Postfix
從 2.11 升級到 3.4 後,Postfix 中繼訪問被拒絕
Postfix 的 2.11.3 版本在過去幾年中執行良好。在我將其升級到 3.4.14 版本後,伺服器無法再向外部發送電子郵件。
在
mail.err文件中,我找到了以下行:postfix/smtpd[1043]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains之後,我已經配置了兩個
master.cf參數-o smtpd_recipient_restrictions=reject_unauth_destination -o smtpd_relay_restrictions=reject_unauth_destination在 Postfix 版本 2.11 中,這兩個參數都被註釋掉了。
在該配置之後,消息消失了,但我在文件
mail.err中發現了另一個錯誤mail.logJun 3 08:01:22 smtp-out postfix/smtpd[19915]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <info@info.com>: Relay access denied; from=<john.smith@test.com> to=<info@info.com> proto=ESMTP helo=<[127.0.0.1]>由於我正在使用
sender_dependent_relayhost_maps = hash:/etc/postfix/transport_sender這兩個參數的正確配置(以防萬一)?這是我的
main.cf文件:inet_protocols = ipv4 smtpd_banner = Company ESMTP NO UCE/UBE biff = no append_dot_mydomain = no myhostname = smtp-out.company.com mydomain = company.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = smtp-out.local, localhost.dmz.local.dmz.local, localhost, $mydomain, localhost.$mydomain relayhost = [mail.external-relayserver.com] relay_domains = mynetworks = 192.168.10.0/24, 192.168.15.0/24, 127.0.0.0/8, [::1]/128 header_checks = regexp:/etc/postfix/regexp/header_checks message_size_limit = 47185920 recipient_delimiter = + transport_maps = hash:/etc/postfix/transport undisclosed_recipients_header= local_recipient_maps = smtp_tls_security_level=may smtp_tls_loglevel=1 # relay transport sender_dependent_relayhost_maps = hash:/etc/postfix/transport_sender smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous default_destination_concurrency_limit = 2 default_destination_rate_delay = 1s
master.cf文件:smtp inet n - - - - smtpd -o smtpd_recipient_restrictions=reject_unauth_destination -o smtpd_relay_restrictions=reject_unauth_destination pickup unix n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
您需要在.
reject_unauth_destination例如,允許您自己的網路通過您的伺服器進行中繼:
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination或者如果您使用的是 sasl_authentication:
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination請記住,這些規則是按列出的順序指定的……因此,上述規則允許您網路上的客戶端中繼郵件而無需進行身份驗證。來自網路外部的客戶端必須對自己進行身份驗證。其他人的中繼嘗試被拒絕。
順便說一句,對於像您這樣的簡單後綴配置,最好將這些選項放在
main.cf文件中,而不是master.cf.