postfix recipient_access list

t.berthel at gmx.net t.berthel at gmx.net
Do Aug 17 08:27:20 CEST 2017


Guten Morgen,

ja ich verstehe es auch noch nicht so recht, aber hier mal die postconf (hatte im ersten Auszug einen Fehler mit copy&paste daher der Unterschied):

:postconf -n
access_map_reject_code = 554
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_queue_lifetime = 2h
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = no
command_directory = /usr/sbin
compatibility_level = 2
content_filter = amavislt:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
default_rbl_reply = $rbl_code RBLTRAP: $client blocked using $rbl_domain Reason: $rbl_reason
delay_warning_time = 1h
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
invalid_hostname_reject_code = 501
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_reject_code = 550
maximal_queue_lifetime = 4h
message_size_limit = 209715200
mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre
multi_recipient_bounce_reject_code = 550
mydestination = MY.EXCHANGE.LOCAL, MY.DOMAIN.DE
mydomain = MY.DOMAIN.DE
myhostname = MY-HOST.DOMAIN.DE
mynetworks = 127.0.0.0/8, 192.YYY.YYY.YYY/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
plaintext_reject_code = 550
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
reject_code = 554
relay_domains = MY.DOMAIN.DE
relay_domains_reject_code = 550
relay_recipient_maps = hash:/etc/postfix/relay_recipients
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_data_done_timeout = 300s
smtp_data_xfer_timeout = 60s
smtp_dns_support_level = dnssec
smtp_helo_timeout = 10s
smtp_mail_timeout = 60s
smtp_quit_timeout = 60s
smtp_rcpt_timeout = 60s
smtp_rset_timeout = 10s
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_starttls_timeout = 60s
smtp_tls_cert_file = /etc/postfix/zerti/KEY-NAME.pem
smtp_tls_exclude_ciphers = EXPORT,aNULL, DES, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2, RC4
smtp_tls_key_file = /etc/postfix/zerti/KEY-NAME.pem
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, reject_invalid_hostname, check_client_access hash:/etc/postfix/smtpd_access, check_client_access hash:/etc/postfix/sld_access, check_client_access hash:/etc/postfix/tld_access, check_client_access hash:/etc/postfix/tld_new_access, regexp:/etc/postfix/ptr.cf, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client dnsbl.inps.de, reject_multi_recipient_bounce, sleep 1, reject_unauth_pipelining, permit
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
smtpd_error_sleep_time = 10
smtpd_hard_error_limit = 3
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unauth_pipelining, check_helo_access hash:/etc/postfix/helo_access, reject_unknown_helo_hostname, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit_mynetworks, check_helo_access hash:/etc/postfix/sld_access, check_helo_access hash:/etc/postfix/tld_access, regexp:/etc/postfix/helo.cf, permit
smtpd_junk_command_limit = 2
smtpd_recipient_restrictions = reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit
smtpd_sasl_auth_enable = no
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous ,noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, check_sender_access hash:/etc/postfix/sld_access, check_sender_access hash:/etc/postfix/tld_access, permit
smtpd_soft_error_limit = 1
smtpd_starttls_timeout = 60s
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/zerti/KEY-NAME.pem
smtpd_tls_ciphers = high
smtpd_tls_dh2048_param_file = /etc/postfix/zerti/KEY-NAME.pem
smtpd_tls_dh512_param_file = /etc/postfix/zerti/KEY-NAME.pem
smtpd_tls_eecdh_grade = ultra
smtpd_tls_exclude_ciphers = EXPORT,aNULL ,DES, LOW, MD5, SEED, IDEA, RC2, RC4
smtpd_tls_key_file = /etc/postfix/zerti/KEY-NAME.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtputf8_enable = yes
soft_bounce = no
strict_rfc821_envelopes = yes
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_high_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!DES:!SSLv2:!MD5:!SSLV3:!3DES:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
tls_preempt_cipherlist = yes
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 550
unverified_recipient_reject_reason = Recipient address lookup failed
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual


Dazu noch das Log nach einem "postmap relay_recipients" und "postfix stop/start":

