AW: Probleme mit der * address verification

Ronny Seffner ronny at seffner.de
Fr Mai 13 12:06:37 CEST 2016


Hallo Klaus, Hallo Liste,

>Wie sieht denn Deine postconf -n bzw. postconf -nf aus?
>
ns1:~# postconf -nf
alias_maps = $alias_database
allow_min_user = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = lmtp-amavis:[127.0.0.1]:10024
default_process_limit = 75
disable_vrfy_command = yes
dovecot_destination_concurrency_limit = 1
dovecot_destination_recipient_limit = 1
inet_interfaces = 78.46.92.37 127.0.0.1 [::1] [2a01:4f8:120:6442::2]
mail_name = postfix on linux
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 4294967296
message_size_limit = 209715200
mydestination = $myhostname, localhost, localhost.$mydomain
mydomain = seffner-schlesier.de
myhostname = ns1.seffner-schlesier.de
mynetworks = 127.0.0.0/8 78.46.92.37/32 [::1]/128 [fe80::]/64
myorigin = $mydomain
non_smtpd_milters = inet:localhost:8891
policy-spf_time_limit = 3600s
policy_greylist = check_policy_service inet:127.0.0.1:10023
proxy_read_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_policy_greylist.cf,
    proxy:unix:passwd.byname
queue_minfree = 1024000000
recipient_bcc_maps = hash:/etc/postfix/recipient-bcc
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
sender_bcc_maps = hash:/etc/postfix/sender-bcc
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_bind_address = 78.46.92.37
smtp_bind_address6 = 2a01:4f8:120:6442::2
smtp_tls_CAfile = /etc/postfix/ssl/ca-bundle.pem
smtp_tls_exclude_ciphers = aNULL
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_client_restrictions = permit_mynetworks sleep 2 reject_unauth_pipelining
smtpd_data_restrictions = reject_multi_recipient_bounce
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_milters = inet:localhost:8891
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = reject_non_fqdn_recipient
    reject_unknown_recipient_domain permit_mynetworks check_sender_access
    hash:/etc/postfix/pre_sasl_senders permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/roleaccount_exceptions
    check_helo_access pcre:/etc/postfix/helo_checks reject_non_fqdn_hostname
    reject_invalid_hostname check_sender_mx_access cidr:/etc/postfix/bogus_mx
    check_sender_access hash:/etc/postfix/senders reject_unlisted_sender
    check_client_access cidr:/etc/postfix/policyd-weight check_policy_service
    inet:127.0.0.1:60001 check_client_access cidr:/etc/postfix/backup_mx
    check_recipient_access
    proxy:mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    check_recipient_access hash:/etc/postfix/swag-recipients
    reject_unauth_destination reject_unverified_recipient check_policy_service
    unix:private/policy-spf
smtpd_relay_restrictions = reject_non_fqdn_recipient
    reject_unknown_recipient_domain permit_mynetworks check_sender_access
    hash:/etc/postfix/pre_sasl_senders permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/roleaccount_exceptions
    check_helo_access pcre:/etc/postfix/helo_checks reject_non_fqdn_hostname
    reject_invalid_hostname check_sender_mx_access cidr:/etc/postfix/bogus_mx
    check_sender_access hash:/etc/postfix/senders reject_unlisted_sender
    check_client_access cidr:/etc/postfix/policyd-weight check_policy_service
    inet:127.0.0.1:60001 check_client_access cidr:/etc/postfix/backup_mx
    check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    check_recipient_access hash:/etc/postfix/swag-recipients
    reject_unauth_destination reject_unverified_recipient check_policy_service
    unix:private/policy-spf
smtpd_restriction_classes = policy_greylist
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl/ca-bundle.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/wildcard_seffner-schlesier_de.2014_2.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /etc/postfix/ssl/wildcard_seffner-schlesier_de.2014_2.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
spamassassin_destination_recipient_limit = 1
strict_rfc821_envelopes = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unverified_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /
virtual_mailbox_domains =
    proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_limit = 4294967296
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:2000

>Ist ein "nicht primärer MXer" ein Backup-MX und als solcher definiert,
>oder nur mit einer anderen Gewichtung versehen 10 mx1.doamin.tld 20
>mx2.domain.tld usw.?
>
Ja, ich rede hier von dem was ich unter Backup-MX verstehe. Was macht einen Mailserver denn zum Backup-MX?
- es gibt im DNS einen MX mit größerer "Gewichtung"
- auf dem "Backup-MX" sind die betreffenden Domains in relay_domains gelistet

>Ich bin auch für einen anderen MXer der "Backup-MX" und nehme für den
>"primären MX" auch double-bounce an, OHNE dafür ein Postfach angelegt
>zu haben.
>
Ja, genau das würde ich laut Manual eben auch erwarten.


Mit freundlichen Grüßen / Kind regards
     Ronny Seffner
--
Ronny Seffner  |  Alter Viehweg 1  |  01665 Klipphausen
www.seffner.de  |  ronny at seffner.de  |  +49 35245 72950
7EA62E22D9CC4F0B74DCBCEA864623A568694DB8





Mehr Informationen über die Mailingliste Postfixbuch-users