[Gelöst] Nach Serverumzug werden keine E-Mails mehr ausgeliefert

[cos]

Hallo zusammen!

Vor 2 Tagen wurde der Internet Server auf eine andere physikalische Maschine umgezogen.
Seither können keine E-Mails mehr vom Postfix an den lokalen User ausgeliefert werden.
Fehlermeldung:
Apr 22 17:44:34 t39 postfix/error[16864]: 944492852D: to=<vorname.nachname@domain1.de>, relay=none, delay=4680, delays=4680/0.01/0/0.01, dsn=4.1.1, status=SOFTBOUNCE (User unknown in virtual alias table)

Ich könnte hier etwas Hilfe gebrauchen.

Die Konfigurationsdatei main.cf habe ich 1:1 übernommen und nur die Variablen myhostname und mynetwork angepasst.
myhostname = server1.hosterdomain.de
mynetworks = 127.0.0.0/8, eth0, eth0:1, eth0:2, eth0:3 # Anstatt der hier dargestellten Schnittstellen sind natürlich die IP Adressen eingetragen. ;)
Weiterhin habe ich die Zeile für Amavis vorübergehned auskommentiert. Ich will hier erst einmal keine weitere Fehlerquelle haben.
Selbstverständlich habe ich auch ein postmap auf die virtualmaps gemacht.

Sehe ich den Wald voller Bäume nicht? Was braucht ihr ggf. noch?
main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_tls_auth_only = no

smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

myhostname = server1.hosterdomain.de
alias_maps = hash:/etc/aliases
newaliases_path = /usr/bin/newaliases
myorigin = $myhostname
# /etc/mailname

inet_interfaces = all
relayhost =
mynetworks = 127.0.0.0/8, eth0, eth0:1, eth0:2, eth0:3

## ausliefern ###
home_mailbox = Maildir/
mailbox_command=

mailbox_size_limit = 0
message_size_limit = 0
recipient_delimiter = +

mydestination = $myhostname, mail.$myhostname, smtp.$myhostname, $mynetworks, localhost

relay_domains = $mydestination
unknown_local_recipient_reject_code = 550
maximal_queue_lifetime = 2h
bounce_queue_lifetime = 0
soft_bounce = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes

header_checks = pcre:/etc/postfix/header_checks.pcre
mime_header_checks = pcre:/etc/postfix/mime_header_check.pcre
# body_checks = pcre:/etc/postfix/body_check.pcre
# content_filter = amavis:[127.0.0.1]:10024

receive_override_options = no_address_mappings
smtpd_sender_restrictions = reject_unknown_address, reject_unknown_sender_domain

default_rbl_reply = $rbl_code RBLTRAP: E-Mail blocked! See http://www.spamhaus.org/query/ip/${client_address}

smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/freemail_check,
check_policy_service inet:127.0.0.1:10023,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_rhsbl_client rhsbl.sorbs.net,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client ix.dnsbl.manitu.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client bl.spamcop.net,
reject_unknown_reverse_client_hostname,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client pbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dialup.blacklist.jippg.org,
reject_rbl_client whois.rfc-ignorant.org,
check_client_access regexp:/etc/postfix/blacklist_clients,
check_helo_access hash:/etc/postfix/helo_access,
permit

smtpd_data_restrictions = reject_unauth_pipelining
permit

virtual_alias_maps = hash:/etc/postfix/virtualUsers, hash:/etc/postfix/virtualDomains
virtual_maps = hash:/etc/postfix/virtualUsers, hash:/etc/postfix/virtualDomains

