch -U .. -H ldaps://..,要调查特定服务器,请使用其提供的实用程序:多夫科特,doveadm user ..用于赛勒斯使用cyrusadm info [name], ..
还要考虑故障模式,例如,用于保存用户列表的 LDAP 服务器暂时或永久无法被用于获取该数据的服务器或维护脚本访问。
您可以通过添加合适的syslog_name选项来缓解这种情况,并且仍然可以轻松简化未来的调试master.cf- 这样,您就可以更轻松地分辨出您的哪个服务(显然是多个类似的)记录了哪些行。
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o ...
...
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o ...
...
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=postfix/description
-o ...