更新:这个问题可以通过在docker容器中安装Postfix来重现。
我试图从源2.x和3.x最新的后缀版本重新编译,但它没有解决问题。
我已经configuration了Postfix发送和接收电子邮件,但是HARD反弹的电子邮件存在问题 – 它们不被拒绝,Postfix重复发送它们每隔x分钟,并且用户多次收到“Undelivered Mail Returned to Sender”。
在mail.log中我看到: [..] delay=5.2, delays=0.11/0.01/0.07/5, dsn=4.3.0, status=deferred (bounce or trace service failure)
我添加了-v来反弹,master.cf中的qmgr守护进程,但我仍然无法弄清楚什么是错的。
这是我的configuration:
# postconf -nf: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 inet_interfaces = all inet_protocols = all local_recipient_maps = $virtual_mailbox_maps mailbox_size_limit = 0 message_size_limit = 134217728 milter_default_action = accept mydestination = localhost myhostname = box.example.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname non_smtpd_milters = $smtpd_milters notify_classes = bounce, delay, resource, software readme_directory = no recipient_delimiter = + smtp_dns_support_level = dnssec smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_loglevel = 2 smtp_tls_security_level = dane smtpd_banner = ESMTP $mail_name smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:8893 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:10023 smtpd_relay_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql/sender-login-maps.cf smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch, reject_rhsbl_sender dbl.spamhaus.org smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/nginx/ssl/example.crt smtpd_tls_ciphers = medium smtpd_tls_dh1024_param_file = /etc/nginx/ssl/dh2048.pem smtpd_tls_exclude_ciphers = aNULL smtpd_tls_key_file = /etc/nginx/ssl/example.key smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_use_tls = yes soft_bounce = no virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_domains_maps.cf virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf virtual_transport = lmtp:[127.0.0.1]:10026 virtual_uid_maps = static:5000 # postconf -Mf smtp inet n - - - - smtpd submission inet n - - - - smtpd -o content_filter= -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_security_level=encrypt -o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean authclean unix n - - - 0 cleanup -o header_checks=regexp:/etc/postfix/header_checks pickup unix n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - nn - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - nn - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
和我的mail.log:
Jul 31 08:19:49 b1037ca901c1 postfix/submission/smtpd[22107]: connect from localhost[127.0.0.1] Jul 31 08:19:49 b1037ca901c1 postfix/submission/smtpd[22107]: CCAF8D80222: client=localhost[127.0.0.1], sasl_method=LOGIN, [email protected] Jul 31 08:19:49 b1037ca901c1 postfix/cleanup[22109]: CCAF8D80222: replace: header Received: from box.example.com (localhost [127.0.0.1])??(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))??(No client certificate requested)??by box.example.com (Postfix) with ESMTPSA id CCAF8D802 from localhost[127.0.0.1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<box.example.com>: Received: from authenticated-user (unknown [127.0.0.1])??(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))??(No client certificate requested)??by box.example.com (Postfix) with ESMTPSA id CCAF8D80222??for <[email protected]>; Fri, 31 Jul 2015 08:19:49 +0000 (UTC) Jul 31 08:19:49 b1037ca901c1 postfix/cleanup[22109]: CCAF8D80222: message-id=<[email protected]> Jul 31 08:19:49 b1037ca901c1 postfix/qmgr[20607]: CCAF8D80222: from=<[email protected]>, size=646, nrcpt=1 (queue active) Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: setting up TLS connection to smtp1.toexample.com[23.75.25.14]:25 Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH" Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:before/connect initialization Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:unknown state Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server hello A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: depth=0 verify=0 subject=/C=LV/O=EXample/OU=ITC/CN=smtp1.toexample.com Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: depth=0 verify=0 subject=/C=LV/O=EXample/OU=ITC/CN=smtp1.toexample.com Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server certificate A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server certificate request A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server done A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write client certificate A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write client key exchange A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write change cipher spec A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write finished A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 flush data Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read finished A Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: subject_CN=smtp1.toexample.com, issuer_CN=smtp1.toexample.com, fingerprint=F1:6E:B7:64:96:D3:DB:5C:F6:7D:37:89:BE:5D:E8:74, pkey_fingerprint=A8:F4:72:BA:D8:16:26:11:67:F5:10:4F:96:C3:CF:29 Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: Untrusted TLS connection established to smtp1.toexample.com[23.75.25.14]:25: TLSv1 with cipher AES128-SHA (128/128 bits) Jul 31 08:19:50 b1037ca901c1 postfix/submission/smtpd[22107]: disconnect from localhost[127.0.0.1] Jul 31 08:19:55 b1037ca901c1 postfix/smtp[22110]: CCAF8D80222: to=<[email protected]>, relay=smtp1.toexample.com[23.75.25.14]:25, delay=5.2, delays=0.08/0/0.07/5, dsn=4.3.0, status=deferred (bounce or trace service failure)
这里反弹电子邮件(一个用户,一个邮政局长)
Jul 31 08:20:05 b1037ca901c1 postfix/cleanup[22139]: 068B1D80225: message-id=<[email protected]> Jul 31 08:20:05 b1037ca901c1 postfix/bounce[22138]: CCAF8D80222: sender non-delivery notification: 068B1D80225 Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 068B1D80225: from=<>, size=2934, nrcpt=1 (queue active) Jul 31 08:20:05 b1037ca901c1 postfix/cleanup[22139]: 090D2D80226: message-id=<[email protected]> Jul 31 08:20:05 b1037ca901c1 postfix/bounce[22138]: CCAF8D80222: postmaster non-delivery notification: 090D2D80226 Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 090D2D80226: from=<[email protected]>, size=2536, nrcpt=1 (queue active) Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: CCAF8D80222: status=deferred (bounce failed) Jul 31 08:20:05 b1037ca901c1 postfix/lmtp[22140]: 068B1D80225: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> kdV1ArUvu1V+VgAADqs49A Saved) Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 068B1D80225: removed Jul 31 08:20:05 b1037ca901c1 postfix/lmtp[22141]: 090D2D80226: to=<[email protected]>, orig_to=<postmaster>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 4tOQArUvu1V/VgAADqs49A Saved) Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 090D2D80226: removed
这里是完整的详细日志: http ://pastebin.com/bsFDsFB9(编辑到问题使问题太长 – MadHatter)。
难道我的configuration有问题,或Postfix 2.11.0有一个错误?
这个问题是与Docker + Postfix + Ubuntu 14.04.3 LTS与内核3.16主机(我没有用3.13testing)相关。
如果在docker容器中安装了postfix,问题可以在没有任何configuration改变的情况下被复制。
我试图从源(2.x和3.x)重build后缀,但是这并没有解决问题。
为了解决这个问题,我不得不安装可用于Ubuntu LTS – 3.19的最新内核版本。 apt-get install linux-generic-lts-vivid
我和LXC有类似的问题。 在我的情况下,升级内核到最新的可用版本3.19.0-39没有解决它。
我发现有关这个问题的错误报告: https : //bugs.launchpad.net/ubuntu/+source/lxc/+bug/1446906
Docker使用LXC容器,所以这是相关的。 在纯LXC中,可以通过closuresapparmorconfiguration文件( lxc.aa_profile = unconfined )来临时修复。 在--lxc-conf可以使用--lxc-conf命令键传递LXC选项。