Re: Verständnisfrage postscreen

Carsten Rosenberg cr at ncxs.de
Di Jun 5 22:03:12 CEST 2018


Ich glaube dir fehlt einfach der smtp Client

smtp       unix  -       -       -       -       -       smtp


VG Carsten

On 05.06.2018 18:47, Sebastian Schieke wrote:
> Hallo Allerseits,
> 
> auf einem Testsystem möchte ich postscreen einsetzen. Nun übermittelt ein MUA via submission eine Nachricht zur Zustellung an einen externen Empfänger. Die Mail kann aber nicht versendet werden: 
> 
> Jun  5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: 452E4100A4A: from=<s at fitzefatzebook.de>, size=911, nrcpt=1 (queue active)
> Jun  5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: warning: connect to transport private/smtp: Connection refused
> 
> Ist Postfix in diesem Fall dann letlich auch MUA, und kann deshalb nicht versenden?
> 
> 
> ## master.cf
> smtp      inet  n       -       n       -       1       postscreen
> smtpd     pass  -       -       n       -       -       smtpd
> dnsblog   unix  -       -       n       -       0       dnsblog
> tlsproxy  unix  -       -       n       -       0       tlsproxy
> 
> submission inet  n       -       n       -       -       smtpd
>          -o smtpd_sasl_auth_enable=yes
>          -o smtpd_enforce_tls=yes
> 
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> relay    unix  -       -       n       -       -       smtp
> trace    unix  -       -       n       -       0       bounce
> proxymap  unix -       -       n       -       -       proxymap
> anvil    unix  -       -       n       -       1       anvil
> scache   unix  -       -       -       -       1       scache
> discard          unix  -       -       n       -       -       discard
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> 
> spf-policy  unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
> 
> retry     unix  -       -       -       -       -       error
> 
> 
> ## main.cf
> address_verify_map = btree:/var/spool/postfix/data/verify
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 3d
> broken_sasl_auth_clients = yes
> compatibility_level = 2
> inet_interfaces = all
> inet_protocols = ipv4
> local_recipient_maps =
> mailbox_command =
> maximal_queue_lifetime = 3d
> message_size_limit = 20971520
> mydestination = mail.fitzefatzebook.de, fitzefatzebook.de, localhost
> myhostname = mail.fitzefatzebook.de
> mynetworks = 127.0.0.0/8
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = enforce
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = zen.spamhaus.org*3 hostkarma.junkemailfilter.com=127.0.0.2*2 rep.mailspike.net=127.0.0.[10;11]*2 b.barracudacentral.org*2 rep.mailspike.net=127.0.0.[12;13] dnsbl.sorbs.net=127.0.0.[6;10] db.wpbl.info=127.0.0.2 bl.spamcop.net ix.dnsbl.manitu.net psbl.surriel.com dnsbl.inps.de ubl.unsubscore.com hostkarma.junkemailfilter.com=127.0.0.1*-2 list.dnswl.org=127.0.[0..255].2*-1 list.dnswl.org=127.0.[0..255].3*-2 rep.mailspike.net=127.0.0.[18;19]*-1 rep.mailspike.net=127.0.0.20*-2
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_whitelist_threshold = -2
> postscreen_greet_action = enforce
> postscreen_greet_banner = $myhostname - Please wait to be seated
> postscreen_greet_ttl = 1d
> postscreen_greet_wait = ${stress?2}${stress:4}s
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> relay_domains = hash:/etc/postfix/relay_domains
> relayhost =
> smtp_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
> smtp_tls_exclude_ciphers = RC4, aNULL
> smtp_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
> smtp_tls_security_level = may
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient_rfc, check_client_access cidr:/etc/postfix/access_client, check_helo_access hash:/etc/postfix/access_helo, check_sender_access hash:/etc/postfix/access_sender, check_recipient_access hash:/etc/postfix/access_recipient, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, permit_sasl_authenticated, permit_mynetworks, permit_mx_backup, reject_unauth_destination, check_policy_service unix:private/policy, check_sender_access hash:/etc/postfix/disallow_my_domain, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
> smtpd_tls_exclude_ciphers = RC4, aNULL
> smtpd_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_security_level = may
> tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> transport_maps = hash:/etc/postfix/transport, hash:/etc/postfix/relay_domains
> unknown_address_reject_code = 550
> unknown_client_reject_code = 550
> unknown_hostname_reject_code = 550
> unverified_recipient_reject_code = 577
> unverified_sender_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/virtual
> 
> lG
> Sebastian
> 


Mehr Informationen über die Mailingliste Postfixbuch-users