Postfix und permanente Rejects

Thomas Schwenski thomas.schwenski at xanismail.de
Mi Sep 14 12:11:06 CEST 2016


Hallo Patrick,

 > Bitte sende kein "postconf -n", so wie alles es tun. Das macht es nur
 > unnötig einfach zu helfen.

Da hast Du natürlich mit Deiner ironischen Anmerkung vollkommen recht ;)

Eigentlich dachte ich, dass es dazu eine allgemeine Änderung im 
Verhalten von Postfix seit irgendeinem Versionswechsel gegegeben haben 
könnte.

Prinzipiell lese ich aber schonmal aus Deiner Antwort raus, dass es ein 
unnormales Verhalten ist.

Daher:


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
header_checks = pcre:/etc/postfix/pcre/header_checks
inet_interfaces = 172.31.1.100, 127.0.0.1
inet_protocols = ipv4
local_recipient_maps =
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localdomain, localhost,
  localhost.localdomain, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.31.1.100
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_bind_address = 172.31.1.100
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_policy_maps = mysql:/etc/postfix/mysql/tls-policy
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
  reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
  reject_unknown_helo_hostname
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/myssl/dh2048.pem
smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_high_cipherlist =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_ssl_options = NO_COMPRESSION
virtual_alias_maps = mysql:/etc/postfix/mysql/aliases
virtual_mailbox_base = /srv/mail
virtual_mailbox_domains = mysql:/etc/postfix/mysql/domains
virtual_mailbox_maps = mysql:/etc/postfix/mysql/accounts
virtual_transport = lmtp:unix:/var/spool/postfix/private/dovecot-lmtp



Der Hostname ist natürlich auf dem System nicht "mail.example.com".

Danke

Thomas



Mehr Informationen über die Mailingliste Postfixbuch-users