[Postfixbuch-users] SASL und kein Ende

Andreas Meyer anmeyer at anup.de
Fr Jan 24 13:59:37 CET 2003


Am Fri, 24 Jan 2003 13:27:49 +0100 schrieb Ralf Hildebrandt:

> > > postfix/pipe[15217]: AE11B17A16: to=<anmeyer at q-dial.de>, relay=vscan, delay=817, status=deferred (temporary failure)
> > 
> > Dein-vscan-ist-defekt!
> 
> Ich korrigiere: Dein vscan kann nicht reinjecten, da 127.0.0.1 in
> mynetworks fehlt!

hm... ich hab mal umgebaut:

delta:/var/log # postconf |grep mynet
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks, \
     permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps

permit_mynetworks taucht nirgends auf in der main.cf.

220 delta.meyer.home ESMTP Postfix on delta.anup.de
ehlo li
250-delta.meyer.home
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-XVERP
250 8BITMIME
AUTH PLAIN eAB4AHg=
235 Authentication successful
mail from: ui at ui.de
250 Ok
rcpt to: anmeyer at q-dial.de
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
urglo
.
250 Ok: queued as DB79E17A16
quit
221 Bye
Connection closed by foreign host.


delta:/etc/postfix # mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
DB79E17A16*     340 Fri Jan 24 13:43:16  ui at ui.de
                                         anmeyer at q-dial.de
 
-- 0 Kbytes in 1 Request.
delta:/etc/postfix # mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
DB79E17A16      340 Fri Jan 24 13:43:16  ui at ui.de
                                                           (temporary failure)
                                         anmeyer at q-dial.de

postfix/master[18906]: reload configuration
postfix/smtpd[18082]: starting TLS engine
postfix/smtpd[18082]: connect from localhost[127.0.0.1]
postfix/smtpd[18082]: DB79E17A16: client=localhost[127.0.0.1], sasl_method=PLAIN, sasl_username=x
postfix/cleanup[18085]: DB79E17A16: message-id=<20030124124316.DB79E17A16 at delta.meyer.home>
postfix/nqmgr[18078]: DB79E17A16: from=<ui at ui.de>, size=340, nrcpt=1 (queue active)
postfix/smtpd[18092]: starting TLS engine
postfix/smtpd[18092]: connect from localhost[127.0.0.1]
postfix/smtpd[18092]: 771EB17CF6: client=localhost[127.0.0.1]
postfix/smtpd[18092]: reject: RCPT from localhost[127.0.0.1]: 554 \
       <anmeyer at q-dial.de>: Relay access denied; from=<ui at ui.de> to=<anmeyer at q-dial.de>
postfix/smtpd[18082]: disconnect from localhost[127.0.0.1]
postfix/cleanup[18095]: 9E66C17C6E: message-id=<20030124124343.9E66C17C6E at delta.meyer.home>
postfix/pipe[18087]: DB79E17A16: to=<anmeyer at q-dial.de>, relay=vscan, delay=27, status=deferred (temporary failure)
postfix/smtpd[18092]: disconnect from localhost[127.0.0.1]

Die master.cf:
smtp      inet  n       -       n       -       -       smtpd
#628      inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
#qmgr     unix  n       -       n       300     1       qmgr
qmgr      fifo  n       -       n       300     1       nqmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
smtp      unix  -       -       n       -       -       smtp
int_smtp  unix  -       -       n       -       -       smtp  -o myhostname=intserver
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
localhost:10025 inet n  -       n       -       -       smtpd -o content_filter=
                                                              -o local_recipient_maps=
                                                              -o myhostname=localhost
smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
tlsmgr    fifo  -       -       n       300     1       tlsmgr

...
vscan     unix  -       n       n       -       4       pipe
    flags=q user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
...

Sobald permit_mynetworks wieder in smtpd_recipient_restrictions
drin ist, habe ich keinen temporary failure mehr.

# Clients sind Maschinen
smtpd_client_restrictions =
    reject_unauth_pipelining,
    check_client_access btree:/etc/postfix/client_access,
    permit_sasl_authenticated
 
smtpd_helo_restrictions =
    reject_unauth_pipelining
    check_helo_access btree:/etc/postfix/helo_access regexp:/etc/postfix/helo_regexp
 
smtpd_sender_restrictions =
    reject_unauth_pipelining,
#    permit_mynetworks,
    check_sender_access btree:/etc/postfix/access_sender
 
smtpd_recipient_restrictions =
#    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_pipelining,
    reject_unauth_destination,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_non_fqdn_sender,
    reject_invalid_hostname,
#    reject_maps_rbl,
#    warn_if_reject check_helo_access static:REJECT,
    permit_auth_destination,
    check_client_access hash:/etc/postfix/pop-before-smtp,
    check_recipient_access btree:/etc/postfix/access_recipient,
    check_relay_domains


reject_maps-rbl habe ich zu diesen Zwecken rausgenommen.
Im Moment bin ich ratlos.

-- 

  Andreas Meyer

Stets findet Überraschung statt da, wo mans nicht erwartet hat.
                                         -- Wilhelm Busch


Mehr Informationen über die Mailingliste Postfixbuch-users