/ Forside / Teknologi / Operativsystemer / Linux / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Linux
#NavnPoint
o.v.n. 11177
peque 7911
dk 4814
e.c 2359
Uranus 1334
emesen 1334
stone47 1307
linuxrules 1214
Octon 1100
10  BjarneD 875
Mail relaying
Fra : Per Jørgensen


Dato : 23-06-08 08:44

Heysa.

Jeg har et problem med min mailserver igen på job.
Jeg har skiftet den i denne weekend og er rendt i et problem.

Vi har en server til vores interne salgsystem etc (MERA) som bruger
sendmail til at sende mails med - Den relayer via vores mailserver.
Men efter skiftet over til den nye mailserver - er følgende problem nu
opstået:
Jun 23 09:36:29 insa02 sendmail[16769]: STARTTLS=client,
relay=mail.xxxxxx.com., version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtA016769:
to=katarina.akerblom@xxxxxxx.com, ctladdr=[M0645126]<mk@xxxxxx.com>
(500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=134704,
relay=mail.xxxxxxxx.com. [172.16.50.6], dsn=5.7.1, stat=Service unavailable
Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtA016769:
to=anders.holmstrom@xxxxxxxx.com, ctladdr=[M0645126]<mk@xxxxxxx.com>
(500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=134704,
relay=mail.xxxxxxxx.com. [172.16.50.6], dsn=5.7.1, stat=Service unavailable
Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtA016769: m5N7aTtB016769:
DSN: Service unavailable
Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtB016769:
to=[M0645126]<mk@xxxxxxx.com>, delay=00:00:00, xdelay=00:00:00,
mailer=relay, pri=105728, relay=mail.xxxxxxx.com. [172.16.50.6],
dsn=2.0.0, stat=Sent (Ok: queued as DC3EC150343)


Alle mine ellers klienter virker - men jeg kan ikke få denne server til
at sende mails videre og det fejler der.

PÅ Selve mailserveren har jeg postfix installeret med følgende:
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/postfix/certs/mailcert.pem
smtpd_tls_key_file=/etc/postfix/certs/mailkey.pem
smtpd_tls_CAfile=/etc/postfix/certs/cacert.pem
smtpd_use_tls=yes
smtp_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_recieved_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/random
tls_smtp_use_tls = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = xxxxxxxx.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
transport_maps = hash:/etc/postfix/transport

####### SASL BITS ########
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_unauth_destination,
   permit_mynetworks,
   check_relay_domains
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes

######### Virtual User Configurations ##########
virtual_alias_maps      = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains      = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps      = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit      = 5120000000
virtual_minimum_uid      = 5000
virtual_uid_maps      = static:5000
virtual_gid_maps      = static:5000
virtual_mailbox_base      = /storage
virtual_transport      = virtual


###### Additional support for Quota
virtual_create_maildirsize   = yes
virtual_mailbox_extended   = yes
virtual_mailbox_limit_maps   = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_maildir_limit_message   = Sorry - The maildir has overdrawn the
diskspace quota - free up some spaces of your mailbox and try again...
virtual_overquota_bounce    = yes

######### Spamfilter & Scanning
content_filter=smtp-amavis:[127.0.0.1]:10024




Er der nogen ide omkring dette ???? Hvad det lige er der gør at den
melder disse.

--
Med Venlig Hilsen

Per Jørgense/\/

 
 
