![Postfix 拒绝从 Google Workspace 路由的电子邮件:NOQUEUE:拒绝:来自未知 [209.85.128.69] 的 RCPT:451 4.3.0 临时查找失败](https://linux22.com/image/780550/Postfix%20%E6%8B%92%E7%BB%9D%E4%BB%8E%20Google%20Workspace%20%E8%B7%AF%E7%94%B1%E7%9A%84%E7%94%B5%E5%AD%90%E9%82%AE%E4%BB%B6%EF%BC%9ANOQUEUE%EF%BC%9A%E6%8B%92%E7%BB%9D%EF%BC%9A%E6%9D%A5%E8%87%AA%E6%9C%AA%E7%9F%A5%20%5B209.85.128.69%5D%20%E7%9A%84%20RCPT%EF%BC%9A451%204.3.0%20%E4%B8%B4%E6%97%B6%E6%9F%A5%E6%89%BE%E5%A4%B1%E8%B4%A5.png)
设置 Google Workspace,并希望在更改生产 MX 记录并让所有内容通过 Google 之前进行测试。我有一个用于域 testdomain.tld 的测试 Workspace 帐户。我在 Workspace 中设置了从 testdomain.tld 到公司旧邮件服务器 mail.corporate1.com 的电子邮件路由。旧服务器是在旧 Debian(Wheezy/Jessie)服务器上运行的 postfix 2.11.3-1。
Workspace 中的路由配置显示在底部。此路由用于测试宣传的将无法识别的电子邮件地址路由到旧服务器的功能。我们需要使用此功能逐步迁移用户和自动电子邮件流。
电子邮件路由正常,但旧版 Postfix 邮件服务器不接受该电子邮件。我正在进行的测试是从公司外部发送电子邮件到[电子邮件保护]并查看 mail.corporate1.com 上的日志。尝试了许多不同的配置更改,但邮件日志中始终出现相同的错误消息。测试用户在 testdomain.tld 工作区中没有帐户,这是一个测试条件。测试用户在 corporate1.com 上设置为 Linux 用户,并成功接收了发往[电子邮件保护]。错误、main.cf 和邮件路由配置如下。
-------来自邮件日志的错误-------
Sep 19 12:34:56 [postfix/submission/smtpd] NOQUEUE: reject: RCPT from unknown[209.85.128.69]: 451 4.3.0 <[email protected]>: Temporary lookup failure; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ab1-c23.google.com>
-------main.cf---在 mail.corporate1.com 上-------
myhostname = server.corporate1.com
myorigin = /etc/mailname
mydestination = mail.corporate1.com, mail.corporate0.com, corporate0.com, corporate1.com, localhost, localhost.localdomain, corporate2.com, mail.corporate2.com, server.corporate2.com, server.corporate0.com, server0.corporate0.com, server.corporate1.com, server0.corporate1.com, corporate3.com, mail.corporate3.com, testdomain.tld
relayhost =
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
command_execution_directory = $home
masquerade_classes = envelope_recipient, envelope_sender,
header_sender, header_recipient
masquerade_domains = corporate0.com corporate1.com
mynetworks = 10.0.0.0/8, 127.0.0.0/8, 177.177.77.0/24, 24.213.146.72/29.
178.178.45.16/28.
179.254.122.0/24.
170.170.113.143/32.
171.171.57.10/32.
174.129.81.250/32.
172.172.69.27/32.
173.173.106.89/32.
[::ffff:127.0.0.0]/104, [::1]/128
mailbox_size_limit = 0
message_size_limit = 0
command_time_limit = 45m
ipc_timeout = 45m
recipient_delimiter = +
inet_interfaces = all
# inet_protocols = ipv4
# Alias and recipient maps
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
# Default local_recipient_maps
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
# SSL
smtpd_tls_cert_file=/usr/asher/certificates/mail.corporate1.com.pem
smtpd_tls_key_file=/usr/asher/certificates/server0_priv.pem
smtp_use_tls=yes
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
proxy_interfaces=177.177.77.118
# SASL
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
# smtpd_sasl_security_options = noanonymous
# smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
## Allow plaintext mechanisms, but only over a TLS-encrypted connection:
smtp_sasl_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
#smtp_sasl_security_options = noanonymous, noplaintext
#smtpd_sasl_security_options = noanonymous, noplaintext
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
# smtpd_sasl_local_domain = $myhostname
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# reject_unknown_recipient_domain
## Keep these ???
#smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
smtpd_sender_login_maps =
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# reject_unknown_recipient_domain
smtpd_sasl_local_domain = corporate1.com
luser_relay = [email protected]
smtp_defer_if_no_mx_address_found = yes
# anti-spam experiment
smtpd_soft_error_limit = 9
smtpd_hard_error_limit = 19
relay_domains = mail.corporate1.com
transport_maps = hash:/etc/postfix/transport
# DKIM
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
virtual_alias_domains = corporate2.com
-------google-workspace 电子邮件路由配置-------
Admin > Apps > Google Workspace > Gmail > Routing
Name:
Pass-Through Email Delivery for Unrecognized Addresses
1. Email messages to affect
* Inbound
* Internal - Receiving
2. For the above types of messages, do the following
* Route
* Change route
* Also reroute spam
* (To:) Legacy Email Server
Options
B. Account types to affect
* Users
* Unrecognized / Catch-all
答案1
虚拟表缺失。创建一个空的 /etc/postfix/virtual 并运行命令:
postmap /etc/postfix/virtual