Postfix 554 relay access denied die 1000ste aber anders

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
grafzahl
Posts: 19
Joined: 2002-09-11 19:39

Postfix 554 relay access denied die 1000ste aber anders

Post by grafzahl » 2003-09-18 19:51

Hallöchen zusammen,

ich weiß, daß das Thema bis zum erbrechen durchgekaut wurde. Ich habe allerdings herrausgefunden, warum bei mir der Fehler auftritt.

Code: Select all

smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
#    reject_unauth_destination,
    reject_maps_rbl,
    permit_sasl_authenticated,
    permit_mynetworks,
    check_relay_domains
Sobald ich reject_unauth_destination auskommentieere funktioniert alles bestens. Ansonsten kann ich von keinem Web Mails versenden.

Kann mir irgendjemand einen Tip geben ?

Meine vollständige main.cf:

Code: Select all

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
default_privs = autoresp
myhostname = mail.meinedomain.de
mydomain = meinedomain.de
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain, smtp.$mydomain
mynetworks_style = host
local_recipient_maps = $alias_maps unix:passwd.byname
in_flow_delay = 0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mail_spool_directory = /var/mail
fast_flush_domains = $relay_domains
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
         PATH=/usr/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES

maps_rbl_domains =
   bl.spamcop.net,
   relays.ordb.org,
   opm.blitzed.org,
   blackholes.easynet.nl,
   list.dsbl.org,
   opm.blitzed.org,
   sbl.spamhaus.org

smtpd_helo_required     = yes

#suseconfig:
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
inet_interfaces = all
masquerade_domains = meinedomain.de
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_sasl_authenticated
strict_rfc821_envelopes = no
smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
#    reject_unauth_destination,
    reject_maps_rbl,
    permit_sasl_authenticated,
    permit_mynetworks,
    check_relay_domains

#SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

#TLS Support
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Gruß Axel

squize
Userprojekt
Userprojekt
Posts: 741
Joined: 2003-05-19 16:46
Location: Karlsruhe

Re: Postfix 554 relay access denied die 1000ste aber anders

Post by squize » 2003-09-18 20:35

Der Trick bei der Sache, ist die Reihenfolge.

Du hast permmit_mynetorks fast am ende. Postfix nimmt die erste Regel, die zutrifft.
enn jetzt ein ebcllient eine MAiil verschickt, dann bleibbt sie anscheinend in der erähnten Regel hängen.
Also ürde ich die Reihenfolge folgendermassen ändern:

mtpd_recipient_restrictions =
reject_invalid_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain, permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_pipelining,
reject_unauth_destination,
reject_maps_rbl, check_relay_domains

Sollte dann eigentlich funzen

Gruss

Marc

P.S.: Ausserdem ist my_netorks nicht definiert my_netorks=127.0.0.1/8