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd

##MY_smtpd_restriction_classes_Beginn##
smtpd_restriction_classes = server1_hosterdomain_de
virtual_domain1_de
virtual_domain2_com
virtual_domain3_com

server1_hosterdomain_de = check_client_access pcre:/etc/postfix/maps/server1.hosterdomain.de
virtual_domain1_de = check_client_access pcre:/etc/postfix/maps/virtual.domain1.de
virtual_domain2_com = check_client_access pcre:/etc/postfix/maps/virtual.domain2.com
virtual_domain3_com = check_client_access pcre:/etc/postfix/maps/virtual.domain3.com

virtualUsers

webmaster@domain2.com lokaleruser1
webmaster@domain3.com lokaleruser1
vorname.nachname@domain1.de lokaleruser2
conseiller@domain2.com lokaleruser3

Aus historischen Gründen ist die /etc/postfix/virtualDomains mitgewandert. Ich weiß, die sollte eigentlich nicht benötigt werden.
virtualDomains

domain1.de lokaleruser2
domain2.com lokaleruser1
domain3.com lokaleruser1

Habt ihr eine Idee warum hier keine Mail zugestellt werden kann?
Es sieht so aus als würde postfix die virtualmaps nicht nehmen.

Gruß
cos

Edit
PS: Sende ich eine Mail von extern an lokaleruser2@server1.hosterdomain.de, dann kommt die auch bei lokaleruser2 an.

[Joe User]

Moin cos,

ich habe Deine main.cf und master.cf mal auf einen aktuellen Stand gebracht:

main.cf (bitte durchgehen und Pfade, Domains etc. passend ersetzen):

