[Postfixbuch-users] POSTFIX v2.5.5 : Backup-MX verschleiert originalen Empfaenger, Alternative zu aliases
zum Henker mit dem POSTFIX
postfix at c-bit.org
So Mai 30 22:24:54 CEST 2010
NAbend,
> Hilfreich wäre die Ausgabe von "postconf -n" sowie Logeinträge oder
> Header, die zeigen, was passiert, mit einer kurzen Anmerkung dessen,
> was erzielt werden soll.
"postconf -n":
alias_database = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
hopcount_limit = 256
inet_interfaces = A.B.C.D 10.12.115.3 10.12.115.23 localhost
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
local_transport = local
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 26214400
mydestination = $myhostname, $mydomain
mydomain = mydoma.in
myhostname = mx00.$mydomain
mynetworks = A.B.C.D 10.12.115.0/24 10.224.74.0/24 10.72.120.0/24 192.168.0.0/24 192.168.110.0/24 192.168.120.0/24 192.168.130.0/24 192.168.140.0/24 192.168.150.0/24 192.168.160.0/24 127.0.0.1
mynetworks_style = host
myorigin = mx00.$mydomain
setgid_group = postdrop
smtp_connect_timeout = 58s
smtpd_banner = $mydomain ESMTP Sendmail 8.11.3/8.11.3;
smtpd_data_restrictions = sleep 3
smtpd_delay_reject = no
smtpd_end_of_data_restrictions = sleep 3
smtpd_helo_restrictions = sleep 7
smtpd_recipient_restrictions = permit_sasl_authenticated, sleep 7, permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname,reject_unknown_sender_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_rbl_client A.B.C.D/53002, reject_rbl_client A.B.C.D/53000, check_policy_service inet:127.0.0.1:60000
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = sleep 7
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/vhcs2/transport
virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:1000
Beispiel #1 - Logfile:
May 30 14:40:44 my-mx1 postfix/smtpd[32297]: connect from ms20.mailsender.de[E.F.G.H]
May 30 14:41:05 my-mx1 postgrey[2612]: action=pass, reason=triplet found, client_name=ms20.mailsender.de, client_address=E.F.G.H, sender=bounce10 at mailsender.de, recipient=Mustermann.bueroA at my-domain.de
May 30 14:41:05 my-mx1 postfix/smtpd[32297]: 4B41A15BC002: client=ms20.mailsender.de[E.F.G.H]
May 30 14:41:11 my-mx1 postfix/cleanup[32366]: 4B41A15BC002: message-id=<20100530124007.66E00F968F7BE at ms20.mailsender.de>
May 30 14:41:11 my-mx1 postfix/qmgr[31247]: 4B41A15BC002: from=<bounce10 at mailsender.de>, size=1595, nrcpt=1 (queue active)
May 30 14:41:11 my-mx1 postfix/smtpd[32297]: disconnect from ms20.mailsender.de[E.F.G.H]
May 30 14:42:09 my-mx1 postfix/smtp[32367]: connect to bueroA.dnsalias.net[89.82.151.205]:25: Connection timed out
May 30 14:42:09 my-mx1 postfix/smtp[32367]: 4B41A15BC002: to=<catchall at bueroA.dnsalias.net>, orig_to=<Mustermann.bueroA at my-domain.de>, relay=10.224.74.23[10.224.74.23]:25, delay=71, delays=13/0.01/58/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7108486C0FB)
May 30 14:42:09 my-mx1 postfix/qmgr[31247]: 4B41A15BC002: removed
May 30 14:54:02 my-mx1 postfix/anvil[32218]: statistics: max connection count 1 for (smtp:E.F.G.H) at May 30 14:44:38
Beispiel #1 - eMail-Header:
Microsoft Mail Internet Headers Version 2.0
thread-index: Acr/9YU/mVJlh1OTQTS+HTSf9tE7rA==
Received: from MSX-BUEROA ([192.168.120.250]) by mx01.my-bueroA.local with Microsoft SMTPSVC(6.0.3790.4675); Sun, 30 May 2010 14:42:10 +0200
Received: from [10.224.74.13] (helo=my-mx1.this-domain.de) by MSX-BUEROA with G Data MailSecurity; for <catchall at bueroA.dnsalias.net>; Sun, 30 May 2010 14:42:09 +0200
Microsoft Mail Internet Headers Version 2.0
thread-index: Acr/9YU/mVJlh1OTQTS+HTSf9tE7rA==
Received: from MSX-BUEROA ([192.168.110.250]) by mx01.my-bueroA.local with Microsoft SMTPSVC(6.0.3790.4675); Sun, 30 May 2010 14:42:10 +0200
Received: from [10.224.74.13] (helo=my-mx1.this-domain.de) by MSX-BUEROA with G Data MailSecurity; for <catchall at bueroA.dnsalias.net>; Sun, 30 May 2010 14:42:09 +0200
Received: from my-mx1.this-domain.de (my-mx1.this-domain.de [10.12.115.23]) by my-mx1.this-domain.de (Postfix) with ESMTP id 7108486C0FB for <catchall at bueroA.dnsalias.net>; Sun, 30 May 2010 14:42:09 +0200 (CEST)
Received: from ms20.mailsender.de (ms20.mailsender.de [E.F.G.H]) by my-mx1.this-domain.de (Postfix) with ESMTP id 4B41A15BC002 for <Mustermann.bueroA at my-domain.de>; Sun, 30 May 2010 14:40:58 +0200 (CEST)
