553 5.7.1 Sender address rejected: not logged in

Andreas Günther postfix at linuxmaker.com
Fr Nov 24 17:48:56 CET 2017


Hallo und guten Abend,

ich habe einen Gateway-Mailserver mit Postfix 2.11.3 auf Debian Jessie für 
mehrere Domains laufen. Auf einem Apache-Server mit Postfix 3.1.6 ist ein 
Smartrelay-Server eingerichtet, damit meine Typo3-Installationen (v8.7.8) per 
"sendmail -t -i" Formulare versenden können. Dazu habe ich noreply at example.de 
auf dem Gateway-Mailserver eingerichtet und die LocalConfiguration.php.

Der Versand vom Smartrelay-Server zum Gateway-Mailserver klappt auch. Nur 
Letzterer meldet dann:

"553 5.7.1<noreply at example.de>: Sender address rejected: not logged in (in 
reply to RCPT TO command)"
Das habe ich insoweit so verstanden, dass, wenn man als Absender (Envelope 
From), eine Mail angibt welche auch ein Postfach auf dem Empfängersystem 
besitzt, Postfix die Mail ablehnt.

Wie kann ich das jetzt lösen? Wenn noreply at example.de nicht auf dem Mailserver 
existiert, dann wird die Mail vom Smartrelay-Server gar nicht akzeptiert.

Anbei meine main.cf:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maximal_backoff_time = 1800s
maximal_queue_lifetime = 1d
message_size_limit = 26214400
milter_default_action = accept
milter_protocol = 6
minimal_backoff_time = 300s
mydestination = mail.example.de, localhost.example.de, localhost
myhostname = mail.example.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.4/32
myorigin = /etc/mailname
non_smtpd_milters = inet:127.0.0.1:10040
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
postscreen_access.cidr
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 
dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 
bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 
dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 
dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 
dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 
zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 
zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 
hostkarma.junkemailfilter.com=127.0.0.4*1 
hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps 
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains 
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps 
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks 
$smtpd_sender_login_maps
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/sql/
mysql_virtual_alias_maps.cf
relayhost =
smtp_header_checks = pcre:/etc/postfix/anonymize_headers.pcre
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/ssl/mail/mail.crt
smtp_tls_key_file = /etc/ssl/mail/mail.key
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:10040
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, 
reject_unknown_reverse_client_hostname, reject_unauth_destination, 
check_sender_access hash:/etc/postfix/sender_access
smtpd_restriction_classes = z1_greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth_dovecot
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/
mysql_virtual_sender_acl.cf, proxy:mysql:/etc/postfix/sql/
mysql_virtual_alias_maps.cf
smtpd_sender_restrictions = reject_sender_login_mismatch, permit_mynetworks, 
reject_sender_login_mismatch, permit_sasl_authenticated, 
reject_unlisted_sender, reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/mail.example.de.crt
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA
smtpd_tls_key_file = /etc/ssl/private/mail.example.de.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA
+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:
+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!
ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, 
proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/
etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/
sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/
mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/
mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/
mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000
z1_greylisting = permit_dnswl_client list.dnswl.org, check_policy_service 
inet:127.0.0.1:10023

Die master.cf:

smtp      inet  n       -       n       -       1       postscreen

smtpd      pass  -       -       n       -       -       smtpd
  -o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
  -o smtpd_proxy_filter=127.0.0.1:10025
  -o smtpd_client_connection_count_limit=10
  -o smtpd_proxy_options=speed_adjust

smtps    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_proxy_filter=127.0.0.1:10025
  -o smtpd_client_connection_count_limit=10
  -o smtpd_proxy_options=speed_adjust

submission inet n       -       -       -       -       smtpd
  -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_proxy_filter=127.0.0.1:10025
  -o smtpd_client_connection_count_limit=10
  -o smtpd_proxy_options=speed_adjust
  -o smtpd_enforce_tls=yes
  -o smtpd_tls_security_level=encrypt
  -o tls_preempt_cipherlist=yes

tlsproxy  unix  -       -       n       -       0       tlsproxy
dnsblog   unix  -       -       n       -       0       dnsblog
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $
{nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
127.0.0.1:10026 inet n - n - - smtpd
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o receive_override_options=no_unknown_recipient_checks
  -o smtpd_milters=inet:127.0.0.1:10040