Per Jørgensen (23-06-2008)
Kommentar
Fra : Per Jørgensen


Dato : 23-06-08 08:59

Per Jørgensen skrev:
> Heysa.
>
> Jeg har et problem med min mailserver igen på job.
> Jeg har skiftet den i denne weekend og er rendt i et problem.
>
> Vi har en server til vores interne salgsystem etc (MERA) som bruger
> sendmail til at sende mails med - Den relayer via vores mailserver.
> Men efter skiftet over til den nye mailserver - er følgende problem nu
> opstået:
> Jun 23 09:36:29 insa02 sendmail[16769]: STARTTLS=client,
> relay=mail.xxxxxx.com., version=TLSv1/SSLv3, verify=FAIL,
> cipher=DHE-RSA-AES256-SHA, bits=256/256
> Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtA016769:
> to=katarina.akerblom@xxxxxxx.com, ctladdr=[M0645126]<mk@xxxxxx.com>
> (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=134704,
> relay=mail.xxxxxxxx.com. [172.16.50.6], dsn=5.7.1, stat=Service unavailable
> Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtA016769:
> to=anders.holmstrom@xxxxxxxx.com, ctladdr=[M0645126]<mk@xxxxxxx.com>
> (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=134704,
> relay=mail.xxxxxxxx.com. [172.16.50.6], dsn=5.7.1, stat=Service unavailable
> Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtA016769: m5N7aTtB016769:
> DSN: Service unavailable
> Jun 23 09:36:29 insa02 sendmail[16769]: m5N7aTtB016769:
> to=[M0645126]<mk@xxxxxxx.com>, delay=00:00:00, xdelay=00:00:00,
> mailer=relay, pri=105728, relay=mail.xxxxxxx.com. [172.16.50.6],
> dsn=2.0.0, stat=Sent (Ok: queued as DC3EC150343)
>
>
> Alle mine ellers klienter virker - men jeg kan ikke få denne server til
> at sende mails videre og det fejler der.
>
> PÅ Selve mailserveren har jeg postfix installeret med følgende:
> /etc/postfix/main.cf
> # See /usr/share/postfix/main.cf.dist for a commented, more complete
> version
>
>
> # Debian specific: Specifying a file name will cause the first
> # line of that file to be used as the name. The Debian default
> # is /etc/mailname.
> #myorigin = /etc/mailname
>
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> biff = no
>
> # appending .domain is the MUA's job.
> append_dot_mydomain = no
>
> # Uncomment the next line to generate "delayed mail" warnings
> #delay_warning_time = 4h
>
> readme_directory = no
>
> # TLS parameters
> smtpd_tls_cert_file=/etc/postfix/certs/mailcert.pem
> smtpd_tls_key_file=/etc/postfix/certs/mailkey.pem
> smtpd_tls_CAfile=/etc/postfix/certs/cacert.pem
> smtpd_use_tls=yes
> smtp_use_tls=yes
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> smtpd_tls_loglevel = 1
> smtpd_tls_recieved_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_exchange_name = /var/run/prng_exch
> tls_random_source = dev:/dev/random
> tls_smtp_use_tls = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth-client
>
>
> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
> # information on enabling SSL in the smtp client.
>
> myhostname = xxxxxxxx.com
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination =
> relayhost =
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = all
> transport_maps = hash:/etc/postfix/transport
>
> ####### SASL BITS ########
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> reject_unauth_destination,
> permit_mynetworks,
> check_relay_domains
> smtpd_delay_reject = yes
> broken_sasl_auth_clients = yes
>
> ######### Virtual User Configurations ##########
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_maps =
> mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_mailbox_limit = 5120000000
> virtual_minimum_uid = 5000
> virtual_uid_maps = static:5000
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /storage
> virtual_transport = virtual
>
>
> ###### Additional support for Quota
> virtual_create_maildirsize = yes
> virtual_mailbox_extended = yes
> virtual_mailbox_limit_maps =
> mysql:/etc/postfix/mysql_virtual_limit_maps.cf
> virtual_maildir_limit_message = Sorry - The maildir has overdrawn the
> diskspace quota - free up some spaces of your mailbox and try again...
> virtual_overquota_bounce = yes
>
> ######### Spamfilter & Scanning
> content_filter=smtp-amavis:[127.0.0.1]:10024
>
>
>
>
> Er der nogen ide omkring dette ???? Hvad det lige er der gør at den
> melder disse.
>
PÅ Selve mailserveren får jeg denne i logfilen:
Jun 23 09:50:21 sif postfix/smtpd[26641]: Anonymous TLS connection
established from unknown[172.16.50.3]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Jun 23 09:50:21 sif postfix/smtpd[26641]: NOQUEUE: reject: RCPT from
unknown[172.16.50.3]: 554 5.7.1 <hjo@welltec.dk>: Relay access denied;
from=<jah@xxxxx.com> to=<hjo@xxxxx.dk> proto=ESMTP helo=<hugin.xxxxx.com>
Jun 23 09:50:22 sif postfix/smtpd[26641]: 00935150343:
client=unknown[172.16.50.3]


--
Med Venlig Hilsen

Per Jørgense/\/

Thorbjørn Ravn Ander~ (23-06-2008)
Kommentar
Fra : Thorbjørn Ravn Ander~


Dato : 23-06-08 09:43

Per Jørgensen skrev den 23-06-2008 09:58:

> Jun 23 09:50:21 sif postfix/smtpd[26641]: NOQUEUE: reject: RCPT from
> unknown[172.16.50.3]: 554 5.7.1 <hjo@welltec.dk>: Relay access denied;
> from=<jah@xxxxx.com> to=<hjo@xxxxx.dk> proto=ESMTP helo=<hugin.xxxxx.com>

Har du fortalt postfix at xxxxx.com og/eller xxxxx.dk er domæner den
godt må tillade relaying for?