Received: from localhost (ms20.mailsender.de [E.F.G.H]) by ms20.mailsender.de (Postfix) with ESMTP id 66E00F968F7BE for <Mustermann.bueroA at my-domain.de>; Sun, 30 May 2010 14:40:07 +0200 (CEST)
From: "Mister Absender" <Absender at mailsender.de>
To: <Mustermann.bueroA at my-domain.de>
Message-ID: <20100530124007.66E00F968F7BE at ms20.mailsender.de>
Date: Sun, 30 May 2010 14:40:07 +0200 (CEST)
X-OriginalArrivalTime: 30 May 2010 12:42:10.0108 (UTC) FILETIME=[853F77C0:01CAFFF5]
Beispiel #2 - Logfile:
May 30 17:49:01 my-mx1 postfix/smtpd[3170]: connect from s2.forumfactory.de[I.J.K.L]
May 30 17:49:22 my-mx1 postgrey[2612]: action=pass, reason=triplet found, delay=18361, client_name=s2.forumfactory.de, client_address=I.J.K.L, sender=mustermann at forumfactory.de, recipient=Musterfrau.bueroD at my-domain.de
May 30 17:49:22 my-mx1 postfix/smtpd[3170]: 8F63C15BC227: client=s2.forumfactory.de[I.J.K.L]
May 30 17:49:28 my-mx1 postfix/cleanup[3197]: 8F63C15BC227: message-id=<20100530154242.46e5b4cf882f at www.forumfactory.de>
May 30 17:49:28 my-mx1 postfix/qmgr[31247]: 8F63C15BC227: from=<mustermann at forumfactory.de>, size=2450, nrcpt=1 (queue active)
May 30 17:49:28 my-mx1 postfix/smtpd[3170]: disconnect from s2.forumfactory.de[I.J.K.L]
May 30 17:50:18 my-mx1 postfix/smtp[3198]: 8F63C15BC227: to=<catchall at bueroD.dnsalias.net>, orig_to=<Musterfrau.bueroD at my-domain.de>, relay=bueroD.dnsalias.net[89.182.133.175]:25, delay=63, delays=13/0.01/20/30, dsn=2.0.0, status=sent (250 Mail accepted)
May 30 17:50:18 my-mx1 postfix/qmgr[31247]: 8F63C15BC227: removed
May 30 17:59:01 my-mx1 postfix/anvil[3171]: statistics: max connection count 1 for (smtp:I.J.K.L) at May 30 17:49:01
Beispiel #1 - eMail-Header:
Microsoft Mail Internet Headers Version 2.0
thread-index: AcsAD/GyUK5IyBbqTNCM4r3TcH1vRg==
Received: from MSX-BUEROD ([192.168.140.250]) by mx01.my-bueroD.local with Microsoft SMTPSVC(6.0.3790.4675); Sun, 30 May 2010 17:51:17 +0200
Received: from MIX-BUEROD [192.168.140.1] (helo=mix.my-bueroD.local) by MSX-BUEROD with G Data MailSecurity; for <catchall at bueroD.dnsalias.net> ORCPT=rfc822;Musterfrau.bueroD at my-domain.de; Sun, 30 May 2010 17:50:15 +0200
Received: from my-mx1.this-domain.de (my-mx1 [E.F.G.H]) by mix.my-bueroD.local (Postfix) with ESMTP for <catchall at bueroD.dnsalias.net>; Sun, 30 May 2010 17:50:09 +0200 (CEST)
X-Greylist: delayed 18361 seconds by postgrey-1.31 at my-mx1; Sun, 30 May 2010 17:49:22 CEST
Received: from s2.forumfactory.de (s2.forumfactory.de [I.J.K.L]) by my-mx1.this-domain.de (Postfix) with ESMTP id 8F63C15BC227 for <Musterfrau.bueroD at my-domain.de>; Sun, 30 May 2010 17:49:15 +0200 (CEST)
Received: by s2.forumfactory.de (Postfix, from userid 33) id 1D6B0174257; Sun, 30 May 2010 17:42:43 +0200 (CEST)
From: "Frau Mustermann" <mustermann at forumfactory.de>
To: <Musterfrau.bueroD at my-domain.de>
Message-ID: <20100530154242.46e5b4cf882f at www.forumfactory.de>
Date: Sun, 30 May 2010 17:42:43 +0200 (CEST)
X-OriginalArrivalTime: 30 May 2010 15:51:17.0343 (UTC) FILETIME=[F0BA1EF0:01CB000F]
Die 192.168.x.y-Netze sind die Bueronetze. Die 10.x.y.z-Netze sind aus dem VPN.
Die Beispiele hier tragen authentische Zeitstempel. Beim Beispiel #2 wurde grad der Exchange-Server waehrend einer Wartung offline geschaltet. Aber was waehrend Beispiel #1 los war, kann ich nur in Richtung Antwortzeit des Exchange orakeln - die IP-Adresse wurde in dieser Zeit jedenfalls nicht gewechselt.
Es ist alles historisch gewachsen - erst waren die Bueros, dann kamen die root-Server mit samt ihrer BackUp-Stellung dazu.
Ich befuerchte fast, dass es an der Zeit ist, die im www stehenden root-Server primaer die Post entgegen nehmen muessen und diese dann ihrerseits auf die Bueros zu verteilen haben. Aber ich moechte vermeiden, dass ploetzlich alle Post im Sammelpostfach landet (catchall@) - dann bin ich glaub ich 'nen Kopf kuerzer, sodass ich da momentan nicht ran moechte. Das VPN laeuft inzwischen mehr als zuverlaessig - auch nach unerwartetem Abbruch sind die Verbindungen so schnell wieder oben, dass dieser Weg sogar zuverlaessiger erscheint, als die dynDNS-Geschichte. Wenn da nicht diese Zustellung ueber das Sammelpostfach waere.
> Stefan
Danke,
Hansjoerg...
Mehr Informationen über die Mailingliste Postfixbuch-users