Das Log auf dem Smartrelay, dem Webserver bei Versenden einer Typo3-Testmail:
Nov 24 17:18:03 apache2425 postfix/pickup[13062]: D6D8A6A: uid=33 
from=<noreply at it-example.com>
Nov 24 17:18:03 apache2425 postfix/cleanup[13364]: D6D8A6A: message-
id=<b629918ba945354e71cda898ebd7288a at project.it-example.com>
Nov 24 17:18:03 apache2425 postfix/qmgr[12429]: D6D8A6A: from=<noreply at it-
example.com>, size=937, nrcpt=1 (queue active)
Nov 24 17:18:04 apache2425 postfix/smtp[13368]: D6D8A6A: to=<info at it-
example.com>, relay=mail.example.de[187.54.78.28]:25, delay=0.48, 
delays=0.13/0.01/0.24/0.1, dsn=5.7.1, status=bounced (host 
mail.example.de[187.54.78.28] said: 553 5.7.1 <noreply at it-example.com>: Sender 
address rejected: not logged in (in reply to RCPT TO command))
Nov 24 17:18:04 apache2425 postfix/cleanup[13364]: 400446B: message-
id=<20171124161804.400446B at apache2425.it-example.com>
Nov 24 17:18:04 apache2425 postfix/bounce[13369]: D6D8A6A: sender non-delivery 
notification: 400446B
Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: 400446B: from=<>, size=3141, 
nrcpt=1 (queue active)
Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: D6D8A6A: removed
Nov 24 17:18:08 apache2425 postfix/smtp[13368]: 400446B: to=<noreply at it-
example.com>, relay=mail.example.de[187.54.78.28]:25, delay=4, 
delays=0.06/0/0.02/3.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 
58C3E121253)
Nov 24 17:18:08 apache2425 postfix/qmgr[12429]: 400446B: removed

Das Log passend auf dem Mailserver:

Nov 24 17:18:03 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:
60636 to [192.168.1.2]:25
Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60636
Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-
example.com[187.54.78.30]
Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: reject: RCPT from 
apache2.it-example.com[187.54.78.30]: 553 5.7.1 <noreply at it-example.com>: 
Sender address rejected: not logged in; from=<noreply at it-example.com> 
to=<info at it-example.com> proto=ESMTP helo=<apache2425.it-example.com>
Nov 24 17:18:04 mail postfix/smtpd[4542]: disconnect from apache2.it-
example.com[187.54.78.30]
Nov 24 17:18:04 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:
60638 to [192.168.1.2]:25
Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60638
Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-
example.com[187.54.78.30]
Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: client=apache2.it-
example.com[187.54.78.30]
Nov 24 17:18:04 mail postfix/smtpd[4543]: connect from localhost[127.0.0.1]
Nov 24 17:18:04 mail postfix/smtpd[4543]: 58C3E121253: 
client=localhost[127.0.0.1], orig_client=apache2.it-example.com[187.54.78.30]
Nov 24 17:18:04 mail spamd[2227]: spamd: got connection over /var/run/
spamd.sock
Nov 24 17:18:04 mail spamd[2227]: spamd: processing message 
<20171124161804.400446B at apache2425.it-example.com> for (unknown):113
Nov 24 17:18:08 mail spamd[2227]: spamd: clean message (-1.1/3.0) for 
(unknown):113 in 3.7 seconds, 3345 bytes.
Nov 24 17:18:08 mail spamd[2227]: spamd: result: . -1 - 
BAYES_00,HTML_MESSAGE,MPART_ALT_DIFF,URIBL_BLOCKED 
scantime=3.7,size=3345,user=(unknown),uid=113,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=/
var/run/spamd.sock,mid=<20171124161804.400446B at apache2425.it-
example.com>,bayes=0.000000,autolearn=no autolearn_force=no
Nov 24 17:18:08 mail postfix/cleanup[4544]: 58C3E121253: message-
id=<20171124161804.400446B at apache2425.it-example.com>
Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signing table match for 
'MAILER-DAEMON at apache2425.it-example.com'
Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signature data
Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: from=<>, size=3871, 
nrcpt=1 (queue active)
Nov 24 17:18:08 mail postfix/smtpd[4542]: proxy-accept: END-OF-MESSAGE: 250 
2.0.0 Ok: queued as 58C3E121253; from=<> to=<noreply at it-example.com> 
proto=ESMTP helo=<apache2425.it-example.com>
Nov 24 17:18:08 mail postfix/smtpd[4542]: disconnect from apache2.it-
example.com[187.54.78.30]
Nov 24 17:18:08 mail postfix/smtpd[4543]: disconnect from localhost[127.0.0.1]
Nov 24 17:18:08 mail spamd[30677]: prefork: child states: II
Nov 24 17:18:08 mail postfix/lmtp[4547]: 58C3E121253: to=<andreas at it-
example.com>, orig_to=<noreply at it-example.com>, relay=mail.example.de[private/
dovecot-lmtp], delay=4.2, delays=3.9/0.01/0/0.27, dsn=2.0.0, status=sent (250 
2.0.0 <andreas at it-example.com> jxluD0BGGFrEEQAAvAY5HQ Saved)
Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: removed

Ich würde mich über hilfreiche Antworten freuen.

Grüße

Andreas
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20171124/a034a8e0/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users