我正在尝试设置一个小型邮件服务器和后缀,多夫科特, 和MySQL(MariaDB)在 Debian 上。我还配置了SSL和让我们加密。
到目前为止,我还没有设置 rDNS、DKIM、DMARC、SPF 等(我稍后会尝试),但是发送电子邮件使用该mail命令已经非常有效。它们不会变成垃圾邮件或被拒绝。
接收邮件不起作用!以下是错误消息/var/log/mail.log:
Jan 13 09:27:39 [hostname] postfix/smtpd[1016]: connect from mx1.riseup.net[198.252.153.129]
Jan 13 09:27:40 [hostname] postfix/smtpd[1016]: NOQUEUE: reject: RCPT from mx1.riseup.net[198.252.153.129]: 554 5.7.1 <info@[domain].net>: Relay access denied; from=<[user]@riseup.net> to=<info@[domain].net> proto=ESMTP helo=<mx1.riseup.net>
Jan 13 09:27:40 [hostname] postfix/smtpd[1016]: disconnect from mx1.riseup.net[198.252.153.129] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
riseup.net是我出于测试目的发送邮件的电子邮件提供商。我也尝试了 Gmail,结果相同。
我已经设置A/AAAA 记录为了[主机名].[域].net, 以及ASAMX 记录也适用于[主机名].[域].net。
我的/etc/hosts文件如下所示:
127.0.0.1 localhost.localdomain localhost
127.0.1.1 [hostname].[domain].net [hostname] # FQDN
# The following lines are desirable for IPv6 capable hosts
::1 localhost localhost.localdomain ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
#
1.1.1.1 [hostname].[domain].net [hostname] [domain].net www.[domain].net
11::11::11::11 [hostname].[domain].net [hostname] [domain].net www.[domain].net
这完整限定域名 (FQDN)第二行是我的 VPS 提供商需要的,以便稍后设置 rDNS 和 DKIM。
这是我的/etc/postfix/main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/[hostname].[domain].net/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/[hostname].[domain].net/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtp_tls_security_level=may
smtpd_tls_security_level=may
smtpd_sasl_security_options=noanonymous,noplaintext
smtpd_sasl_tls_security_options=noanonymous
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Authentication
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
# Restrictions
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
myhostname = [hostname].[domain].net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = [domain].net
myorigin = $mydomain
mydestination = $myhostname, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# Even more Restrictions and MTA params
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
#smtpd_etrn_restrictions = reject
#smtpd_reject_unlisted_sender = yes
#smtpd_reject_unlisted_recipient = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
#smtpd_hard_error_limit = 1
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h
# Reply Rejection Codes
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
是个中继访问问题可能与邮件服务器域名有关[主机名].[域].net,但是用户的电子邮件地址info@[domain].net呢?
目前,虚拟用户仅info设置在 MySQL 数据库中,该数据库存储其用户名、加密密码和邮件存储路径。我还没有设置任何别名。
有什么建议么?
谢谢。
答案1
你的mydestination仅包含服务器的 FQDN($myhostname),但没有包含域。尝试添加$mydomain,例如,
mydestination = $mydomain, $myhostname, localhost, localhost.localdomain
为了virtual_alias_domains,您必须指定每一个用户在virtual_alias_maps,并且对于virtual_mailbox_domains
在virtual_mailbox_maps;不只是[email protected]。
此外,所有限制都缺少最后的permit。
从postconf(5)smtpd_client_restrictions:
允许
允许请求。此限制在限制列表的末尾很有用,可以使默认策略明确。
例如,
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination,
permit
答案2
由于 Postfix 必须虚拟邮箱域名,虚拟邮箱地图, 和虚拟别名来自不同表内的信息MySQL 数据库(就我而言),我需要为每个创建并提供一个配置文件。
更改内容/etc/postfix/main.cf:
mydestination = $myhostname, localhost
# ...
# Handling of local devlivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
# Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
mysql:/etc/postfix/mysql-virtual-email2email.cf
所有这些配置文件都具有相同的结构:
user = database_user
password = database_user_password
hosts = 127.0.0.1
dbname = database_name
query = MySQL query that gets the relevant information from a specific table