我在/etc/postfix/main.cf中有:
smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination 和SASL似乎在工作:
$ testsaslauthd -u yang -p ... -f /var/spool/postfix/var/run/saslauthd/mux -s smtpd 0: OK "Success."
但是当我从networking外部连接时(例如本地主机仍然正常工作),我得到“中继访问被拒绝”:
$ telnet blah.com 25 auth plain ... 235 2.7.0 Authentication successful mail from:<[email protected]> 250 2.1.0 Ok rcpt to:<[email protected]> 554 5.7.1 <[email protected]>: Relay access denied
日志:
Oct 18 21:10:19 blah postfix/smtpd[13882]: connect from unknown[xxxx] Oct 18 21:10:19 blah postfix/smtpd[13882]: setting up TLS connection from unknown[xxxx] Oct 18 21:10:19 blah postfix/smtpd[13882]: Anonymous TLS connection established from unknown[xxxx]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Oct 18 21:10:19 blah postfix/smtpd[13882]: NOQUEUE: reject: RCPT from unknown[xxxx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[yyyy]> Oct 18 21:10:19 blah postfix/smtpd[13882]: disconnect from unknown [xxxx]
一段时间以来一直困惑。 任何提示?
我的完整configuration如下。 它基于https://help.ubuntu.com/community/Pfixfix 。
在/ etc /默认/ saslauthd:
START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/postfix/main.cf文件:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtp_tls_loglevel=1 smtp_tls_security_level=may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_cert_file=/etc/ssl/certs/blah.crt smtpd_tls_key_file=/etc/ssl/private/blah.key smtpd_tls_loglevel=1 smtpd_tls_security_level=may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = blah.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost.blah.com, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all # From <http://www.postfix.org/VIRTUAL_README.html> virtual_mailbox_domains = blah.com invalid.invalid virtual_mailbox_base = /var/mail/blah virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_alias_maps = hash:/etc/postfix/valiases virtual_minimum_uid = 100 virtual_uid_maps = static:1001 virtual_gid_maps = static:1001 sender_bcc_maps = hash:/etc/postfix/bccmaps # DKIM smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 # Enforce SPF smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600
/etc/postfix/sasl/smtpd.conf:
pwcheck_method: saslauthd mech_list: plain login
你有smtpd_recipient_restrictions两次,最后一个是正在使用的,它没有permit_sasl_authenticated