Code: Select all

allow_percent_hack = no
always_add_missing_headers = yes
biff = no
body_checks = pcre:/etc/postfix/body_check.pcre
compatibility_level = 2
content_filter = amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
disable_vrfy_command = yes
enable_long_queue_ids = yes
fast_flush_domains =
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
lmtp_tls_fingerprint_digest = sha1
local_header_rewrite_clients = permit_mynetworks permit_sasl_authenticated
mailbox_size_limit = 0
masquerade_domains = $mydomain
masquerade_exceptions = root mailer-daemon
message_size_limit = 0
milter_default_action = accept
mime_header_checks = pcre:/etc/postfix/mime_header_check.pcre
mydestination = $myhostname localhost.$mydomain localhost
mydomain = domain.tld
myhostname = server1.$mydomain
mynetworks =
  127.0.0.0/8
  [::1]/128
  eth0
  eth0:1
  eth0:2
  eth0:3
#mynetworks_style = host
#myorigin = server1.$mydomain
non_smtpd_milters = $smtpd_milters
notify_classes = data protocol resource software
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =
  list.dnswl.org=127.0.[0..255].0*-2
  list.dnswl.org=127.0.[0..255].1*-4
  list.dnswl.org=127.0.[0..255].2*-6
  list.dnswl.org=127.0.[0..255].3*-8
  zen.spamhaus.org=127.0.0.9*25
  zen.spamhaus.org=127.0.0.3*10
  zen.spamhaus.org=127.0.0.2*5
  zen.spamhaus.org=127.0.0.[4..7]*3
  zen.spamhaus.org=127.0.0.[10..11]*3
  swl.spamhaus.org*-10
  bl.mailspike.net=127.0.0.2*10
  bl.mailspike.net=127.0.0.10*5
  bl.mailspike.net=127.0.0.11*4
  bl.mailspike.net=127.0.0.12*3
  bl.mailspike.net=127.0.0.13*2
  bl.mailspike.net=127.0.0.14*1
  wl.mailspike.net=127.0.0.16*-2
  wl.mailspike.net=127.0.0.17*-4
  wl.mailspike.net=127.0.0.18*-6
  wl.mailspike.net=127.0.0.19*-8
  wl.mailspike.net=127.0.0.20*-10
  backscatter.spameatingmonkey.net*2
  bl.ipv6.spameatingmonkey.net*2
  bl.spameatingmonkey.net*2
  ix.dnsbl.manitu.net*2
  bl.spamcop.net*2
  db.wpbl.info*2
  psbl.surriel.com*2
  torexit.dan.me.uk*2
  tor.dan.me.uk*1
  safe.dnsbl.sorbs.net*1
postscreen_dnsbl_threshold = 5
postscreen_dnsbl_whitelist_threshold = 0
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
recipient_delimiter = +
remote_header_rewrite_domain = domain.invalid
show_user_unknown_table_name = no
smtp_dns_support_level = enabled
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL eNULL MEDIUM LOW EXPORT
smtp_tls_fingerprint_digest = sha1
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL eNULL MEDIUM LOW EXPORT
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_port_logging = yes
smtpd_client_restrictions =
  sleep 1
  permit
smtpd_data_restrictions =
  reject_unauth_pipelining
  reject_multi_recipient_bounce
  permit
smtpd_delay_reject = yes
smtpd_end_of_data_restrictions =
  permit
smtpd_etrn_restrictions =
  reject
smtpd_helo_required = yes
smtpd_helo_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_invalid_helo_hostname
  reject_non_fqdn_helo_hostname
  permit
smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_non_fqdn_recipient
  reject_unknown_recipient_domain
  check_recipient_access pcre:${config_directory}/recipient_checks.pcre
#  check_policy_service inet:127.0.0.1:10023
  permit
smtpd_relay_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination
  permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions =
  reject_non_fqdn_sender
  reject_unknown_sender_domain
  permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL eNULL MEDIUM LOW EXPORT
smtpd_tls_fingerprint_digest = sha1
smtpd_tls_key_file = /etc/ssl/certs/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL eNULL MEDIUM LOW EXPORT
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
strict_rfc821_envelopes = yes
swap_bangpath = no
tls_daemon_random_bytes = 64
tls_high_cipherlist = EECDH+ECDSA+CHACHA20 EECDH+CHACHA20 EECDH+ECDSA+AESGCM EECDH+AESGCM EECDH+ECDSA+AES256 EECDH+AES256 EECDH+ECDSA+AES128 EECDH+AES128 EECDH+ECDSA+3DES EECDH+3DES EDH+CHACHA20 EDH+AESGCM EDH+AES256 EDH+AES128 EDH+3DES
tls_medium_cipherlist = EECDH+ECDSA+CHACHA20 EECDH+CHACHA20 EECDH+ECDSA+AESGCM EECDH+AESGCM EECDH+ECDSA+AES256 EECDH+AES256 EECDH+ECDSA+AES128 EECDH+AES128 EECDH+ECDSA+3DES EECDH+3DES EDH+CHACHA20 EDH+AESGCM EDH+AES256 EDH+AES128 EDH+3DES AESGCM AES256 AES128 3DES
tls_preempt_cipherlist = yes
tls_random_bytes = 64
tls_ssl_options = NO_COMPRESSION
virtual_alias_domains = hash:${config_directory}/virtualDomains
virtual_alias_maps = hash:${config_directory}/virtualUsers

master.cf (bitte um Deine benötigten transports wie etwa amavis oder cyrus-sasl oder dovecot etc. erweitern):

Code: Select all

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
#smtp      inet  n       -       n       -       -       smtpd
smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd
dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#

Ich habe versucht möglichst viele Deiner Einstellungen beizubehalten, gleichzeitig aber auch einige Aktualisierungen, Optimierungen und sinnvolle Erweiterungen vorgenommen.
Sollte es zu unerwarteten Problemen kommen, melde Dich bitte mit ausführlichen Fehlermeldungen und Logauszügen nochmal, dann schaue ich mir das gerne an und finde vermutlich auch eine Lösung.

Fragen welche sich nicht durch http://www.postfix.org/postconf.5.html beantworten lassen, beantworte ich selbstverständlich auch gerne.

[cos]

Hallo Joe User,

vielen Dank. Also das ist schon ziemlich viel was da erneuert wurde. Vielen Dank dafür.
Ich habe das an unsere Dateien angepasst und siehe da. Es geht gut.

Vielen Dank noch mal dafür.

Gruß
cos