後綴：來自其他域區域的收件人地址被拒絕

我已經成功安裝了具有虛擬域和 TLS 支持的 Postfix/Dovecot，如本文所述 - https://geekpeek.net/postfix-with-dovecot/ …

但面臨問題。我只能向我的域區域中的人發送電子郵件（blabla例如）。這意味著我可以從admin@blabla.comto發送電子郵件info@blabla.com。但是當我試圖從我的Google帳戶向這個地址發送電子郵件時，我會收到下一個錯誤：

postfix/smtpd[19211]: connect from mail-wi0-f172.google.com[209.85.212.172]
Sep 10 18:23:17 amazon-ws.fs.local postfix/smtpd[19211]: NOQUEUE: reject: RCPT from mail-wi0-f172.google.com[209.85.212.172]: 554 5.7.1 <info@blabla.com>: Recipient address rejected: Access denied; from=<{myaccount}@gmail.com> to=<info@blabla.com> proto=ESMTP helo=<mail-wi0-f172.google.com>
Sep 10 18:23:17 amazon-ws.fs.local postfix/smtpd[19211]: disconnect from mail-wi0-f172.google.com[209.85.212.172]

收件人地址被拒絕：訪問被拒絕；

我所能理解的是我的後綴伺服器拒絕了這封郵件，但不明白為什麼。後綴配置（main.cf）附在下面：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 100
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = amazon-ws.fs.local
mynetworks = 172.31.0.0/20, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_minfree = 20971520
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
smtpd_recipient_limit = 1000
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/cert/postfix.pem
smtpd_tls_key_file = /etc/postfix/cert/private/postfix.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/mail/virtmailbox
virtual_mailbox_domains = /etc/postfix/virtdomains
virtual_mailbox_maps = hash:/etc/postfix/virtmail_maps
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000

作業系統： RHEL7.1，Postfix 版本 2.10.1

哪裡有問題？

正如@alexkowalski 提到的，文件中有一個短參數（-o）的問題**不在 main.cf 文件**master.cf`中。

因為 -o 選項master.cf可以覆蓋main.cf基於每個服務寫入的選項，所以smtpd_recipient_restrictions參數值是從master.cf文件中獲取的。

注意smtpd_recipient_restrictions參數：

smtps     inet  n       -       y       -       -       smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_reject_unlisted_recipient=no
 -o smtpd_client_restrictions=$mua_client_restrictions
 -o smtpd_helo_restrictions=$mua_helo_restrictions
 -o smtpd_sender_restrictions=$mua_sender_restrictions
 -o smtpd_recipient_restrictions=
 -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
------->  -o smtpd_recipient_restrictions=permit_sasl_authenticated, reject

通過註釋該行和我不想要的所有其他 -o 行，寫入main.cf文件中的值就是採用的值。

最後，我發現了一個問題！文件中有一個簡短的參數master.cf。

我有：

  -o smtpd_recipient_restrictions=permit_sasl_authenticated, reject

一定是：

  -o smtpd_recipient_restrictions=permit_sasl_authenticated, reject_unauth_destination

由於 smtpd 在 sasl 身份驗證開始之前拒絕所有傳入連接，因此reject需要將參數更改為。reject_unauth_destination

引用自：https://unix.stackexchange.com/questions/229000