Chinaunix

标题: 求助，postfix无法外发邮件。各位大大们，帮忙啊。。。 [打印本页]

作者: wzhihai 时间: 2009-05-26 18:53
标题: 求助，postfix无法外发邮件。各位大大们，帮忙啊。。。
本机上各域邮件之间互发都没有问题。但外发就报错。
错误信息：
mail:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Debian/GNU)
helo example.com
250 mail.example.com
mail from:<ops@example.com>
250 2.1.0 Ok
rcpt to:<myemail@gmail.com>
550 5.1.1 <myemail@gmail.com>: Recipient address rejected: User unknown in local recipient table
quit
221 2.0.0 Bye
Connection closed by foreign host.
main.cf配置内容如下：++++++++++++++++++++++++++++++++++

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree

{queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree

{queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.example.com, mail.example.cn, gmail.com, localhost
relayhost =
mynetworks =
#121.52.210.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_tls_auth_only = yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous

作者: wzhihai 时间: 2009-05-26 19:34
mail:/etc/postfix/sasl# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Debian/GNU)
ehlo example.com
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<ops@example.com>
250 2.1.0 Ok
rcpt to:<myemail@gmail.com>
554 5.7.1 <myemail@gmail.com>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.

报错后的/var/log/mail.log错误记录如下：================
May 26 19:29:59 mail postfix/smtpd[3164]: NOQUEUE: reject: RCPT from unknown[124.126.148.31]: 554 5.7.1 <myemail@gmail.com>: Relay access denied; from=<ops@example.com> to=<myemail@gmail.com> proto=ESMTP helo=<example.com>
May 26 19:30:07 mail postfix/smtpd[3164]: disconnect from unknown[124.126.148.31]

作者: igdxigdx 时间: 2009-05-26 21:52
楼主的DNS解析有误，你没有做好正确的DNS解释，A.MX记录。
明眼一看就是照抄的网上的配置，看网上的教程是好的，但是你得把本地的域名改了。
example.com 是人家的域名，解析是别人的公网IP，怎么可能让你发邮件。
如果这样也能发，那我搞个 qq.com然后再向别人用户发邮件，发个什么中奖的邮件，那我可是发财了。呵呵。。。

作者: xmbbx 时间: 2009-05-27 09:10

原帖由 wzhihai 于 2009-5-26 19:34 发表
mail:/etc/postfix/sasl# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Debian/GNU)
ehlo example.com
250-m ...

没有认证就向外域发件当然不成功。要是这样也能发成功，那你的邮件服务器就是open relay了。

作者: wzhihai 时间: 2009-05-27 09:41
DNS解析肯定是正确的。example.com是发贴的时候改的。配置里边当然不会用这个域名，因为服务器放在公网上，目前处理测试阶段，没有开任何防护，所以一开始没有用真正的域名。

下边是用outlook以身份验证方式发送邮件。也是同样发送不成功，以下是mail.log的错误记录。显示verification failed: Name or service not known，所以我怀疑是那个地方配置不对，造成对外发送受限制。

May 27 09:36:25 mail postfix/smtpd[2563]: warning: 124.126.148.31: hostname 31.148.126.124.broad.bjtelecom.net verification failed: Name or service not known
May 27 09:36:25 mail postfix/smtpd[2563]: connect from unknown[124.126.148.31]
May 27 09:36:25 mail postfix/smtpd[2563]: NOQUEUE: reject: RCPT from unknown[124.126.148.31]: 554 5.7.1 <wzhihai@gmail.com>: Relay access denied; from=<ops@olship.cn> to=<wzhihai@gmail.com> proto=ESMTP helo=<wzh>
May 27 09:36:25 mail postfix/smtpd[2563]: disconnect from unknown[124.126.148.31]

作者: wzhihai 时间: 2009-05-27 09:43
以下是现在的main.cf主要配置部分：

myhostname = mail.olship.cn
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.olship.cn, localhost
relayhost =
mynetworks = 121.52.210.8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_tls_auth_only = yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous

作者: ruochen 时间: 2009-05-27 09:54
550 5.1.1 <myemail@gmail.com>: Recipient address rejected: User unknown in local recipient table

还有Relay access denied;

看这些啊

作者: wzhihai 时间: 2009-05-27 10:06
本地telnet登录报销信息。提示没有验证方法？？？？
mail:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo olship.cn
220 mail.olship.cn ESMTP Postfix (Debian/GNU)
250-mail.olship.cn
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain ZHJ5Q9sGc2hpcC5jbgercnlAb23zaGlwLmNuAGdsdWU=
538 5.7.0 Encryption required for requested authentication mechanism

另外Recipient address rejected: User unknown in local recipient table，是那条设置的问题啊？

作者: fangdingj 时间: 2009-05-27 10:16
mynetworks_style = host

加上这个，telnet localhost 25 不用认证

作者: wzhihai 时间: 2009-05-27 10:19
加上mynetworks_style = host没有任何效果，以下是加上之后不做认证发送邮件，直接relay access denied。那位大侠能先告诉我一下，relay access denied是为什么？那条语句控制的？

mail:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.olship.cn ESMTP Postfix (Debian/GNU)
ehlo olship.com
250-mail.olship.cn
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<ops@olship.cn>
250 2.1.0 Ok
rcpt to:<wzhihai@gmail.com>
554 5.7.1 <wzhihai@gmail.com>: Relay access denied

[ 本帖最后由 wzhihai 于 2009-5-27 10:23 编辑 ]