--
Thorbjørn Ravn Andersen "... plus... Tubular Bells!"

Per Jørgensen (23-06-2008)
Kommentar
Fra : Per Jørgensen


Dato : 23-06-08 10:17

Thorbjørn Ravn Andersen skrev:
> Per Jørgensen skrev den 23-06-2008 09:58:
>
>> Jun 23 09:50:21 sif postfix/smtpd[26641]: NOQUEUE: reject: RCPT from
>> unknown[172.16.50.3]: 554 5.7.1 <hjo@welltec.dk>: Relay access denied;
>> from=<jah@xxxxx.com> to=<hjo@xxxxx.dk> proto=ESMTP helo=<hugin.xxxxx.com>
>
> Har du fortalt postfix at xxxxx.com og/eller xxxxx.dk er domæner den
> godt må tillade relaying for?
>
Ja - Det er vores interne system - så det burde da absolut fungere.
Vores eget domæne - er .com
HVorimod vores kunder er *.dk

Men kan ikke sende ud af huset fra andre servere - igennem mailserver
til disse.
Men kan godt sende direkte fra outlook/thunderbird klienter!


--
Med Venlig Hilsen

Per Jørgense/\/

Thorbjørn Ravn Ander~ (23-06-2008)
Kommentar
Fra : Thorbjørn Ravn Ander~


Dato : 23-06-08 10:26

Per Jørgensen skrev den 23-06-2008 11:16:
> Thorbjørn Ravn Andersen skrev:
>> Per Jørgensen skrev den 23-06-2008 09:58:
>>
>>> Jun 23 09:50:21 sif postfix/smtpd[26641]: NOQUEUE: reject: RCPT from
>>> unknown[172.16.50.3]: 554 5.7.1 <hjo@welltec.dk>: Relay access
>>> denied; from=<jah@xxxxx.com> to=<hjo@xxxxx.dk> proto=ESMTP
>>> helo=<hugin.xxxxx.com>
>>
>> Har du fortalt postfix at xxxxx.com og/eller xxxxx.dk er domæner den
>> godt må tillade relaying for?
>>
> Ja - Det er vores interne system - så det burde da absolut fungere.
> Vores eget domæne - er .com
> HVorimod vores kunder er *.dk

Tjah, det er det den beklager sig over at den ikke vil.

Måske en slåfejl i konfigurationsfilerne?


--
Thorbjørn Ravn Andersen "... plus... Tubular Bells!"

Per Jørgensen (23-06-2008)
Kommentar
Fra : Per Jørgensen


Dato : 23-06-08 10:51

Hey Thorbjørn.
Tak for dit svar.
Denne gang uden sløring af navne IP mm
Jeg kan nu ikke rigtig se hvad der skulle være galt siden den ikke vil
dette.
Mailserver SIF:
Postfix - inkl MySQL virtual-domains
Postfixadmin mm. Dog er det postfix der styrer dette???

System serveren
Kører MERA og bruger sendmail til at relaye igennem mailserver.

Her er mine konfigurationer:
til at starte med submit.mc - > fra MERA serveren:

#ldivert(-1)
#
# Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers.
#   All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

#
# This is the prototype file for a set-group-ID sm-msp sendmail that
# acts as a initial mail submission program.
#

divert(0)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
FEATURE(`msp', `mail.insatech.com') dnl
VERSIONID(`linux setup for Red Hat Linux')dnl
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confPID_FILE', `/var/run/sm-client.pid')dnl
dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')
dnl FEATURE(`msp')dnl
dnl FEATURE(`use_ct_file')dnl


Mailserveren main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/postfix/certs/mailcert.pem
smtpd_tls_key_file=/etc/postfix/certs/mailkey.pem
smtpd_tls_CAfile=/etc/postfix/certs/cacert.pem
smtpd_use_tls=yes
smtp_use_tls=yes
smtpd_discard_ehlo_keywords= silent-discard
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_recieved_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/random
tls_smtp_use_tls = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = insatech.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost = 172.16.50.3/32
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.50.0/23
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
transport_maps = hash:/etc/postfix/transport

####### SASL BITS ########
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_unauth_destination,
   permit_mynetworks,
   check_relay_domains
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes

######### Virtual User Configurations ##########
virtual_alias_maps      = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains      = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps      = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit      = 5120000000
virtual_minimum_uid      = 5000
virtual_uid_maps      = static:5000
virtual_gid_maps      = static:5000
virtual_mailbox_base      = /storage
virtual_transport      = virtual