Aug 17 08:00:47 MY-HOST postfix/smtpd[16145]: Anonymous TLS connection established from extern.domain.de[212.ZZZ.ZZZ.ZZZ]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Aug 17 08:00:47 MY-HOST postfix/smtpd[16145]: 25CAE1CA04A: client=extern.domain.de[212.ZZZ.ZZZ.ZZZ]
Aug 17 08:00:47 MY-HOST postfix/cleanup[16149]: 25CAE1CA04A: message-id=<8A436E6F-5C71-4D3B-B5A6-44C1B6511CD6 at extern.domain.de>
Aug 17 08:00:47 MY-HOST postfix/qmgr[16134]: 25CAE1CA04A: from=<User.Extern at extern.domain.de>, size=3396, nrcpt=1 (queue active)
Aug 17 08:00:47 MY-HOST amavis[5137]: (05137-20) LMTP :10024 /var/amavis/tmp/amavis-20170817T033248-05137-3vdv0b8t: <User.Extern at extern.domain.de> -> <User.domain at my.domain.de> SIZE=3396 Received: from my.domain.de ([127.0.0.1]) by localhost (aliashostname.my.domain.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP for <User.domain at my.domain.de>; Thu, 17 Aug 2017 08:00:47 +0200 (CEST)
Aug 17 08:00:47 MY-HOST postfix/smtpd[16145]: disconnect from extern.domain.de[212.ZZZ.ZZZ.ZZZ] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Aug 17 08:00:47 MY-HOST amavis[5137]: (05137-20) Checking: Y2Uw4u53Geq0 [212.ZZZ.ZZZ.ZZZ] <User.Extern at extern.domain.de> -> <User.domain at my.domain.de>
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) spam-tag, <User.Extern at extern.domain.de> -> <User.domain at my.domain.de>, No, score=-1.919 required=3 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Aug 17 08:00:48 MY-HOST postfix/smtpd[16152]: connect from localhost[127.0.0.1]
Aug 17 08:00:48 MY-HOST postfix/smtpd[16152]: 1EDFE1CA051: client=localhost[127.0.0.1], orig_queue_id=25CAE1CA04A, orig_client=extern.domain.de[212.ZZZ.ZZZ.ZZZ]
Aug 17 08:00:48 MY-HOST postfix/cleanup[16149]: 1EDFE1CA051: message-id=<8A436E6F-5C71-4D3B-B5A6-44C1B6511CD6 at extern.domain.de>
Aug 17 08:00:48 MY-HOST postfix/smtpd[16152]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Aug 17 08:00:48 MY-HOST postfix/qmgr[16134]: 1EDFE1CA051: from=<User.Extern at extern.domain.de>, size=4119, nrcpt=1 (queue active)
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) Y2Uw4u53Geq0 FWD from <User.Extern at extern.domain.de> -> <User.domain at my.domain.de>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1EDFE1CA051
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) Passed CLEAN {RelayedInbound}, [212.ZZZ.ZZZ.ZZZ]:63532 [88.134.178.250] <User.Extern at extern.domain.de> -> <User.domain at my.domain.de>, Queue-ID: 25CAE1CA04A, Message-ID: <8A436E6F-5C71-4D3B-B5A6-44C1B6511CD6 at extern.domain.de>, mail_id: Y2Uw4u53Geq0, Hits: -1.919, size: 3396, queued_as: 1EDFE1CA051, 892 ms
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) TIMING-SA [total 815 ms, cpu 330 ms] - parse: 1.08 (0.1%), extract_message_metadata: 12 (1.4%), get_uri_detail_list: 4.8 (0.6%), tests_pri_-1000: 19 (2.4%), tests_pri_-950: 0.77 (0.1%), tests_pri_-900: 0.73 (0.1%), tests_pri_-400: 18 (2.2%), check_bayes: 17 (2.1%), b_tokenize: 6 (0.7%), b_tok_get_all: 4.7 (0.6%), b_comp_prob: 4.1 (0.5%), b_tok_touch_all: 0.45 (0.1%), b_finish: 0.51 (0.1%), tests_pri_0: 711 (87.3%), check_spf: 0.20 (0.0%), check_dkim_signature: 0.49 (0.1%), check_dkim_adsp: 2.3 (0.3%), check_razor2: 630 (77.4%), check_pyzor: 0.13 (0.0%), tests_pri_500: 3.8 (0.5%), learn: 35 (4.3%), b_learn: 31 (3.8%), b_count_change: 16 (2.0%), get_report: 1.02 (0.1%)
