ich habe als Admin in unserem Hause so einige Linux Server beerbt, von deren vollständigen Konfiguration ich nur den Hauch einer Ahnung habe.
Einer davon ist unser Mailserver (bzw. wir haben 2 davon).
Auf diesem Mailserver (vmail1.domain.tld) laufen diverse Cronjobs, einer davon soll jeden Montag PDFs aus Informationen vom LDAP generieren (klappt auch) und diese dann als Email an einige ausgewählte Empfänger schicken. Und genau hier ist seit einiger Zeit ein Problem aufgetreten, an dem ich im Moment ein wenig verzweifel.
Wenn ich das Skript manuell ausführe, dann scheint bis auf den Versand an unsere Domain alles zu klappen. Bei den Emails in unserer Domain erhalte ich jedoch die Meldung:
Diese Meldung erscheint dann für alle 8 definierten Empfänger.Mar 28 14:15:38 vmail1 sendemail[3260]: WARNING => The recipient <vorname.nachname@foo.domain.tld> was rejected by the mail server, error follows:
Mar 28 14:15:38 vmail1 sendemail[3260]: WARNING => Received: 554 5.7.1 <vorname.nachname>: Relay access denied
Witzigerweise gibt es aber auch eine Email an eine andere Domain vorname.nachname@foo2.domain.tld (diese Domain ist auf dem Mailserver auch definiert), und an diese Adresse geht die Email auch raus.
postconf -n
Code: Alles auswählen
alias_maps = hash:/etc/aliases,cdb:/etc/postfix/mailman-alias
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_header_rewrite_clients = permit_inet_interfaces, permit_sasl_authenticated
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
mydestination = domain.tld, mail.domain.tld, vmail1.domain.tld, ssl.domain.tld, localhost.domain.tld, localhost
myhostname = vmail1.domain.tld
mynetworks = 127.0.0.0/8
myorigin = domain.tld
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = domain.tld
relayhost = xxx.xxx.xxx.xxx
smtp_host_lookup = dns, native
smtp_sasl_mechanism_filter = plain
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_rbl_client sbl.spamhaus.org, reject_rbl_client pbl.spamhaus.org, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, check_helo_access hash:/etc/postfix/helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, permit
smtpd_milters = unix:/spamass/spamass.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, reject_rbl_client pbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/www.mail.domain.tld.ca
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/www.mail.domain.tld.crt
smtpd_tls_key_file = /etc/ssl/private/www.mail.domain.tld.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = cdb:/etc/postfix/mailman-virtual, ldap:/etc/postfix/virtual_alias.cf, hash:/etc/postfix/manual_virtual_alias, pcre:/etc/postfix/pcre_virtual_alias
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains.txt
virtual_transport = lmtp:unix:private/dovecot-lmtp
Der Vollständigkeit halber aber auch noch die Ausgabe von postconf -n auf dem vmail2:
Code: Alles auswählen
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 52428800
mydestination = vmail2.domain.tld, localhost.domain.tld, localhost
myhostname = vmail2.domain.tld
mynetworks = 127.0.0.0/8, xxx.xxx.xxx.0/24, yyy.yyy.yyy.0/24, xxx.xxx.0.0/16, yyy.yyy.yyy.0/24, xxx.xxx.xxx.0/24, aaa.aaa.aaa.0/26, a.b.c.d/32, c.d.e.f/32, xxx.yyy.0.0/16, yyy.xxx.0.0/16
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = xxx.xxx.xxx.xxx
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/manual_virtual_alias,pcre:/etc/postfix/pcre_virtual_alias
Code: Alles auswählen
Mar 28 14:15:38 vmail1 postfix/smtpd[2531]: connect from localhost[::1]
Mar 28 14:15:38 vmail1 postfix/smtpd[2531]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <vorname.nachname@foo.domain.tld>: Relay access denied; from=<username@foo.domain.tld> to=<vorname.nachname@foo.domain.tld> proto=ESMTP helo=<vmail1.domain.tld>
Mar 28 14:15:38 vmail1 postfix/smtpd[2531]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <vorname.nachname@foo.domain.tld>: Relay access denied; from=<username@foo.domain.tld> to=<vorname.nachname@foo.domain.tld> proto=ESMTP helo=<vmail1.domain.tld>
Mar 28 14:15:38 vmail1 postfix/smtpd[2531]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <vorname.nachname@foo.domain.tld>: Relay access denied; from=<username@foo.domain.tld> to=<vorname.nachname@foo.domain.tld> proto=ESMTP helo=<vmail1.domain.tld>
...
