我的星座是这样的:
- 服务器 1:cmgateway.domain.de,稍后是网关 Ciphermail 加密网关设备版本,集成后缀+ 提取邮件。
- 服务器 2:mailserver.domain.de,稍后是邮件服务器 后缀 + dovecot。Postfix 已配置为通过我的智能主机发送邮件。
我想要实现的目标: cmgateway:获取邮件应该传递给cmgateway:postfix 应传递给 mailserver:postfix。
有效的方法:在我的邮件服务器:postfix我可以通过 Dovecot 上的 IMAP 使用邮件客户端(thunderbird、outlook)发送邮件。
什么不起作用,我想存档的是: 网关:后缀将找到的邮件(来自 fetchmail )传输到我的邮件服务器:postfix(我可以在日志中看到这一点),
但问题来了)邮件服务器:postfix将这些邮件直接转发给我的智能主机。但它应该在本地投递邮件。
如果我直接在邮件服务器上安装 fetchmail 并告诉它 smtpaddress localhost,则 fun 会工作并发送到我的本地邮箱。但邮件应该来自cmgateway:获取邮件。
我希望我的问题能被理解。是否需要配置,或者这是一个逻辑/基本理解问题?
提前感谢你的帮助。问候 Thomas
![图片快速检查][1]
cmgateway:获取邮件
# /etc/fetchmailrc for system-wide daemon mode
# This file must be chmod 0600, owner fetchmail
# log through syslog facility
set syslog
# Direct error mail to the local postmaster
set no bouncemail
# Defaults
defaults:
timeout 300
antispam -1
batchlimit 100
# !!! DON'T CHANGE ANYTHING BETWEEN START-AUTO-CONFIG AND END-AUTO-CONFIG BECAUSE IT WILL BE OVERWRITTEN !!!
### START-AUTO-CONFIG ###
set daemon 20
set postmaster "[email protected]"
poll "sslin.df.eu" service 993 proto IMAP no uidl user "[email protected]" password "password" is "[email protected]" folder "INBOX" options ssl no idle keep
### END-AUTO-CONFIG ###
邮件服务器:Postifx
myhostname = mailserver.mydomain.de
mydomain = mydomain.de
myorigin = mydomain.de
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
mydestination = mailserver.mydomain.de, localhost.localdomain, localhost
relayhost = sslout.df.eu:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
home_mailbox = Maildir/
mailbox_command =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
# TLS parameters
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.mydomain.de.crt
smtpd_tls_key_file = /etc/ssl/private/mailserver.mydomain.de.key
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
sender_canonical_maps = hash:/etc/postfix/sender_canonical
#smtp_generic_maps = hash:/etc/postfix/generic
邮件服务器:dovecot
disable_plaintext_auth = no
mail_privileged_group = mail
mail_location = maildir:~/Maildir
auth_mechanisms = plain login
ssl = required
ssl_cert = </etc/ssl/certs/mailserver.mydomain.de.crt
ssl_key = </etc/ssl/private/mailserver.mydomain.de.key
userdb {
driver = passwd
}
passdb {
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user=postfix
group=postfix
}
}
第一部分已解决
我想描述一个后续问题,不确定是否应该为此开另一篇文章。整个故事是将后缀连接到密码邮件加密网关,其中网关 (cmgateway) 作为内容过滤器挂接到现有后缀。
感谢您的帮助,我现在可以使用我的邮件服务器:postfix并使用 dovecot 通过客户端接收它们。 有效的是: 当我通过 mailserver:postfix 发送邮件时,邮件实际上先发送到 cmgateway:content-filter,然后对邮件进行签名或加密,再发回,然后 postfix 通过我的智能主机发送。效果很好。
不起作用的是: 因为我通过 fetchmail 接收邮件并把它们交给我的邮件服务器:postfix,这些邮件很遗憾没有通过我的cmgateway:内容过滤器,这完全是愚蠢的,因为邮件不会自动被检查和解密。
所以我的问题是,我该怎么做才能让通过 fetchmail 发到我的 postfix 的邮件通过我的 cmgateway:content-filter 进行处理?
