550 Endereço do destinatário rejeitado: Usuário desconhecido (em resposta ao comando RCPT TO) - para um domínio externo

Question

550 Endereço do destinatário rejeitado: Usuário desconhecido (em resposta ao comando RCPT TO) - para um domínio externo

#1 resposta do (6 votos)

2

No postfix, não consigo receber e-mails do domínio específico, mas posso enviar e-mails para ele.

Por alguma razão, o postfix acha que o domínio é interno, corrija-me se estiver errado?

Amostra do maillog do postfix:

Sep 17 18:45:52 smail1 postfix/smtp[23241]: 269D140A92: to=<[email protected]>, relay=mail1.abc.co.il[5.6.7.8]:25, delay=0.28, delays=0/0/0.27/0.01, dsn=5.0.0, status=undeliverable (host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command))
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: send attr address = [email protected]
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: input attribute value: host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command)
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_mail_access: [email protected]
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: ctable_locate: move existing entry key [email protected]
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_access: [email protected]
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_domain_access: abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_namadr_access: name xyz.abc.co.il addr 1.2.3.4
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_domain_access: xyz.abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_namadr_access: name xyz.abc.co.il addr 1.2.3.4
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_domain_access: xyz.abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: dict_regexp_lookup: /etc/postfix/regexp_client: xyz.abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: NOQUEUE: reject: RCPT from xyz.abc.co.il[1.2.3.4]: 450 4.1.7 <[email protected]>: Sender address rejected: unverified address: host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command); from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail1.abc.co.il>
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: > xyz.abc.co.il[1.2.3.4]: 450 4.1.7 <[email protected]>: Sender address rejected: unverified address: host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command)
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: < xyz.abc.co.il[1.2.3.4]: QUIT
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: > xyz.abc.co.il[1.2.3.4]: 221 2.0.0 Bye
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 192.168.57.0/24
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 127.0.0.0/8
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 192.168.8.1/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 172.19.214.0/24
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.1.2.0/24
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.7.15.152/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.7.15.150/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.7.15.152/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 192.168.58.8/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_list_match: xyz.abc.co.il: no match
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: disconnect from xyz.abc.co.il[1.2.3.4]

POSTCONF -N

2bounce_notice_recipient = [email protected]
address_verify_sender = [email protected]
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_notice_recipient = [email protected]
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = neptune.co.il
default_destination_concurrency_limit = 8
delay_notice_recipient = [email protected]
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
error_notice_recipient = [email protected]
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 10
local_destination_recipient_limit = 300
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = neptune.co.il
myhostname = mail.neptune.co.il
mynetworks = 192.168.57.0/24, 127.0.0.0/8, 192.168.8.1/32, 172.19.214.0/24, 10.1.2.0/24, 10.7.15.152/32 , 10.7.15.150/32 ,10.7.15.152/32, 192.168.58.8/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sender_dependent_authentication = yes
smtp_tls_policy_maps = hash:/mailroot/postfix/tls_policy
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_data_restrictions = permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,       permit_sasl_authenticated,      reject_unlisted_sender, reject_unlisted_recipient,      reject_invalid_hostname,        reject_invalid_helo_hostname,   reject_non_fqdn_helo_hostname,       reject_non_fqdn_sender, reject_non_fqdn_recipient,      reject_unknown_sender_domain,   reject_unknown_recipient_domain,        reject_unverified_sender,       reject_unlisted_recipient       reject_unauth_destination,      check_sender_access hash:/etc/postfix/sender_access  check_client_access hash:/etc/postfix/vip_ip,   check_client_access regexp:/etc/postfix/regexp_client,  reject_rbl_client bl.spamcop.net,       reject_rbl_client sbl.spamhaus.org,     reject_rbl_client cbl.abuseat.org,   reject_rbl_client dul.dnsbl.sorbs.net,  reject_rbl_client bl.spamcop.net,       permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = ldap:/etc/postfix/loginmaps.cf
smtpd_tls_CAfile = /etc/pki/tls/certs/rapidssl.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.neptune.co.il.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.neptune.co.il.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/groupmaps.cf
virtual_mailbox_base = /mailroot/var/lib/imap
virtual_mailbox_domains = ldap:domain
virtual_mailbox_maps = ldap:/etc/postfix/loginmaps.cf
virtual_transport = lmtp:unix:/mailroot/var/lib/imap/socket/lmtp

postfix domain smtpd

por Eran 18.09.2014 / 15:24

1 resposta

Tags postfix domain smtpd

Como isolar os IPs do servidor SMTP do Gmail do Google diretamente? mdadm RAID6 para RAID60

score 6 · Accepted Answer

Um pequeno conselho: por favor, não inclua alguma regra em smtpd _ * _ restriction se você não entender como funciona. Vai te mordeu um dia.

Esse erro foi causado por essa restrição reject_unverified_sender . Essa restrição especial verificará se o endereço do remetente [email protected] existe no remetente remoto. O detalhe do mecanismo de verificação pode ser encontrado em esta documentação .

Em suma, o postfix tentará telnet para remetente remoto e verificará se o controle remoto aceita EMAIL TO [email protected] . Assim, aparecerá em seu log que o remetente remoto não aceita e-mail para prvs=7337e4471e = [email protected] .

Sep 17 18:45:52 smail1 postfix/smtp[23241]: 269D140A92: to=<[email protected]>, relay=mail1.abc.co.il[5.6.7.8]:25, delay=0.28, delays=0/0/0.27/0.01, dsn=5.0.0, status=undeliverable (host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command))

Agora, como o remetente o rejeitou, o remetente não foi verificado . Então, seu servidor se recusa a receber o email.

Fazer sender_verification foi bom para o pequeno tráfego de e-mail, mas pode ser irritante para um grande. Veja o motivo pelo qual você deve desativá-lo neste artigo

Nota lateral, aqui a lista de restrições que você deve desativar ou pelo menos entender seu comportamento antes de ligá-lo.

Aqui você parâmetro de smtpd_recipient_restrictions

permit_mynetworks,
permit_sasl_authenticated,

Bom, não há problema.

reject_unlisted_sender, 
reject_unlisted_recipient,

Veja esta página e esta página .

reject_invalid_hostname,
reject_invalid_helo_hostname,

reject_invalid_hostname era um alias para reject_invalid_helo_hostname . Restrição reject_invalid_hostname é para postfix < 2.3. Essa restrição rejeitará a solicitação quando o nome do host HELO ou EHLO estiver malformado.

reject_non_fqdn_helo_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,

OK. Nenhum problema

reject_unknown_sender_domain,
reject_unknown_recipient_domain,

Bom. Ele rejeitará o e-mail de domínio inexistente ou domínio não bem configurado.

reject_unverified_sender,

Como explicado acima

reject_unlisted_recipient,

Duplicar (?)

reject_unauth_destination,

Esta é uma restrição obrigatória.

check_sender_access hash:/etc/postfix/sender_access,
check_client_access hash:/etc/postfix/vip_ip,
check_client_access regexp:/etc/postfix/regexp_client,

OK

reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,

OK

reject_rbl_client bl.spamcop.net,

Duplicar (de novo?)

permit