Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
-
AWOHille
- Posts: 271
- Joined: 2011-09-05 09:00
Post
by AWOHille » 2012-08-15 21:14
Hallo,
ich habe mit Outlook ein kleines Problem, welches bisher mit noch keiner Outlook Version auftrat. Wie ich im Netz gelesen habe, scheint das bei Outlook sehr sporadisch aufzutreten. Vielleicht gibt es aber ne Lösung, außer den Hostnamen Check in postfix zu deaktivieren:
Code: Select all
postfix/smtpd[9403]: NOQUEUE: reject: RCPT from p5DC5A927.dip.t-dialin.net[93.197.0.0]: 504 5.5.2 <PC>: Helo command rejected: need fully-qualified hostname; from=<info@meine_domain.de> to=<info@meine_domain.de> proto=SMTP helo=<PC>
Warum sendet Outlook nur den Namen des Rechners? Wie kann ich Outlook beibringen, die IP-Adresse des sendenden Rechnes zu verwenden? Oder gibt es eine andere Lösung?
Gruß Hille
-
Joe User
- Project Manager
- Posts: 11598
- Joined: 2003-02-27 01:00
- Location: Hamburg
Post
by Joe User » 2012-08-16 00:16
Bitte die Ausgabe posten:
-
AWOHille
- Posts: 271
- Joined: 2011-09-05 09:00
Post
by AWOHille » 2012-08-16 16:00
Code: Select all
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_size_limit = 10000
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_destination_recipient_limit = 100
default_recipient_limit = 100
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4, ipv6
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 5368709120
maximal_queue_lifetime = 5d
message_size_limit = 104857600
milter_default_action = accept
milter_protocol = 2
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = web01.myhost.com, localhost.myhost.com, localhost
myhostname = mailgateway.myhost.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = reject_invalid_hostname
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unauth_pipelining,
permit
smtpd_milters = inet:localhost:8891
smtpd_proxy_timeout = 7200s
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_sender_login_mismatch,
reject_unauth_pipelining,
reject_unauth_destination,
reject_multi_recipient_bounce,
reject_invalid_helo_hostname,
check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
check_client_access hash:/etc/postfix/policyd_weight_client_whitelist,
check_recipient_access hash:/etc/postfix/policyd_weight_recipient_whitelist,
check_policy_service inet:127.0.0.1:12525, check_policy_service unix:private/policy,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth_dovecot
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated, permit_tls_clientcerts,
reject_authenticated_sender_login_mismatch,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
check_sender_access regexp:/etc/postfix/tag_as_foreign.re,
permit
smtpd_timeout = 7200s
smtpd_tls_CAfile = /etc/ssl/certs/cert.ca-bundle
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/cert.crt
smtpd_tls_key_file = /etc/ssl/private/cert.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 112400000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = dovecot
virtual_uid_maps = static:5000
Gruß Hille
Last edited by AWOHille on 2012-08-16 16:01, edited 1 time in total.
-
Joe User
- Project Manager
- Posts: 11598
- Joined: 2003-02-27 01:00
- Location: Hamburg
Post
by Joe User » 2012-08-16 16:20
Diese Optionen würde ich verwenden, der Rest ist für ein Debian-System OK:
Code: Select all
smtpd_client_restrictions =
sleep 1,
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
reject_unauth_pipelining,
permit
###smtpd_delay_reject = yes
smtpd_data_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
permit
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unauth_pipelining,
check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
check_client_access hash:/etc/postfix/policyd_weight_client_whitelist,
check_recipient_access hash:/etc/postfix/policyd_weight_recipient_whitelist,
check_policy_service inet:127.0.0.1:12525,
check_policy_service unix:private/policy,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_tls_clientcerts,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
check_sender_access regexp:/etc/postfix/tag_as_foreign.re,
permit
Damit dürfte Dein Problem nicht mehr auftreten.
-
AWOHille
- Posts: 271
- Joined: 2011-09-05 09:00
Post
by AWOHille » 2012-08-16 20:56
Joe User wrote:Damit dürfte Dein Problem nicht mehr auftreten.
Leider doch:
Code: Select all
NOQUEUE: reject: RCPT from p5DC5A5CA.dip.t-dialin.net[93.197.0.0]: 504 5.5.2 <PC>: Helo command rejected: need fully-qualified hostname; from=<info@meine_domain.de> to=<info@meine_domain.de> proto=SMTP helo=<PC>
Führt aber nicht genau dieser Teil zum reject?
Code: Select all
smtpd_helo_restrictions =
reject_non_fqdn_helo_hostname,
Gruß Hille
Last edited by AWOHille on 2012-08-16 20:57, edited 1 time in total.
-
Joe User
- Project Manager
- Posts: 11598
- Joined: 2003-02-27 01:00
- Location: Hamburg
Post
by Joe User » 2012-08-17 15:17
Eine mögliche Lösung, funktioniert bei mir seit mehreren Jahren:
Einen DynDNS-Account für den Internetanschluss einrichten und gegebenenfalls den FQDN des DynDNS-Accounts zusätzlich noch in die hosts Datei Deines OS eintragen.
Ich meine zwar vor einigen Jahren Windows direkt einen FQDN verpasst zu haben, kann momentan aber keine passenden Optionen in Win7Pro finden. Vielleicht verwechsle ich das aber auch mit einer alten KDE3-Installation.
-
Joe User
- Project Manager
- Posts: 11598
- Joined: 2003-02-27 01:00
- Location: Hamburg
Post
by Joe User » 2012-08-17 15:22
AWOHille wrote:Führt aber nicht genau dieser Teil zum reject?
Code: Select all
smtpd_helo_restrictions =
reject_non_fqdn_helo_hostname,
Ja, dieser Check könnte die Ursache sein, aber nur dann, wenn Du ohne SMTP-AUTH (SASL) versenden würdest. Mit SMTP-AUTH würde zuerst permit_sasl_authenticated greifen und reject_non_fqdn_helo_hostname gar nicht mehr gefragt, da es hinter permit_sasl_authenticated steht.
Die Reihenfolge der Optionen ist sehr wichtig, denn first-match-wins.
