我们遇到的情况是,从特定公司到合法收件人的入站电子邮件以“收件人地址被拒绝:访问被拒绝”的方式退回:
Aug 23 09:15:27 extranet postfix/smtpd[20228]: NOQUEUE: reject: RCPT from sender.com[8.9.10.11]: 554 5.7.1 <user@example.com>: Recipient address rejected: Access denied; from=<user@sender.com> to=<user@example.com> proto=ESMTP helo=<mg01d1.sender.com>
postconf -d | grep 邮件版本
mail_version = 2.7.1
后置 -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
allow_untrusted_routing = yes
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 24h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
maximal_queue_lifetime = 24h
mydestination = mail.example.com, extranet.example.com, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination
relayhost =
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/access, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access hash:/etc/postfix/helo_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.2013.chain.pem
smtpd_tls_key_file = /etc/ssl/private/example.2013.key
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = no
virtual_alias_domains = example.co.uk, example.co
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap_virtual_alias_maps.cf, ldap:/etc/postfix/ldap_virtual_groups.cf
virtual_mailbox_domains = ldap:/etc/postfix/ldap_virtual_domains.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_transport = dovecot
现在,我们只使用 smtpd_recipient_restrictions,因为我们对应用的客户端、helo 和收件人限制的顺序非常挑剔。但是,根据我的(显然有限的)理解,其中唯一应该生成该错误的check_recipient_access hash:/etc/postfix/access指令是该指令,但该文件仅用于在我们的虚拟别名域之一中阻止一些常见的垃圾邮件地址:
postmaster@example.com.au REJECT Recipient address rejected. This domain name is only an alias. Please email postmaster @ the primary domain or the mail server hostname.
abuse@example.com.au REJECT Recipient address rejected. This domain name is only an alias. Please email abuse @ the primary domain or the mail server hostname.
support@example.com.au REJECT Recipient address rejected. This domain name is only an alias. Please email support @ the primary domain or the mail server hostname.
/etc/postfix/sender_access是空的(在等待)并且helo_access只包含:
extranet.example.com REJECT You are not me
www.example.com REJECT You are not me
mail.example.com REJECT You are not me
所有其他指令似乎被正确地履行,否则我就至少可以期待一个不同的错误,如Helo command rejected,User unknown in virtual mailbox table,Service unavailable; Client host [2.3.4.5] blocked using zen.spamhaus.org,等。
接下来我应该在哪里查看为什么我收到“收件人地址被拒绝:访问被拒绝”?smtpd_recipient_restrictions 中的任何其他指令是否会在失败的情况下发出该错误?
由于某种原因,发送邮件服务器在端口 465 上发送邮件,这调用了一组不同的 smtpd_recipient_restrictions,更简单:
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o broken_sasl_auth_clients=yes
-o content_filter=
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
当然,他们的 SMTP 服务器未进行身份验证,因此收件人地址被拒绝并拒绝访问。
我应该接受超过 465 的未经身份验证的本地交付吗?我当然不这么认为。
| 归档时间: |
|
| 查看次数: |
42609 次 |
| 最近记录: |