我的问题

tag-icon tag-icon postfix dovecot
我的问题

我的问题

我尝试使用 postfix 和 dovecot 设置自己的邮件服务器。我使用了本教程开始吧。我的最终目标是拥有像在此后续教程中。(如果您不想阅读这些内容,只需参考我帖子底部的配置文件。)

然而我却被 Postfix 拒绝所有来自外部的邮件所困扰。

我尝试过

首先,我尝试像第一个教程中那样设置一切,让 postfix 为本地用户发送和接收邮件,同时使用 dovecot 作为邮箱。但是,如果我逐行按照每条指令操作,我的邮件日志中最终会出现以下错误:

Sep  2 00:07:43 servername postfix/smtpd[6362]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains

根据这个serverfault 答案我需要将以下行添加到main.cf。(公平地说,这几乎就是错误消息告诉我要做的):

smtpd_relay_restrictions = permit_mynetworks, reject

通过此调整,postfix 不再给我错误。使用maildebian 的命令,bsd-mailx我能够向外部邮件地址和服务器上的用户发送邮件。我还可以接收来自服务器上用户的邮件。但是,从外部邮件地址发给我的本地用户(在本例中为 root)的邮件都被拒绝:

Sep  2 00:09:45 servername postfix/smtpd[6580]: connect from bigmailhoster.com[12.34.56.78]
Sep  2 00:09:45 servername postfix/smtpd[6580]: NOQUEUE: reject: RCPT from bigmailhoster.com[12.34.56.78]: 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<bigmailhoster.com>
Sep  2 00:09:45 servername postfix/smtpd[6580]: disconnect from bigmailhoster.com[12.34.56.78] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

不过,我认为我可能需要设置smtpd_recipient_restrictions而不是像我在我的 中那样进行中继限制master.cf

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject

不幸的是,这并没有改变什么。我重启 postfix 后,所有外部邮件仍然被拒绝。

我的配置文件

最后我的 postfix 配置如下:

主配置文件

~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mailbox_size_limit = 0
mydestination = mail.myserver.com, myserver.com, localhost, localhost.localdomain
myhostname = mail.myserver.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = myserver.com
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.myserver.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.myserver.com/privkey.pem
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

主配置文件

~# postconf -M
smtp       inet  n       -       y       -       -       smtpd
pickup     unix  n       -       y       60      1       pickup
cleanup    unix  n       -       y       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
maildrop   unix  -       n       n       -       -       pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
submission inet  n       -       -       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=no -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth

dovecot配置文件

我不确定这是否相关,但这是 dovecot 的配置:

~# doveconf -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 10.12 
# Hostname: servername
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
passdb {
  args = %s
  driver = pam
}
plugin {
  autocreate = Trash
  autocreate2 = Sent
  autosubscribe = Trash
  autosubscribe2 = Sent
}
protocols = imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.myserver.com/fullchain.pem
ssl_key = # hidden, use -P to show it
userdb {
  driver = passwd
}
protocol imap {
  mail_plugins = " autocreate"
}

答案1

感谢 anx 的评论,我才得以解决我的问题。

Postfix 多年来改变了一些默认设置。为了使教程中的旧配置文件能够正常工作,Postfix 在 3.0 版中引入了向后兼容的默认设置。为了使其正常工作,compatibility_level必须将设置设置为正确的 Postfix 版本。

就我而言,我需要 Postfix 2.x 的默认设置。因此,我必须对我的进行以下更改main.cf

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject

compatibility_level=2

欲进一步了解,请查看:http://www.postfix.org/COMPATIBILITY_README.html

相关内容