O Postfix pode enviar e-mails para todos os domínios, exceto o gmail

Navegue suas respostas
1

Estou encontrando um problema estranho com o meu servidor postfix. Eu posso enviar e receber e-mails muito bem, exceto os do Gmail. Sempre que eu enviar uma mensagem para, por exemplo [email protected], retorna 

I'm sorry to have to inform you that your message could not
be delivered [...]

                   The mail system

<[email protected]>: user unknown

e é isso que eu recebo no mail.log 

15:32 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=37.120.177.241, lip=37.120.177.241, mpid=20955, TLS, session=<jaW3/4ZRAqsleLHx>
15:32 postfix/smtpd[20956]: connect from v22017054597548976.hotsrv.de[37.120.177.241]
15:32 postfix/smtpd[20956]: 4B34140DE2: client=v22017054597548976.hotsrv.de[37.120.177.241], sasl_method=PLAIN, [email protected]
15:32 postfix/cleanup[20961]: 4B34140DE2: message-id=<[email protected]>
15:32 postfix/qmgr[17940]: 4B34140DE2: from=<[email protected]>, size=1123, nrcpt=1 (queue active)
15:32 postfix/smtpd[20956]: disconnect from v22017054597548976.hotsrv.de[37.120.177.241]
15:32 spamd[17176]: spamd: connection from localhost [::1]:44313 to port 783, fd 5
15:32 spamd[17176]: spamd: setuid to vmail succeeded
15:32 spamd[17176]: spamd: creating default_prefs: /home/vmail/.spamassassin/user_prefs
15:32 spamd[17176]: config: cannot create user preferences file /home/vmail/.spamassassin/user_prefs: No such file or directory
15:32 spamd[17176]: spamd: failed to create readable default_prefs: /home/vmail/.spamassassin/user_prefs
15:32 spamd[17176]: spamd: processing message <[email protected]> for vmail:2000
15:32 spamd[17176]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /home/vmail/.spamassassin/bayes.lock.v22017054597548976.hotsrv.de.17176 for /home/vmail/.spamassassin/bayes.lock: No such file or directory
15:32 spamd[17176]: spamd: clean message (0.0/4.5) for vmail:2000 in 0.0 seconds, 1199 bytes.
15:32 spamd[17176]: spamd: result: . 0 - scantime=0.0,size=1199,user=vmail,uid=2000,required_score=4.5,rhost=localhost,raddr=::1,rport=44313,mid=<[email protected]>,autolearn=unavailable autolearn_force=no
15:32 postfix/pipe[20963]: 4B34140DE2: to=<[email protected]>, relay=spamassassin, delay=0.14, delays=0.06/0.01/0/0.07, dsn=5.1.1, status=bounced (user unknown)
15:32 postfix/cleanup[20961]: 6C497422EF: message-id=<[email protected]>
15:32 postfix/bounce[20966]: 4B34140DE2: sender non-delivery notification: 6C497422EF
15:32 postfix/qmgr[17940]: 6C497422EF: from=<>, size=3001, nrcpt=1 (queue active)
15:32 dovecot: imap([email protected]): Logged out in=1056 out=1358
15:32 postfix/qmgr[17940]: 4B34140DE2: removed
15:32 dovecot: lda([email protected]): sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
15:32 postfix/pipe[20967]: 6C497422EF: to=<[email protected]>, relay=dovecot, delay=0.08, delays=0.03/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
15:32 postfix/qmgr[17940]: 6C497422EF: removed
15:32 spamd[17175]: prefork: child states: II
15:32 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=37.120.177.241, lip=37.120.177.241, mpid=20970, TLS, session=<PxS9/4ZRCqsleLHx>
15:32 dovecot: imap([email protected]): Logged out in=90 out=937

Eu já usei o "Gmail" nas minhas configurações do dovecot e do postfix, mas não havia nada.
O que estou perdendo aqui?

EDIT: postconf -n 

alias_maps = $alias_database
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = no
inet_protocols = ipv4
local_transport = local
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 52428800
mydomain = v22017054597548976.hotsrv.de
myhostname = $mydomain
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
smtpd_relay_restrictions =
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_helo_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/apache2/certs/
smtpd_tls_key_file = /etc/apache2/certs/
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:2000

EDIT2: Aqui está o master.cf do postfix, também note que eu posso enviar para o gmail muito bem usando mail ou sendmail 

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd -o content_filter=spamassassin
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    unix  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
        flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
spamassassin unix -     n   n   -   -   pipe
    flags=DROhu user=vmail:vmail argv=/usr/bin/spamc -f -e
    /usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    
por Minzkraut 09.06.2017 / 15:39

1 resposta

5

Você parece estar usando a porta SMTP 25 para os e-mails recebidos e enviados. Porque você tem 

smtp         inet  n    -   -   -   -   smtpd -o content_filter=spamassassin

spamassassin unix  -    n   n   -   -   pipe
    flags=DROhu user=vmail:vmail argv=/usr/bin/spamc -f -e
    /usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

isso fará com que todos os e-mails enviados passem por Spamassassin, que é o que dá a você o erro dsn=5.1.1, status=bounced (user unknown) após spamd[17176]: plugin: eval failed: .

Este não é o único problema com esta configuração:

  • Os usuários parecem se autenticar no SMTP com senhas de texto simples ( sasl_method=PLAIN) , já que você está com falta de smtpd_tls_security_level=encrypt . Extremamente inseguro e arriscado!

  • Usar a porta 25 para conexões que não sejam de Agentes de Transferência de Mensagens (MTAs) pode causar problemas para seus clientes, desde RFC 6409 Introdução:

    For example, due to the prevalence of machines that have worms, viruses, or other malicious software that generate large amounts of spam, many sites now prohibit outbound traffic on the standard SMTP port (port 25), funneling all mail submissions through submission servers.

A RFC 6409 é a especificação para Envio de mensagem para correio e você não configurou seu Postfix corretamente para atuar como Agente de Envio de Mensagens (MSA) . Ao fazer isso, você corrigirá seu problema que provavelmente parece estar relacionado apenas ao Gmail, mas na verdade é mais amplo.

Basicamente, você geralmente habilita o envio na porta 587 , descomentando essas master.cf lines: 

#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Junto com isso, você deve remover as ocorrências de permit_sasl_authenticated de main.cf .

Isso pode não ser tudo o que você precisa fazer. Parece que o Dovecot que você está usando para o SASL tem um tutorial melhor para usar o envio do Postfix do que o SASL Howto do Postfix. De Postfix e Dovecot SASL :

Using SASL with Postfix submission port

When Dovecot is used as the authentication backend for Postfix it is good practice to use a dedicated submission port for the MUAs (TCP 587). Not only can you specify individual parameters in master.cf overriding the global ones but you will not run into internet mail rejection while the Dovecot Auth Mechanism is unavailable.

In this example Postfix is configured to accept TLS encrypted sessions only, along with several other sanity checks:

  • Verification of alias ownership via Login Maps
  • Domainname and recipient plausibility

master.cf

submission inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
    
por 14.06.2017 / 10:26

Tags

Opção AWS RDS Multi-AZ: preciso fazer alguma coisa quando ocorrer failover? Automaticamente redirecionando http para https com múltiplos domínios - arquivos referenciados de dentro do código