Mar 28 14:15:38 vmail1 postgrey[2962]: action=pass, reason=client AWL, client_name=localhost, client_address=::1, sender=username@foo.domain.tld, recipient=vorname.nachname@foo.domain.tld
Mar 28 14:15:38 vmail1 postfix/smtpd[2531]: F196A77C31F: client=localhost[::1]
Mar 28 14:15:38 vmail1 postfix/cleanup[2496]: F196A77C31F: message-id=<669886.57493809-sendEmail@vmail1>
Mar 28 14:15:39 vmail1 postfix/qmgr[2463]: F196A77C31F: from=<username@foo.domain.tld>, size=324623, nrcpt=1 (queue active)
Mar 28 14:15:39 vmail1 postfix/smtpd[2531]: disconnect from localhost[::1]
Mar 28 14:15:39 vmail1 postfix/lmtp[2498]: F196A77C31F: to=<vorname.nachname@foo.domain.tld>, relay=vmail1.domain.tld[private/dovecot-lmtp], delay=0.58, delays=0.52/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 <vorname.nachname@foo.domain.tld> LgigFsZT2lhWCwAAWhlwNQ Saved)
Mar 28 14:15:39 vmail1 postfix/qmgr[2463]: F196A77C31F: removed
Code: Alles auswählen
Mar 28 14:40:22 vmail1 postgrey[2962]: action=pass, reason=client AWL, client_name=localhost, client_address=::1, sender=username@foo.domain.tld, recipient=vorname.nachname@foo.domain.tld
Mar 28 14:40:22 vmail1 postfix/smtpd[6878]: NOQUEUE: reject: RCPT from localhost[::1]: 550 5.1.1 <vorname.nachname@foo.domain.tld>: Recipient address rejected: User unknown in local recipient table; from=<username@foo.domain.tld> to=<vorname.nachname@foo.domain.tld> proto=ESMTP helo=<vmail1.domain.tld>
...
Mar 28 14:40:22 vmail1 postgrey[2962]: action=pass, reason=client AWL, client_name=localhost, client_address=::1, sender=username@foo.domain.tld, recipient=vorname.nachname@foo.domain.tld
Mar 28 14:40:22 vmail1 postfix/smtpd[6878]: CE59B77C31F: client=localhost[::1]
Mar 28 14:40:22 vmail1 postfix/cleanup[7616]: CE59B77C31F: message-id=<49809.9034625454-sendEmail@vmail1>
Mar 28 14:40:23 vmail1 postfix/qmgr[6839]: CE59B77C31F: from=<username@foo.domain.tld>, size=324624, nrcpt=1 (queue active)
Mar 28 14:40:23 vmail1 postfix/smtpd[6878]: disconnect from localhost[::1]
Mar 28 14:40:23 vmail1 postfix/lmtp[7619]: CE59B77C31F: to=<vorname.nachname@foo.domain.tld>, relay=vmail1.domain.tld[private/dovecot-lmtp], delay=0.51, delays=0.44/0/0/0.07, dsn=2.0.0, status=sent (250 2.0.0 <vorname.nachname@foo.domain.tld> hbD9D7dZ2ljLHgAAWhlwNQ Saved)
Mar 28 14:40:23 vmail1 postfix/qmgr[6839]: CE59B77C31F: removed
Code: Alles auswählen
myorigin = domain.tld
myhostname = vmail1.domain.tld
# Akzeptieren von Hosts in der /etc/hosts
smtp_host_lookup = dns, native
# Keine DNS-Abfragen durchführen
#disable_dns_lookups = yes
#smtpd_banner = $myhostname ESMTP $mail_name
smtpd_banner = $myhostname ESMTP
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# Maximale Größe einer Mail 50 MB
message_size_limit = 52428800
#
# TLS parameters
# http://www.postfix.org/TLS_README.html#server_tls
#
# With this, the Postfix SMTP server announces STARTTLS support to remote SMTP
# clients, but does not require that clients use TLS encryption.
smtpd_tls_security_level = may
# AUTH nur über TLS erlauben
smtpd_tls_auth_only = yes
# To get additional information about Postfix SMTP server TLS activity you can
# increase the log level from 0..4. Each logging level also includes the
# information that is logged at a lower logging level.
# 0 Disable logging of TLS activity.
# 1 Log TLS handshake and certificate information.
# 2 Log levels during TLS negotiation.
# 3 Log hexadecimal and ASCII dump of TLS negotiation process
# 4 Log hexadecimal and ASCII dump of complete transmission after STARTTLS
smtpd_tls_loglevel = 1
# certificate and private key
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_CAfile = /etc/ssl/certs/www.mail.domain.tld.ca
smtpd_tls_cert_file = /etc/ssl/certs/www.mail.domain.tld.crt
smtpd_tls_key_file = /etc/ssl/private/www.mail.domain.tld.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Benötigt für Mailman
alias_maps = hash:/etc/aliases,cdb:/etc/postfix/mailman-alias
mydestination = domain.tld, mail.domain.tld, vmail1.domain.tld, ssl.domain.tld, localhost.domain.tld, localhost
relayhost = xxx.xxx.xxx.xxx
mynetworks = 127.0.0.0/8
relay_domains = domain.tld
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
transport_maps = hash:/etc/postfix/transport
# Header Rewriting für alle Clients erlauben
local_header_rewrite_clients = permit_inet_interfaces,
permit_sasl_authenticated
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains.txt
# Benötigt für Mailman
virtual_alias_maps = cdb:/etc/postfix/mailman-virtual, ldap:/etc/postfix/virtual_alias.cf, hash:/etc/postfix/manual_virtual_alias, pcre:/etc/postfix/pcre_virtual_alias
# SASL Auth via Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtp_sasl_mechanism_filter = plain
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Anti-UCE
smtpd_helo_required = yes
disable_vrfy_command = yes
# Postfix verarbeitet die Beschränkungsphasen in folgender Reihenfolge:
#
# smtpd_client_restrictions
# smtpd_helo_restrictions
# smtpd_sender_restrictions
# smtpd_recipient_restrictions
# smtpd_data_restrictions
smtpd_client_restrictions =
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client pbl.spamhaus.org,
permit
smtpd_helo_restrictions =
permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_access,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client pbl.spamhaus.org,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
# Spamassassin
milter_default_action = accept
smtpd_milters = unix:/spamass/spamass.sock
html_directory = /usr/share/doc/postfix/html