服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 跟踪后缀“收件人地址被拒绝:访问被拒绝”错误的原因
Intereting Posts
当我ssh到我的oracle服务器,CPU负载减less 不能使用任何yum命令:设备上没有剩余空间 工头没有傀儡? configurationApache服务器状态处理程序 如何测量用电效率(PUE) 我把我的密码哈希从md5切换到ssha512,现在exim4不会接受smtplogin 我可以使用tar命令提取一个文件或目录,并提供一个特定的名称,我想它提取? 无法远程连接到在CentOS VirtualBox上设置的Vsftpd服务器 查看“任务pipe理器”types远程显示 无论以前启动失败,如何强制grub启动(无人为input) 如何撤消这个? 我可以使用通配符木偶包确保覆盖多个版本 Google计算引擎Windows语言环境 configuration文件漫游,以使不复制所有文件到本地PC 如何实现与IMAP的文件夹内讨论(跳过SMTP发送,Thunderbird)?

跟踪后缀“收件人地址被拒绝:访问被拒绝”错误的原因

我们遇到的情况是,从特定公司到合法收件人的入站电子邮件以“收件人地址被拒绝:访问被拒绝”弹跳: 

Aug 23 09:15:27 extranet postfix/smtpd[20228]: NOQUEUE: reject: RCPT from sender.com[8.9.10.11]: 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mg01d1.sender.com>

postconf -d | grep mail_version 

 mail_version = 2.7.1

postconf -n 

 alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no allow_untrusted_routing = yes append_dot_mydomain = no biff = no bounce_queue_lifetime = 24h broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 delay_warning_time = 4h disable_vrfy_command = yes html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_size_limit = 0 maximal_queue_lifetime = 24h mydestination = mail.example.com, extranet.example.com, localhost myhostname = mail.example.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = $mydestination relayhost = smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/access, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access hash:/etc/postfix/helo_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = no smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.2013.chain.pem smtpd_tls_key_file = /etc/ssl/private/example.2013.key smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_use_tls = no virtual_alias_domains = example.co.uk, example.co virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap_virtual_alias_maps.cf, ldap:/etc/postfix/ldap_virtual_groups.cf virtual_mailbox_domains = ldap:/etc/postfix/ldap_virtual_domains.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf virtual_transport = dovecot

现在,我们只使用smtpd_recipient_restrictions,因为我们非常关心客户端的顺序,helo,接收者限制被应用。 但是,通过我的(明显有限的)理解,那里应该产生这个错误的唯一指令是check_recipient_access hash:/etc/postfix/access指令,但是这个文件只是用来阻止我们的一个垃圾邮件地址虚拟别名域: 

 [email protected] REJECT Recipient address rejected. This domain name is only an alias. Please email postmaster @ the primary domain or the mail server hostname. [email protected] REJECT Recipient address rejected. This domain name is only an alias. Please email abuse @ the primary domain or the mail server hostname. [email protected] REJECT Recipient address rejected. This domain name is only an alias. Please email support @ the primary domain or the mail server hostname.

/etc/postfix/sender_access是空的(等待), helo_access只包含: 

 extranet.example.com REJECT You are not me www.example.com REJECT You are not me mail.example.com REJECT You are not me

所有其他指令似乎是正确履行,或者我会至less期待一个不同的错误,如Helo command rejectedUser unknown in virtual mailbox tableService unavailable; Client host [2.3.4.5] blocked using zen.spamhaus.org Service unavailable; Client host [2.3.4.5] blocked using zen.spamhaus.org等进行Service unavailable; Client host [2.3.4.5] blocked using zen.spamhaus.org

我应该在哪里看看为什么我会得到“收件人地址被拒绝:访问被拒绝”? 在失败的情况下,smtpd_recipient_restrictions中的任何其他指令是否会发出该错误?

发送邮件服务器由于某种原因在端口465上发送邮件,这是调用一组不同的smtpd_recipient_restrictions,更简单: 

 smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o broken_sasl_auth_clients=yes -o content_filter= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

当然,他们的SMTP服务器没有进行身份validation,所以收件人地址被拒绝访问被拒绝。

我应该接受未经authentication的465以上的本地交付吗? 我当然不这么认为。

您正在收到发往user @example.com邮件,但您尚未为此域configurationPostfix! 在您的virtual_alias_domains只有example.co.ukexample.co存在。 因此,Postfix认为它不应该接受这个域的邮件,并把它当作一个中继的情况(当然被拒绝)。