cmgateway-Ciphermail 网关设备 Postfix 设置和额外的 Djigzo Vars 来自我通过 GUI 配置的设备。
cmgateway:postconf-n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
content_filter = djigzo:[127.0.0.1]:10025
djigzo_after_filter_message_size_limit = ${djigzo_calculated_after_filter_message_size_limit}
djigzo_before_filter_message_size_limit = 10240000
djigzo_calculated_after_filter_message_size_limit = 30720000
djigzo_calculated_queue_minfree = 92160000
djigzo_mailbox_size_limit = 512000000
djigzo_mydestination =
djigzo_myhostname = cmgateway.unixuser.de
djigzo_mynetworks = 192.168.1.0/24
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
djigzo_reject_unverified_recipient =
djigzo_relay_domains =
djigzo_relay_transport_host =
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_relayhost =
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_smtp_helo_name = cmgateway.unixuser.de
djigzo_unverified_recipient_reject_code = 450
enable_long_queue_ids = yes
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_name = CipherMail
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
mydestination = ${djigzo_mydestination}
myhostname = ${djigzo_myhostname}
mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks}
notify_classes =
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
queue_minfree = ${djigzo_calculated_queue_minfree}
recipient_delimiter = +
relay_domains = ${djigzo_relay_domains}
relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
smtp_address_preference = ipv4
smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
smtp_sasl_security_options =
smtp_sasl_type = cyrus
smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_security_level = may
smtpd_authorized_xforward_hosts = 127.0.0.1/32
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
smtpd_etrn_restrictions = reject
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination ${djigzo_rbl_clients} ${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh2048.pem
smtpd_tls_exclude_ciphers = AESCCM8, aNULL, ARIA, DES, DSS, eNULL, EXPORT, IDEA, MD5, PSK, RC4, SEED
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = $smtpd_tls_protocols
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
cmgateway:postconf -M
smtp inet n - n - - smtpd -o message_size_limit=${djigzo_before_filter_message_size_limit}
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
djigzo unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps=
cleanup_reinject unix n - n - 0 cleanup -o hopcount_limit=100
127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject
127.0.0.1:10027 inet n - n - 10 smtpd -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o syslog_name=postfix/10027 -o message_size_limit=${djigzo_before_filter_message_size_limit}
邮件服务器:postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
content_filter = djigzo:[<ip:cmgateway:content-filter>]:10025
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command =
mailbox_size_limit = 0
mydestination = mydomain.de, mailserver.mydomain.de, localhost.localdomain, localhost
mydomain = mydomain.de
myhostname = mailserver.mydomain.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
myorigin = mydomain.de
readme_directory = no
recipient_delimiter = +
relayhost = sslout.df.eu:465
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.mydomain.de.crt
smtpd_tls_key_file = /etc/ssl/private/mailserver.mydomain.de.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
邮件服务器:postconf -M
smtp inet n - y - - smtpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
djigzo unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps= -o smtp_tls_wrappermode=no -o smtp_tls_security_level=none
:10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8,<ip-cmgateway:content-scanner>/32 -o smtpd_authorized_xforward_hosts=127.0.0.0/8,<ip-cmgateway:content-filter>/32 -o smtpd_authorized_xclient_hosts=127.0.0.0/8,<ip-cmgateway:content-filter>/32
Return-Path: <[email protected]>
X-Original-To: vorname.nachname@localhost
Delivered-To: vorname.nachname@localhost
Received: from cmgateway.mydomain.de (unknown [192.168.1.100])
by mailserver.mydomain.de (Postfix) with ESMTP id 300A69FE83
for <vorname.nachname@localhost>; Thu, 30 Sep 2021 15:18:51 +0200 (CEST)
Received: from mailserver.mydomain.de (mailserver.mydomain.de [127.0.0.1])
by mailserver.mydomain.de (Postfix) with ESMTP id B1F629FE83
for <vorname.nachname@localhost>; Thu, 30 Sep 2021 15:18:50 +0200 (CEST)
Delivery-date: Thu, 30 Sep 2021 15:18:47 +0200
Received: from sslin.df.eu
by mailserver.mydomain.de with IMAP (fetchmail-6.4.16)
for <vorname.nachname@localhost> (single-drop); Thu, 30 Sep 2021 15:18:50 +0200 (CEST)
Received: from [80.67.18.23] (helo=mx14.ispgateway.de)
by mailcluster2-1.ispgateway.de with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.94.2)
(envelope-from <[email protected]>)
id 1mVvxX-0002n4-8A; Thu, 30 Sep 2021 15:18:47 +0200
X-Envelope-to: [email protected]
Received: from [209.85.221.53] (helo=mail-wr1-f53.google.com)
by mx14.ispgateway.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <[email protected]>)
id 1mVvxX-0008N2-1L
for [email protected]; Thu, 30 Sep 2021 15:18:47 +0200
Received: by mail-wr1-f53.google.com with SMTP id i23so10058684wrb.2
for <[email protected]>; Thu, 30 Sep 2021 06:18:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=from:to:subject:date:message-id:mime-version;
...