Aug 17 08:00:48 MY-HOST postfix/lmtp[16150]: 25CAE1CA04A: to=<User.domain at my.domain.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=1, delays=0.1/0.01/0/0.89, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1EDFE1CA051)
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) size: 3396, TIMING [total 896 ms, cpu 353 ms, AM-cpu 23 ms, SA-cpu 330 ms] - SMTP greeting: 1.4 (0%)0, SMTP LHLO: 0.6 (0%)0, SMTP pre-MAIL: 0.7 (0%)0, SMTP MAIL: 0.8 (0%)0, SMTP pre-DATA-flush: 1.3 (0%)1, SMTP DATA: 38 (4%)5, check_init: 0.4 (0%)5, digest_hdr: 0.5 (0%)5, digest_body: 0.1 (0%)5, collect_info: 1.9 (0%)5, check_header: 1.0 (0%)5, AV-scan-1: 8 (1%)6, spam-wb-list: 0.5 (0%)6, SA msg read: 0.5 (0%)6, SA parse: 1.4 (0%)6, SA check: 811 (91%)97, decide_mail_destiny: 5 (1%)97, notif-quar: 0.3 (0%)97, fwd-connect: 11 (1%)99, fwd-xforward: 0.5 (0%)99, fwd-mail-pip: 1.6 (0%)99, fwd-rcpt-pip: 0.2 (0%)99, fwd-data-chkpnt: 0.0 (0%)99, write-header: 0.4 (0%)99, fwd-data-contents: 0.1 (0%)99, fwd-end-chkpnt: 1.6 (0%)99, prepare-dsn: 0.5 (0%)99, report: 0.9 (0%)99, main_log_entry: 3.5 (0%)100, update_snmp: 1.8 (0%)100, SMTP pre-response: 0.2 (0%)100, SMTP response: 0.1 (0%)100, unlink-1-files: 0.1 (0%)100, rundown: 0.7 (0%)100
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) size: 3396, RUSAGE minflt=24+0, majflt=0+0, nswap=0+0, inblock=0+0, oublock=2056+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=148+0, nivcsw=6+0, maxrss=97860+0, ixrss=0+0, idrss=0+0, isrss=0+0, utime=0.340+0.000, stime=0.013+0.000
Aug 17 08:00:48 MY-HOST amavis[5137]: (05137-20) Requesting process rundown after 20 tasks (and 20 sessions)
Aug 17 08:00:48 MY-HOST postfix/qmgr[16134]: 25CAE1CA04A: removed
Aug 17 08:00:48 MY-HOST amavis[23904]: sd_notify (no socket): STATUS=Starting child process(es), ready for work.
Aug 17 08:00:48 MY-HOST postfix/smtp[16153]: 1EDFE1CA051: to=<User.domain at my.domain.de>, relay=192.YYY.YYY.YYY[192.YYY.YYY.YYY]:25, delay=0.07, delays=0/0.01/0/0.05, dsn=2.6.0, status=sent (250 2.6.0  <8A436E6F-5C71-4D3B-B5A6-44C1B6511CD6 at extern.domain.de> Queued mail for delivery)
Aug 17 08:00:48 MY-HOST postfix/qmgr[16134]: 1EDFE1CA051: removed

<Bist Du ganz sicher, dass die Adresse, an die die Mails weiterhin durchgelassen werden,nicht noch an anderer Stelle steht, z.B. hier: virtual_alias_maps?>
In den "virtual" wie auch anderen Listen liegt dieser Empfänger wirklich niergends drin. 

<Wegen smtpd_reject_unlisted_recipient (default: yes)>
<wird normalerweise alles, was u.a. nicht in relay_recipient_maps matcht, rejected.>
Der ignoriert die Liste total, habe ich das Gefühl. Oder ist das ein caching Thema, aber nach einem Postfix stop/start sollte dieser doch wieder davon befreit sein, oder?

VG & Danke für eure Hilfe :)



Mehr Informationen über die Mailingliste Postfixbuch-users