###### Additional support for Quota
virtual_create_maildirsize   = yes
virtual_mailbox_extended   = yes
virtual_mailbox_limit_maps   = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_maildir_limit_message   = Sorry - The maildir has overdrawn the
diskspace quota - free up some spaces of your mailbox and try again...
virtual_overquota_bounce    = yes

######### Spamfilter & Scanning
content_filter=smtp-amavis:[127.0.0.1]:10024


og mailserverens master:
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
   -o content_filter=
   -o recieve_override_options=no_header_body_checks

cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
   -o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix   -   n   n   -   2   pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

smtp-amavis   unix   -   -   -   -   2   smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
   -o max_use=20

127.0.0.1:10025   inet   n   -   -   -   -   smtpd
   -o content_filter=
   -o local_recipients_maps=
   -o relay_recipients_maps=
   -o smtpd_restriction_classes=
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_sender_restrictions=reject_unauth_pipelining
   -o smtpd_end_of_data:restrictions=
   -o mynetworks=127.0.0.0/8
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o
recieve_override_options=no_header_body_checks,no_unknown_recipient_checks

# Vacation definations
vacation   unix   -   n   n   -   -   pipe
   flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f
${sender} -- ${recipient}


Fra MERA serveren Sendmail log:
Jun 23 11:44:23 insa02 sendmail[20970]: STARTTLS=client,
relay=mail.insatech.com, version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 23 11:44:23 insa02 sendmail[20970]: m5N9iNZ2020970:
to=bjorn.sverre.mikkelsen@scansense.no,
ctladdr=[M0645222]<mok@insatech.com> (500/500), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=236722, relay=mail.insatech.com
[172.16.50.6], dsn=5.7.1, stat=Service unavailable
Jun 23 11:44:23 insa02 sendmail[20970]: m5N9iNZ2020970: m5N9iNZ3020970:
DSN: Service unavailable
Jun 23 11:44:23 insa02 sendmail[20970]: m5N9iNZ3020970:
to=[M0645222]<mok@insatech.com>, delay=00:00:00, xdelay=00:00:00,
mailer=relay, pri=237746, relay=mail.insatech.com [172.16.50.6],
dsn=2.0.0, stat=Sent (Ok: queued as 3398C150388)


Mailserverens log
connect from unknown[172.16.50.3]
Jun 23 11:44:21 sif postfix/smtpd[32405]: setting up TLS connection from
unknown[172.16.50.3]
Jun 23 11:44:21 sif postfix/smtpd[32405]: Anonymous TLS connection
established from unknown[172.16.50.3]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Jun 23 11:44:21 sif postfix/smtpd[32405]: NOQUEUE: reject: RCPT from
unknown[172.16.50.3]: 554 5.7.1 <bjorn.sverre.mikkelsen@scansense.no>:
Relay access denied; from=<mok@insatech.com>
to=<bjorn.sverre.mikkelsen@scansense.no> proto=ESMTP
helo=<hugin.insatech.com>
Jun 23 11:44:21 sif postfix/smtpd[32405]: 3398C150388:
client=unknown[172.16.50.3]
Jun 23 11:44:21 sif postfix/cleanup[32411]: 3398C150388:
message-id=<200806230944.m5N9iNZ3020970@hugin.insatech.com>
Jun 23 11:44:21 sif postfix/qmgr[31549]: 3398C150388: from=<>,
size=212621, nrcpt=1 (queue active)
Jun 23 11:44:21 sif postfix/smtpd[32405]: disconnect from
unknown[172.16.50.3]

Det er samme tidspunkt - men samme main kommer retur om at man ikke
kan/må sende :
Jun 23 11:44:21 sif amavis[32519]: (32519-01) Passed CLEAN, LOCAL
[172.16.50.3] [172.16.50.3] <> -> <mok@insatech.com>, Message-ID:
<200806230944.m5N9iNZ3020970@hugin.insatech.com>, mail_id: e7z4EJX6ngxA,
Hits: -, size: 212621, queued_as: 57CFE1503B4, 176 ms
Jun 23 11:44:21 sif postfix/smtp[32470]: 3398C150388:
to=<mok@insatech.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.2,
delays=0.02/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
57CFE1503B4)
Jun 23 11:44:21 sif postfix/qmgr[31549]: 3398C150388: removed
Jun 23 11:44:21 sif postfix/virtual[32422]: 57CFE1503B4:
to=<mok@insatech.com>, relay=virtual, delay=0.06, delays=0.05/0/0/0.01,
dsn=2.0.0, status=sent (delivered to maildir)
Jun 23 11:44:21 sif postfix/qmgr[31549]: 57CFE1503B4: removed


Så tja jeg aner ikke lige hvor det er fejlen her kan være - og det er
ikke kun en slåfejl i mailadressen for det er samtlige mail fra denne
maskine!