作者: fangdingj 时间: 2009-05-27 10:23
myorigin = /etc/mailname 可以这样写吗 ,我觉得是 olship.cn才对，就是你的邮箱后缀

smtpd_sasl_path = /var/run/dovecot/auth-client 这个地址在 /etc/dovecot.conf 里改

还有 /etc/dovecot.conf 里加上这个
mechanisms = login plain digest-md5

作者: fangdingj 时间: 2009-05-27 10:38

原帖由 wzhihai 于 2009-5-27 10:19 发表
加上mynetworks_style = host没有任何效果，以下是加上之后不做认证发送邮件，直接relay access denied。那位大侠能先告诉我一下，relay access denied是为什么？那条语句控制的？

mail:~# telnet localhost ...

mydomain=olship.cn
或者把 olship.cn 加到虚拟域里
要不然postfix 认为 olship.cn 不是你的域，当然 relay access denied,因为你是发向 gmail.com的
mail from:aaa@olship.cn

作者: wzhihai 时间: 2009-05-27 10:46
标题: 回复 #12 fangdingj 的帖子
olship.cn已经在虚拟域里了。而且实际域名指向也是本服务器。另外在/etc/dovecot.conf里有mechanisms = login plain digest-md5，但telnet的时候还是报538 5.7.0 Encryption required for requested authentication mechanism

作者: fangdingj 时间: 2009-05-27 11:04
postmap -q "olship.cn" mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf 输出什么
dovecot.conf 去掉注释贴出来
还有 postconf -n 的结果

作者: wzhihai 时间: 2009-05-27 11:16
postmap -q "olship.cn" mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
的结果显示1.
==========================================
postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mail.olship.cn, localhost
myhostname = mail.olship.cn
mynetworks = 121.52.210.8
mynetworks_style = host
myorigin = /etc/mailname
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree

{queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_tls_session_cache_database = btree

{queue_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
==dovecot.conf=============================================
protocols = imap imaps pop3 pop3s

disable_plaintext_auth = no

log_timestamp = "%Y-%m-%d %H:%M:%S "

namespace private {

separator = .

prefix = INBOX.

inbox = yes

}

mail_privileged_group = mail

protocol imap {

}

protocol pop3 {

  pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
  log_path = /home/vmail/dovecot-deliver.log
  auth_socket_path = /var/run/dovecot/auth-master
  postmaster_address = wzh@olship.com
mail_plugins = cmusieve
global_script_path = /home/vmail/globalsieverc
}

auth default {
  mechanisms = plain login digest-md5
  passdb pam {
  }
  passdb sql {
args = /etc/dovecot/dovecot-sql.conf
  }
  userdb passwd {
  }
  userdb static {
   args = uid=5000 gid=5000 home=/var/mail/%d/%u allow_all_user=yes
  }
  user = root
  socket listen {
master {
   path = /var/run/dovecot/auth-master
   mode = 0600
   user = vmail
}
client {
   path = /var/spool/postfix/private/auth
   mode = 0660
   user = postfix
   group = postfix
}
  }

}

作者: wzhihai 时间: 2009-05-27 11:20
我的安装是照着http://workaround.org/articles/i ... ded-debian-packages来进行的

作者: lvDbing 时间: 2009-05-27 16:37
标题: 回复 #16 wzhihai 的帖子
[lvdbing@lvdbing ~]$ dig gmail.com mx

; <<>> DiG 9.2.4 <<>> gmail.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61838
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com.                   IN    MX

;; ANSWER SECTION:
gmail.com.             3547 IN    MX    5 gmail-smtp-in.l.google.com.
gmail.com.             3547 IN    MX    10 alt1.gmail-smtp-in.l.google.com.
gmail.com.             3547 IN    MX    20 alt2.gmail-smtp-in.l.google.com.
gmail.com.             3547 IN    MX    30 alt3.gmail-smtp-in.l.google.com.
gmail.com.             3547 IN    MX    40 alt4.gmail-smtp-in.l.google.com.

;; AUTHORITY SECTION:
gmail.com.             328186  IN    NS    ns4.google.com.
gmail.com.             328186  IN    NS    ns2.google.com.
gmail.com.             328186  IN    NS    ns1.google.com.
gmail.com.             328186  IN    NS    ns3.google.com.

;; Query time: 61 msec
;; SERVER: 192.168.203.2#53(192.168.203.2)
;; WHEN: Tue Mar  3 16:58:24 2009
;; MSG SIZE  rcvd: 222

---------------------------------
[lvdbing@lvdbing ~]$ telnet gmail-smtp-in.l.google.com 25
Trying 209.85.216.49...
Connected to gmail-smtp-in.l.google.com (209.85.216.49).
Escape character is '^]'.
220 mx.google.com ESMTP 15si10156814pxi.145
helo lvdbing.net
250 mx.google.com at your service
mail from:<lvdbing@lvdbing.net>
250 2.1.0 OK 15si10156814pxi.145
rcpt to:<myemail@gmail.com>
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 15si10156814pxi.145
rcpt to:<lvdbing@gmail.com>
250 2.1.5 OK 15si10156814pxi.145
data
354  Go ahead 15si10156814pxi.145
from:<lvdbing@lvdbing.net>
to:<myemail@gmail.com>
subject:test

test.
.
250 2.0.0 OK 1243411855 15si10156814pxi.145
quit
221 2.0.0 closing connection 15si10156814pxi.145
Connection closed by foreign host.

------------------------------------------------
第一个问题是对方用户名不存在，还是设置了黑名单什么了吧。

作者: wzhihai 时间: 2009-05-27 22:19
仔细清理了一下main.cf，目前问题解决，清理之后的postconf -n显示结果如下：
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 81920000
mydestination =
mydomain = olship.cn
myhostname = mail.olship.cn
mynetworks = 121.52.210.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $myhostname
recipient_delimiter = +
smtp_tls_session_cache_database = btree

{queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_tls_session_cache_database = btree

作者: webdna 时间: 2009-06-02 13:58
myhostname = mail.example.com
改成其它的就行了。

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)