transport funktioniert nicht
Bernd Blana
bernd at bblana.de
Do Jan 5 14:09:39 CET 2023
Hallo Markus
zuerst postconf -n
root at mail2:/opt/mailcow-dockerized# docker-compose exec postfix-mailcow
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
compatibility_level = 2
config_directory = /opt/postfix/conf
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mail_name = Postcow
mailbox_size_limit = 0
maximal_backoff_time = 1800s
maximal_queue_lifetime = 5d
message_size_limit = 104857600
milter_default_action = tempfail
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
minimal_backoff_time = 300s
mydestination = localhost.localdomain, localhost
myhostname = mail2.nazareth-norddeich.de
mynetworks_style = subnet
non_smtpd_milters = inet:rspamd:9900
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients
plaintext_reject_code = 550
postscreen_access_list = permit_mynetworks,
cidr:/opt/postfix/conf/custom_postscreen_whitelist.cidr,
cidr:/opt/postfix/conf/postscreen_access.cidr, tcp:127.0.0.1:10027
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_discard_ehlo_keywords = silent-discard, dsn
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
hostkarma.junkemailfilter.com=127.0.0.1*-2
list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-4
list.dnswl.org=127.0.[0..255].2*-6 list.dnswl.org=127.0.[0..255].3*-8
ix.dnsbl.manitu.net*2 bl.spamcop.net*2 bl.suomispam.net*2
hostkarma.junkemailfilter.com=127.0.0.2*3
hostkarma.junkemailfilter.com=127.0.0.4*2
hostkarma.junkemailfilter.com=127.0.1.2*1
backscatter.spameatingmonkey.net*2 bl.ipv6.spameatingmonkey.net*2
bl.spameatingmonkey.net*2 b.barracudacentral.org=127.0.0.2*7
bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4
dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6
dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2
dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2
zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6
zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3
postscreen_dnsbl_threshold = 6
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
$sender_dependent_default_transport_maps, $smtp_tls_policy_maps,
$local_recipient_maps, $mydestination, $virtual_alias_maps,
$virtual_alias_domains, $virtual_mailbox_maps, $virtual_mailbox_domains,
$relay_recipient_maps, $relay_domains, $canonical_maps,
$sender_canonical_maps, $sender_bcc_maps, $recipient_bcc_maps,
$recipient_canonical_maps, $relocated_maps, $transport_maps,
$mynetworks, $smtpd_sender_login_maps, $smtp_sasl_password_maps
queue_run_delay = 300s
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
recipient_delimiter = +
relay_domains =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
relay_recipient_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
relayhost =
sender_dependent_default_transport_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf
smtp_address_preference = any
smtp_dns_support_level = dnssec
smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
smtp_sasl_auth_enable = yes
smtp_sasl_auth_soft_bounce = no
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
smtp_sasl_security_options =
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/ssl/mail/cert.pem
smtp_tls_key_file = /etc/ssl/mail/key.pem
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_policy_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_milters = inet:rspamd:9900
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = check_recipient_mx_access
proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
permit_sasl_authenticated, permit_mynetworks, check_recipient_access
proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
reject_invalid_helo_hostname, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = inet:dovecot:10001
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
permit_mynetworks, permit_sasl_authenticated, reject_unlisted_sender,
reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/mail/cert.pem
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA,
ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA
smtpd_tls_key_file = /etc/ssl/mail/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtputf8_enable = no
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_preempt_cipherlist = yes
tls_server_sni_maps = hash:/opt/postfix/conf/sni.map
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
pcre:/opt/postfix/conf/local_transport,
proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
virtual_alias_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_resource_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:inet:dovecot:24
virtual_uid_maps = static:5000
dann postconf -M
root at mail2:/opt/mailcow-dockerized# docker-compose exec postfix-mailcow
postconf -M
smtp inet n - n - 1 postscreen
10025 inet n - n - 1 postscreen -o
postscreen_upstream_proxy_protocol=haproxy -o syslog_name=haproxy
smtpd pass - - n - - smtpd -o
smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
-o smtpd_sasl_auth_enable=no -o
smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o
tls_preempt_cipherlist=yes -o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/smtps
10465 inet n - n - - smtpd -o
smtpd_upstream_proxy_protocol=haproxy -o smtpd_tls_wrappermode=yes -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o
tls_preempt_cipherlist=yes -o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/smtps-haproxy
submission inet n - n - - smtpd -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o
smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o
cleanup_service_name=smtp_sender_cleanup -o syslog_name=postfix/submission
10587 inet n - n - - smtpd -o
smtpd_upstream_proxy_protocol=haproxy -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o
smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o
cleanup_service_name=smtp_sender_cleanup -o
syslog_name=postfix/submission-haproxy
588 inet n - n - - smtpd -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_auth_only=no -o
smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
-o cleanup_service_name=smtp_sender_cleanup -o syslog_name=postfix/sogo
590 inet n - n - - smtpd -o
smtpd_helo_restrictions= -o
smtpd_client_restrictions=permit_mynetworks,reject -o
smtpd_tls_auth_only=no -o smtpd_milters= -o non_smtpd_milters= -o
syslog_name=postfix/quarantine
591 inet n - n - - smtpd -o
smtpd_helo_restrictions= -o
smtpd_client_restrictions=permit_mynetworks,reject -o
smtpd_tls_auth_only=no -o smtpd_milters= -o non_smtpd_milters= -o
syslog_name=postfix/bcc
smtp_enforced_tls unix - - n - - smtp -o
smtp_tls_security_level=encrypt -o syslog_name=enforced-tls-smtp -o
smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
smtp_via_transport_maps unix - - n - - smtp -o
smtp_sasl_password_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf
tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
smtp_sender_cleanup unix n - y - 0 cleanup -o
header_checks=$smtp_header_checks
127.0.0.1:10027 inet n n n - 0 spawn
user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
589 inet n - n - - smtpd -o
smtpd_client_restrictions=permit_mynetworks,reject -o
syslog_name=watchdog -o syslog_facility=local7 -o smtpd_milters= -o
cleanup_service_name=watchdog_cleanup -o non_smtpd_milters=
watchdog_cleanup unix n - n - 0 cleanup -o
syslog_name=watchdog -o syslog_facility=local7 -o
queue_service_name=watchdog_qmgr
watchdog_qmgr fifo n - n 300 1 qmgr -o
syslog_facility=local7 -o syslog_name=watchdog -o
rewrite_service_name=watchdog_rewrite
watchdog_rewrite unix - - n - - trivial-rewrite -o
syslog_facility=local7 -o syslog_name=watchdog -o
local_transport=watchdog_discard
watchdog_discard unix - - n - - discard -o
syslog_facility=local7 -o syslog_name=watchdog
Ich weiß jetzt nicht genau welchen Bereich des Logs du da brauchst, ich
mal diesen Bereich gewählt. Wenn es nicht reicht kann ich auch noch mehr
schicken:
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: match_list_match:
79.206.206.110: no match
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: send attr request
= disconnect
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: send attr ident =
submission:79.206.206.110
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: private/anvil:
wanted attribute: status
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: input attribute
name: status
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: input attribute
value: 0
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: private/anvil:
wanted attribute: (list terminator)
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: input attribute
name: (end)
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: abort all milters
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: milter8_abort:
skip milter unix:/var/run/amavis/amavisd-milter.sock
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: milter8_abort:
abort milter unix:/var/run/opendkim/opendkim.sock
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: disconnect event
to all milters
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]:
milter8_disc_event: skip quit milter
unix:/var/run/amavis/amavisd-milter.sock
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]:
milter8_disc_event: quit milter unix:/var/run/opendkim/opendkim.sock
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: disconnect from
p4fcece6e.dip0.t-ipconnect.de[79.206.206.110] ehlo=2 starttls=1 auth=1
mail=1 rcpt=1 data=1 quit=1 commands=8
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: master_notify:
status 1
Jan 4 11:54:33 mail postfix/submission/smtpd[24190]: connection closed
Jan 4 11:54:33 mail dovecot: imap(kamera at nazareth-norddeich.de): Logged
out in=1010 out=1984
Jan 4 11:54:33 mail dovecot: imap-login: Login:
user=<kamera at nazareth-norddeich.de>, method=PLAIN, rip=79.206.206.110,
lip=192.168.240.3, mpid=24198, TLS, session=<uzJ4Am7xXNlPzs5u>
Jan 4 11:54:35 mail postfix/smtp[24194]: 16C52620141:
to=<ina.schwitters at hospiz-am-meer.de>,
relay=192.168.240.4[192.168.240.4]:25, delay=3,
delays=0.16/0.01/2.8/0.01, dsn=5.1.0, status=bounced (host
192.168.240.4[192.168.240.4] said: 550 5.1.0
<kamera at nazareth-norddeich.de>: Sender address rejected: User unknown in
virtual mailbox table (in reply to RCPT TO command))
Jan 4 11:54:35 mail postfix/cleanup[24200]: E5B47620162:
message-id=<20230104105435.E5B47620162 at mail.nazareth-norddeich.de>
Jan 4 11:54:35 mail postfix/bounce[24199]: 16C52620141: sender
non-delivery notification: E5B47620162
Jan 4 11:54:35 mail postfix/qmgr[22973]: E5B47620162: from=<>,
size=3200, nrcpt=1 (queue active)
Jan 4 11:54:35 mail postfix/qmgr[22973]: 16C52620141: removed
soweit erst einmal
Liebe Grüße
Bernd
On 04.01.2023 20:31, Markus Winkler via Dovecot wrote:
> Hallo Bernd,
>
> On 04.01.23 17:42, Bernd Blana via Dovecot wrote:
>> Ich finde den Eintrag 'smtpd_reject_unlisted_sender = yes' nicht, er
>> müsste doch wohl in der main.cf stehen. Ein 'postconf -n' gibt mir
>> auf beiden Servern keine Antwort auf reject_unlisted_sender.
>
> schicke bitte zunächst von mail2 die Ausgaben von
>
> - 'postconf -n'
> - 'postconf -M'
> - den Teil des Postfix-Logs, wo der mail gerade versucht hatte, die
> E-Mail von <kamera at nazareth-norddeich.de> an
> <ina.schwitters at hospiz-am-meer.de> einzuliefern
>
> Dann sehen wir weiter und müssen auch die Gültigkeit der Adresse
> <kamera at nazareth-norddeich.de> überprüfen.
>
> LG
> Markus
Mehr Informationen über die Mailingliste Dovecot