AW: Probleme mit der * address verification

Klaus Tachtler klaus at tachtler.net
Fr Mai 13 13:18:18 CEST 2016 

Hallo Ronny,

was mir in Deiner Konfiguration fehlt ist:

Das Postfix Buch - Seite 208-214.
permit_mx_backup_networks = ...

bzw.

http://www.postfix.org/postconf.5.html#permit_mx_backup_networks

Nur so mal ganz schnell gesehen...

Auch in

Das Postfix Buch - Seite 185-214.
smtpd_recipient_restrictions = ...

taucht an geeigneter Stelle/Reihenfolge ein

permit_mx_backup,

bei mir auf...


Grüße
Klaus.

> Hallo Klaus, Hallo Liste,
>
>> Wie sieht denn Deine postconf -n bzw. postconf -nf aus?
>>
> ns1:~# postconf -nf
> alias_maps = $alias_database
> allow_min_user = yes
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = lmtp-amavis:[127.0.0.1]:10024
> default_process_limit = 75
> disable_vrfy_command = yes
> dovecot_destination_concurrency_limit = 1
> dovecot_destination_recipient_limit = 1
> inet_interfaces = 78.46.92.37 127.0.0.1 [::1] [2a01:4f8:120:6442::2]
> mail_name = postfix on linux
> mailbox_command = /usr/lib/dovecot/deliver
> mailbox_size_limit = 4294967296
> message_size_limit = 209715200
> mydestination = $myhostname, localhost, localhost.$mydomain
> mydomain = seffner-schlesier.de
> myhostname = ns1.seffner-schlesier.de
> mynetworks = 127.0.0.0/8 78.46.92.37/32 [::1]/128 [fe80::]/64
> myorigin = $mydomain
> non_smtpd_milters = inet:localhost:8891
> policy-spf_time_limit = 3600s
> policy_greylist = check_policy_service inet:127.0.0.1:10023
> proxy_read_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf,
>     proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf,
>     proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf,
>     proxy:mysql:/etc/postfix/mysql-virtual_policy_greylist.cf,
>     proxy:unix:passwd.byname
> queue_minfree = 1024000000
> recipient_bcc_maps = hash:/etc/postfix/recipient-bcc
> recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
> recipient_delimiter = +
> relay_domains = hash:/etc/postfix/relay_domains
> sender_bcc_maps = hash:/etc/postfix/sender-bcc
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> smtp_bind_address = 78.46.92.37
> smtp_bind_address6 = 2a01:4f8:120:6442::2
> smtp_tls_CAfile = /etc/postfix/ssl/ca-bundle.pem
> smtp_tls_exclude_ciphers = aNULL
> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
> smtp_tls_protocols = !SSLv2, !SSLv3
> smtp_tls_security_level = may
> smtp_use_tls = yes
> smtpd_client_restrictions = permit_mynetworks sleep 2  
> reject_unauth_pipelining
> smtpd_data_restrictions = reject_multi_recipient_bounce
> smtpd_delay_reject = no
> smtpd_helo_required = yes
> smtpd_milters = inet:localhost:8891
> smtpd_recipient_limit = 100
> smtpd_recipient_restrictions = reject_non_fqdn_recipient
>     reject_unknown_recipient_domain permit_mynetworks check_sender_access
>     hash:/etc/postfix/pre_sasl_senders permit_sasl_authenticated
>     check_recipient_access hash:/etc/postfix/roleaccount_exceptions
>     check_helo_access pcre:/etc/postfix/helo_checks reject_non_fqdn_hostname
>     reject_invalid_hostname check_sender_mx_access cidr:/etc/postfix/bogus_mx
>     check_sender_access hash:/etc/postfix/senders reject_unlisted_sender
>     check_client_access cidr:/etc/postfix/policyd-weight check_policy_service
>     inet:127.0.0.1:60001 check_client_access cidr:/etc/postfix/backup_mx
>     check_recipient_access
>     proxy:mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
>     check_recipient_access hash:/etc/postfix/swag-recipients
>     reject_unauth_destination reject_unverified_recipient  
> check_policy_service
>     unix:private/policy-spf
> smtpd_relay_restrictions = reject_non_fqdn_recipient
>     reject_unknown_recipient_domain permit_mynetworks check_sender_access
>     hash:/etc/postfix/pre_sasl_senders permit_sasl_authenticated
>     check_recipient_access hash:/etc/postfix/roleaccount_exceptions
>     check_helo_access pcre:/etc/postfix/helo_checks reject_non_fqdn_hostname
>     reject_invalid_hostname check_sender_mx_access cidr:/etc/postfix/bogus_mx
>     check_sender_access hash:/etc/postfix/senders reject_unlisted_sender
>     check_client_access cidr:/etc/postfix/policyd-weight check_policy_service
>     inet:127.0.0.1:60001 check_client_access cidr:/etc/postfix/backup_mx
>     check_recipient_access  
> mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
>     check_recipient_access hash:/etc/postfix/swag-recipients
>     reject_unauth_destination reject_unverified_recipient  
> check_policy_service
>     unix:private/policy-spf
> smtpd_restriction_classes = policy_greylist
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = reject_non_fqdn_sender  
> reject_unknown_sender_domain
> smtpd_tls_CAfile = /etc/postfix/ssl/ca-bundle.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file =  
> /etc/postfix/ssl/wildcard_seffner-schlesier_de.2014_2.crt
> smtpd_tls_ciphers = high
> smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
> smtpd_tls_eecdh_grade = strong
> smtpd_tls_exclude_ciphers = aNULL
> smtpd_tls_key_file =  
> /etc/postfix/ssl/wildcard_seffner-schlesier_de.2014_2.key
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_protocols = !SSLv2, !SSLv3
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> smtpd_use_tls = yes
> spamassassin_destination_recipient_limit = 1
> strict_rfc821_envelopes = yes
> tls_preempt_cipherlist = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/etc/postfix/transport
> unknown_address_reject_code = 554
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> unverified_recipient_reject_code = 550
> virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf
> virtual_gid_maps = static:2000
> virtual_mailbox_base = /
> virtual_mailbox_domains =
>     proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
> virtual_mailbox_limit = 4294967296
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
> virtual_transport = dovecot
> virtual_uid_maps = static:2000
>
>> Ist ein "nicht primärer MXer" ein Backup-MX und als solcher definiert,
>> oder nur mit einer anderen Gewichtung versehen 10 mx1.doamin.tld 20
>> mx2.domain.tld usw.?
>>
> Ja, ich rede hier von dem was ich unter Backup-MX verstehe. Was  
> macht einen Mailserver denn zum Backup-MX?
> - es gibt im DNS einen MX mit größerer "Gewichtung"
> - auf dem "Backup-MX" sind die betreffenden Domains in relay_domains gelistet
>
>> Ich bin auch für einen anderen MXer der "Backup-MX" und nehme für den
>> "primären MX" auch double-bounce an, OHNE dafür ein Postfach angelegt
>> zu haben.
>>
> Ja, genau das würde ich laut Manual eben auch erwarten.
>
>
> Mit freundlichen Grüßen / Kind regards
>      Ronny Seffner
> --
> Ronny Seffner  |  Alter Viehweg 1  |  01665 Klipphausen
> www.seffner.de  |  ronny at seffner.de  |  +49 35245 72950
> 7EA62E22D9CC4F0B74DCBCEA864623A568694DB8


----- Ende der Nachricht von Ronny Seffner <ronny at seffner.de> -----




--

------------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------

Mehr Informationen über die Mailingliste Postfixbuch-users