Verständnisfrage postscreen

Sebastian Schieke sschieke at hans-bredow-institut.de
Di Jun 5 18:47:32 CEST 2018


Hallo Allerseits,

auf einem Testsystem möchte ich postscreen einsetzen. Nun übermittelt ein MUA via submission eine Nachricht zur Zustellung an einen externen Empfänger. Die Mail kann aber nicht versendet werden: 

Jun  5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: 452E4100A4A: from=<s at fitzefatzebook.de>, size=911, nrcpt=1 (queue active)
Jun  5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: warning: connect to transport private/smtp: Connection refused

Ist Postfix in diesem Fall dann letlich auch MUA, und kann deshalb nicht versenden?


## master.cf
smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd
dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy

submission inet  n       -       n       -       -       smtpd
         -o smtpd_sasl_auth_enable=yes
         -o smtpd_enforce_tls=yes

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
relay    unix  -       -       n       -       -       smtp
trace    unix  -       -       n       -       0       bounce
proxymap  unix -       -       n       -       -       proxymap
anvil    unix  -       -       n       -       1       anvil
scache   unix  -       -       -       -       1       scache
discard          unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000?   1       tlsmgr

spf-policy  unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl

retry     unix  -       -       -       -       -       error


## main.cf
address_verify_map = btree:/var/spool/postfix/data/verify
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
compatibility_level = 2
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mailbox_command =
maximal_queue_lifetime = 3d
message_size_limit = 20971520
mydestination = mail.fitzefatzebook.de, fitzefatzebook.de, localhost
myhostname = mail.fitzefatzebook.de
mynetworks = 127.0.0.0/8
postscreen_bare_newline_enable = no
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 hostkarma.junkemailfilter.com=127.0.0.2*2 rep.mailspike.net=127.0.0.[10;11]*2 b.barracudacentral.org*2 rep.mailspike.net=127.0.0.[12;13] dnsbl.sorbs.net=127.0.0.[6;10] db.wpbl.info=127.0.0.2 bl.spamcop.net ix.dnsbl.manitu.net psbl.surriel.com dnsbl.inps.de ubl.unsubscore.com hostkarma.junkemailfilter.com=127.0.0.1*-2 list.dnswl.org=127.0.[0..255].2*-1 list.dnswl.org=127.0.[0..255].3*-2 rep.mailspike.net=127.0.0.[18;19]*-1 rep.mailspike.net=127.0.0.20*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = enforce
postscreen_greet_banner = $myhostname - Please wait to be seated
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:4}s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
relay_domains = hash:/etc/postfix/relay_domains
relayhost =
smtp_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient_rfc, check_client_access cidr:/etc/postfix/access_client, check_helo_access hash:/etc/postfix/access_helo, check_sender_access hash:/etc/postfix/access_sender, check_recipient_access hash:/etc/postfix/access_recipient, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, permit_sasl_authenticated, permit_mynetworks, permit_mx_backup, reject_unauth_destination, check_policy_service unix:private/policy, check_sender_access hash:/etc/postfix/disallow_my_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
transport_maps = hash:/etc/postfix/transport, hash:/etc/postfix/relay_domains
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 577
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

lG
Sebastian
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 183 bytes
Beschreibung: nicht verfügbar
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20180605/f9a516be/attachment.asc>


Mehr Informationen über die Mailingliste Postfixbuch-users