...
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
...
...
X-Gm-Message-State: AOAM532Mi+9hBhIeKRyxZ8mrv7KD20yvxc3VONKwCkqsWH/ogS2KhbUd
YN1oqMrTf1snf3apkNSFnIF8nwfvud4bZw==
X-Google-Smtp-Source: ABdhPJyqHVpnPTv0v+vEPth75iFBs6gHSDH8GkXrc84pQMoafAT6UZKwGe7ezuW6Mz2MZrbtyx/vTQ==
X-Received: by 2002:a5d:4e8e:: with SMTP id e14mr6075326wru.280.1633007926486;
Thu, 30 Sep 2021 06:18:46 -0700 (PDT)
Received: from zero.localnet (b2b-37-24-59-146.unitymedia.biz. [37.24.59.146])
by smtp.gmail.com with ESMTPSA id t16sm5297571wmi.33.2021.09.30.06.18.45
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 30 Sep 2021 06:18:45 -0700 (PDT)
From: taumeister <[email protected]>
To: [email protected]
Subject: test
Date: Thu, 30 Sep 2021 15:18:44 +0200
Message-ID: <12963307.VfqQIOsWLq@zero>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3105979.8Fo9iPulqY"; micalg="sha256"; protocol="application/pkcs7-signature"
X-Received-SPF: pass ( mx14.ispgateway.de: domain of gmail.com designates 209.85.221.53 as permitted sender )
X-DKIM: DKIM passed: ([email protected] domain=gmail.com), signature is good.
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
spamfilter06.ispgateway.de
X-Spam-Level:
X-Spam-Status: No, hits=0.0 required=9999.0 tests=BAYES_50 autolearn=disabled
version=3.4.0
X-Spam-CMAETAG: v=2.2 cv=Vb6HBBh9 c=1 sm=1 tr=0
a=f3DIsCLYdJ36Iz1841r7JQ==:17 a=7QKq2e-ADPsA:10 a=nPLt57aK5UoA:10
a=nS36O97Bj3wUElCrIrAA:9 a=CjuIK1q_8ugA:10 a=nlHNP32c2GOG8w8F970A:9
a=ZVk8-NSrHBgA:10 a=30ssDGKg3p0A:10
X-Spam-CMAECATEGORY:
X-Spam-CMAESUBCATEGORY:
X-Spam-CMAESCORE:
--nextPart3105979.8Fo9iPulqY
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
test
--nextPart3105979.8Fo9iPulqY
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCDVcw
...
..
iWw4PiXyoxYAdifS9anajXimDWcgUfY/ps+VEgAAAAAAAA==
--nextPart3105979.8Fo9iPulqY--
答案1
我没有在你的 Postfix@Server2 配置中看到任何内容表明它应该在本地递送这些邮件。你必须告诉 Postfix,它是“最终目的地”用于邮件域。
我建议您将您的域名添加到mydestination(非虚拟设置,最适合本地用户,您的 Dovecot 设置driver=pam表明了这一点)。这将修复从 Postfix 实例循环出来的邮件,而不知道它是这些邮件的目的地。
关于通过网关处理来自 fetchmail 的邮件:我认为只要您实际尝试,就会发生这种情况,或者至少会产生有意义的诊断日志/标头。您当前显示的标头似乎不是 fetchmail 插入 cmgateway 的邮件,而是在邮件服务器上运行的 fetchmail 提取的邮件。
无关,但会改善 IMAP 服务器的一些行为:我还建议您通过 Dovecot LMTP(默认文档中的步骤应该没问题),这样 Dovecot 将是唯一更改邮箱的程序。