--
Med Venlig Hilsen

Per Jørgense/\/

Thorbjørn Ravn Ander~ (23-06-2008)
Kommentar
Fra : Thorbjørn Ravn Ander~


Dato : 23-06-08 12:38

Per Jørgensen skrev den 23-06-2008 11:50:
> Så tja jeg aner ikke lige hvor det er fejlen her kan være - og det er
> ikke kun en slåfejl i mailadressen for det er samtlige mail fra denne
> maskine!

Kan du fortælle mig hvor i konfigurationen du har fortalt Postfix at den
skal tillade relays fra din sendmailmaskine?

--
Thorbjørn Ravn Andersen "... plus... Tubular Bells!"

Per Jørgensen (23-06-2008)
Kommentar
Fra : Per Jørgensen


Dato : 23-06-08 12:43

Thorbjørn Ravn Andersen skrev:
> Per Jørgensen skrev den 23-06-2008 11:50:
>> Så tja jeg aner ikke lige hvor det er fejlen her kan være - og det er
>> ikke kun en slåfejl i mailadressen for det er samtlige mail fra denne
>> maskine!
>
> Kan du fortælle mig hvor i konfigurationen du har fortalt Postfix at den
> skal tillade relays fra din sendmailmaskine?
>
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination =
myhostname = insatech.com
mynetworks = 127.0.0.0/8 172.16.50.0/23
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination,   permit_mynetworks,   check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /etc/postfix/certs/mailcert.pem
smtpd_tls_key_file = /etc/postfix/certs/mailkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/random
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /storage
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 5120000000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000


Hey Thorbjørn.
Jeg ville mene at det var under mynetworks - Hvor vi har et range på
172.16.50.1 --> 172.16.51.254 - Så /23

Dette skulle da gerne gå ind under det at mit maskine bliver tilladt at
sende mails ???
Men det kan nu sagtens være min opfattelse der er forkert.
Dog prøver jeg at tvinge en auth igennem på klienterne - hvilket også
fungerer, så spørgsmålet er så om Sendmail på den anden maskine skal
have en konto at sende fra - Således at den også bliver valideret !


--
Med Venlig Hilsen

Per Jørgense/\/

Adam Sjøgren (23-06-2008)
Kommentar
Fra : Adam Sjøgren


Dato : 23-06-08 22:25

On Mon, 23 Jun 2008 11:50:36 +0200, Per wrote:

> smtpd_recipient_restrictions =
>    permit_sasl_authenticated,
>    reject_unauth_destination,
>    permit_mynetworks,
>    check_relay_domains

Er dette hvad du ønsker?

Så vidt jeg kan se på din log bruger din sendmail ikke authentication
(login/password) når den kontakter Postfix og så lander du i en
afvisning ved reject_unauth_destination i ovenstående liste, da email'en
du prøver at sende ikke er til et domæne i relay_domains og heller ikke
blandt det Postfix håndterer lokalt.

Måske ønsker du permit_mynetworks _før_ reject_unauth_destination?

Se:

<http://www.postfix.org/SMTPD_ACCESS_README.html#lists>
<http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions>
<http://www.postfix.org/postconf.5.html#reject_unauth_destination>


Mvh.

--
"The success of open source code is perhaps the only Adam Sjøgren
thing in the computer field that hasn't surprised me asjo@koldfront.dk
during the past several decades."

Adam Sjøgren (25-06-2008)
Kommentar
Fra : Adam Sjøgren


Dato : 25-06-08 21:03

On Tue, 24 Jun 2008 07:54:44 +0200, Per wrote:

>> <http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions>
[...]

> Det var såmænd også den løsning jeg kom frem til - Det var ikke lige
> noget jeg var klar over - da jeg faktisk troede her var det enten
> eller regler!

Når alt andet slår fejl, læs manualen

> MEn tak - Nu virker det !

Når enden er go' er alting godt.


Mvh.

--
"Jeg har snart gennemlæst det meste af Internettet Adam Sjøgren
for at finde en løsning - men uden resultat..." asjo@koldfront.dk

Søg
Reklame
Statistik
Spørgsmål : 177547
Tips : 31968
Nyheder : 719565
Indlæg : 6408797
Brugere : 218887

Månedens bedste
Årets bedste
Sidste års bedste