Verständnisfrage postscreen
Sebastian Schieke
sschieke at hans-bredow-institut.de
Di Jun 5 18:47:32 CEST 2018
Hallo Allerseits,
auf einem Testsystem möchte ich postscreen einsetzen. Nun übermittelt ein MUA via submission eine Nachricht zur Zustellung an einen externen Empfänger. Die Mail kann aber nicht versendet werden:
Jun 5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: 452E4100A4A: from=<s at fitzefatzebook.de>, size=911, nrcpt=1 (queue active)
Jun 5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: warning: connect to transport private/smtp: Connection refused
Ist Postfix in diesem Fall dann letlich auch MUA, und kann deshalb nicht versenden?
## master.cf
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_enforce_tls=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
relay unix - - n - - smtp
trace unix - - n - 0 bounce
proxymap unix - - n - - proxymap
anvil unix - - n - 1 anvil
scache unix - - - - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
spf-policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
retry unix - - - - - error
## main.cf
address_verify_map = btree:/var/spool/postfix/data/verify
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
compatibility_level = 2
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mailbox_command =
maximal_queue_lifetime = 3d
message_size_limit = 20971520
mydestination = mail.fitzefatzebook.de, fitzefatzebook.de, localhost
myhostname = mail.fitzefatzebook.de
mynetworks = 127.0.0.0/8
postscreen_bare_newline_enable = no
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 hostkarma.junkemailfilter.com=127.0.0.2*2 rep.mailspike.net=127.0.0.[10;11]*2 b.barracudacentral.org*2 rep.mailspike.net=127.0.0.[12;13] dnsbl.sorbs.net=127.0.0.[6;10] db.wpbl.info=127.0.0.2 bl.spamcop.net ix.dnsbl.manitu.net psbl.surriel.com dnsbl.inps.de ubl.unsubscore.com hostkarma.junkemailfilter.com=127.0.0.1*-2 list.dnswl.org=127.0.[0..255].2*-1 list.dnswl.org=127.0.[0..255].3*-2 rep.mailspike.net=127.0.0.[18;19]*-1 rep.mailspike.net=127.0.0.20*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = enforce
postscreen_greet_banner = $myhostname - Please wait to be seated
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:4}s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
relay_domains = hash:/etc/postfix/relay_domains
relayhost =
smtp_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient_rfc, check_client_access cidr:/etc/postfix/access_client, check_helo_access hash:/etc/postfix/access_helo, check_sender_access hash:/etc/postfix/access_sender, check_recipient_access hash:/etc/postfix/access_recipient, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, permit_sasl_authenticated, permit_mynetworks, permit_mx_backup, reject_unauth_destination, check_policy_service unix:private/policy, check_sender_access hash:/etc/postfix/disallow_my_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
transport_maps = hash:/etc/postfix/transport, hash:/etc/postfix/relay_domains
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 577
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
lG
Sebastian
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 183 bytes
Beschreibung: nicht verfügbar
URL : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20180605/f9a516be/attachment.asc>
Mehr Informationen über die Mailingliste Postfixbuch-users