Re: Verständnisfrage postscreen
Carsten Rosenberg
cr at ncxs.de
Di Jun 5 22:03:12 CEST 2018
Ich glaube dir fehlt einfach der smtp Client
smtp unix - - - - - smtp
VG Carsten
On 05.06.2018 18:47, Sebastian Schieke wrote:
> Hallo Allerseits,
>
> auf einem Testsystem möchte ich postscreen einsetzen. Nun übermittelt ein MUA via submission eine Nachricht zur Zustellung an einen externen Empfänger. Die Mail kann aber nicht versendet werden:
>
> Jun 5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: 452E4100A4A: from=<s at fitzefatzebook.de>, size=911, nrcpt=1 (queue active)
> Jun 5 16:38:30 vps-zap336907-1 postfix/qmgr[18167]: warning: connect to transport private/smtp: Connection refused
>
> Ist Postfix in diesem Fall dann letlich auch MUA, und kann deshalb nicht versenden?
>
>
> ## master.cf
> smtp inet n - n - 1 postscreen
> smtpd pass - - n - - smtpd
> dnsblog unix - - n - 0 dnsblog
> tlsproxy unix - - n - 0 tlsproxy
>
> submission inet n - n - - smtpd
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_enforce_tls=yes
>
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> showq unix n - n - - showq
> error unix - - n - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> relay unix - - n - - smtp
> trace unix - - n - 0 bounce
> proxymap unix - - n - - proxymap
> anvil unix - - n - 1 anvil
> scache unix - - - - 1 scache
> discard unix - - n - - discard
> tlsmgr unix - - n 1000? 1 tlsmgr
>
> spf-policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
>
> retry unix - - - - - error
>
>
> ## main.cf
> address_verify_map = btree:/var/spool/postfix/data/verify
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 3d
> broken_sasl_auth_clients = yes
> compatibility_level = 2
> inet_interfaces = all
> inet_protocols = ipv4
> local_recipient_maps =
> mailbox_command =
> maximal_queue_lifetime = 3d
> message_size_limit = 20971520
> mydestination = mail.fitzefatzebook.de, fitzefatzebook.de, localhost
> myhostname = mail.fitzefatzebook.de
> mynetworks = 127.0.0.0/8
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = enforce
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = zen.spamhaus.org*3 hostkarma.junkemailfilter.com=127.0.0.2*2 rep.mailspike.net=127.0.0.[10;11]*2 b.barracudacentral.org*2 rep.mailspike.net=127.0.0.[12;13] dnsbl.sorbs.net=127.0.0.[6;10] db.wpbl.info=127.0.0.2 bl.spamcop.net ix.dnsbl.manitu.net psbl.surriel.com dnsbl.inps.de ubl.unsubscore.com hostkarma.junkemailfilter.com=127.0.0.1*-2 list.dnswl.org=127.0.[0..255].2*-1 list.dnswl.org=127.0.[0..255].3*-2 rep.mailspike.net=127.0.0.[18;19]*-1 rep.mailspike.net=127.0.0.20*-2
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_whitelist_threshold = -2
> postscreen_greet_action = enforce
> postscreen_greet_banner = $myhostname - Please wait to be seated
> postscreen_greet_ttl = 1d
> postscreen_greet_wait = ${stress?2}${stress:4}s
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> relay_domains = hash:/etc/postfix/relay_domains
> relayhost =
> smtp_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
> smtp_tls_exclude_ciphers = RC4, aNULL
> smtp_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
> smtp_tls_security_level = may
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient_rfc, check_client_access cidr:/etc/postfix/access_client, check_helo_access hash:/etc/postfix/access_helo, check_sender_access hash:/etc/postfix/access_sender, check_recipient_access hash:/etc/postfix/access_recipient, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, permit_sasl_authenticated, permit_mynetworks, permit_mx_backup, reject_unauth_destination, check_policy_service unix:private/policy, check_sender_access hash:/etc/postfix/disallow_my_domain, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/live/fitzefatzebook.de/fullchain.pem
> smtpd_tls_exclude_ciphers = RC4, aNULL
> smtpd_tls_key_file = /etc/letsencrypt/live/fitzefatzebook.de/privkey.pem
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_security_level = may
> tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> transport_maps = hash:/etc/postfix/transport, hash:/etc/postfix/relay_domains
> unknown_address_reject_code = 550
> unknown_client_reject_code = 550
> unknown_hostname_reject_code = 550
> unverified_recipient_reject_code = 577
> unverified_sender_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/virtual
>
> lG
> Sebastian
>
Mehr Informationen über die Mailingliste Postfixbuch-users