553 5.7.1 Sender address rejected: not logged in

Alex JOST jost+lists at dimejo.at
Fr Nov 24 18:26:23 CET 2017


Am 24.11.2017 um 17:48 schrieb Andreas Günther:
> Hallo und guten Abend,
> 
> ich habe einen Gateway-Mailserver mit Postfix 2.11.3 auf Debian Jessie für
> mehrere Domains laufen. Auf einem Apache-Server mit Postfix 3.1.6 ist ein
> Smartrelay-Server eingerichtet, damit meine Typo3-Installationen (v8.7.8) per
> "sendmail -t -i" Formulare versenden können. Dazu habe ich noreply at example.de
> auf dem Gateway-Mailserver eingerichtet und die LocalConfiguration.php.
> 
> Der Versand vom Smartrelay-Server zum Gateway-Mailserver klappt auch. Nur
> Letzterer meldet dann:
> 
> "553 5.7.1<noreply at example.de>: Sender address rejected: not logged in (in
> reply to RCPT TO command)"
> Das habe ich insoweit so verstanden, dass, wenn man als Absender (Envelope
> From), eine Mail angibt welche auch ein Postfach auf dem Empfängersystem
> besitzt, Postfix die Mail ablehnt.
> 
> Wie kann ich das jetzt lösen? Wenn noreply at example.de nicht auf dem Mailserver
> existiert, dann wird die Mail vom Smartrelay-Server gar nicht akzeptiert.
> 
> Anbei meine main.cf:
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 1d
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> mailbox_size_limit = 0
> maximal_backoff_time = 1800s
> maximal_queue_lifetime = 1d
> message_size_limit = 26214400
> milter_default_action = accept
> milter_protocol = 6
> minimal_backoff_time = 300s
> mydestination = mail.example.de, localhost.example.de, localhost
> myhostname = mail.example.de
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.4/32
> myorigin = /etc/mailname
> non_smtpd_milters = inet:127.0.0.1:10040
> postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
> postscreen_access.cidr
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = drop
> postscreen_cache_cleanup_interval = 24h
> postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7
> dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5
> bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8
> dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3
> dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2
> dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8
> zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4
> zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3
> hostkarma.junkemailfilter.com=127.0.0.4*1
> hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
> [18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_ttl = 5m
> postscreen_greet_action = enforce
> postscreen_greet_banner = $smtpd_banner
> postscreen_greet_ttl = 2d
> postscreen_greet_wait = 3s
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
> $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
> $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
> $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
> $smtpd_sender_login_maps
> queue_run_delay = 300s
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf
> relay_recipient_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_maps.cf
> relayhost =
> smtp_header_checks = pcre:/etc/postfix/anonymize_headers.pcre
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> smtp_tls_cert_file = /etc/ssl/mail/mail.crt
> smtp_tls_key_file = /etc/ssl/mail/mail.key
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 10s
> smtpd_hard_error_limit = ${stress?1}${stress:5}
> smtpd_helo_required = yes
> smtpd_milters = inet:127.0.0.1:10040
> smtpd_proxy_timeout = 600s
> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
> reject_unknown_reverse_client_hostname, reject_unauth_destination,
> check_sender_access hash:/etc/postfix/sender_access
> smtpd_restriction_classes = z1_greylisting
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_path = private/auth_dovecot
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_sender_acl.cf, proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_maps.cf
> smtpd_sender_restrictions = reject_sender_login_mismatch, permit_mynetworks,
> reject_sender_login_mismatch, permit_sasl_authenticated,
> reject_unlisted_sender, reject_unknown_sender_domain

Ist Dein webserver in 'mynetworks' enthalten? Dann dürfte das Problem 
gelöst sein, wenn Du 'permit_mynetworks' vor 
'reject_sender_login_mismatch' setzt.


> smtpd_soft_error_limit = 3
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/private/mail.example.de.crt
> smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
> smtpd_tls_eecdh_grade = strong
> smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA
> smtpd_tls_key_file = /etc/ssl/private/mail.example.de.key
> smtpd_tls_loglevel = 1
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA
> +SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:
> +SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!
> ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
> proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/
> etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/
> sql/mysql_virtual_alias_domain_catchall_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_domains_maps.cf
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_minimum_uid = 104
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> virtual_uid_maps = static:5000
> z1_greylisting = permit_dnswl_client list.dnswl.org, check_policy_service
> inet:127.0.0.1:10023
> 
> Die master.cf:
> 
> smtp      inet  n       -       n       -       1       postscreen
> 
> smtpd      pass  -       -       n       -       -       smtpd
>    -o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
>    -o smtpd_proxy_filter=127.0.0.1:10025
>    -o smtpd_client_connection_count_limit=10
>    -o smtpd_proxy_options=speed_adjust
> 
> smtps    inet  n       -       n       -       -       smtpd
>    -o smtpd_tls_wrappermode=yes
>    -o
> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>    -o smtpd_proxy_filter=127.0.0.1:10025
>    -o smtpd_client_connection_count_limit=10
>    -o smtpd_proxy_options=speed_adjust
> 
> submission inet n       -       -       -       -       smtpd
>    -o
> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>    -o smtpd_proxy_filter=127.0.0.1:10025
>    -o smtpd_client_connection_count_limit=10
>    -o smtpd_proxy_options=speed_adjust
>    -o smtpd_enforce_tls=yes
>    -o smtpd_tls_security_level=encrypt
>    -o tls_preempt_cipherlist=yes
> 
> tlsproxy  unix  -       -       n       -       0       tlsproxy
> dnsblog   unix  -       -       n       -       0       dnsblog
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> proxywrite unix -       -       n       -       1       proxymap
> smtp      unix  -       -       -       -       -       smtp
> relay     unix  -       -       -       -       -       smtp
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> retry     unix  -       -       -       -       -       error
> discard   unix  -       -       -       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       -       -       -       lmtp
> anvil     unix  -       -       -       -       1       anvil
> scache    unix  -       -       -       -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $
> {nexthop} ${user} ${extension}
> mailman   unix  -       n       n       -       -       pipe
>    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>    ${nexthop} ${user}
> 127.0.0.1:10026 inet n - n - - smtpd
>    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>    -o smtpd_client_restrictions=
>    -o smtpd_helo_restrictions=
>    -o smtpd_sender_restrictions=
>    -o smtpd_recipient_restrictions=permit_mynetworks,reject
>    -o smtpd_data_restrictions=
>    -o mynetworks=127.0.0.0/8
>    -o receive_override_options=no_unknown_recipient_checks
>    -o smtpd_milters=inet:127.0.0.1:10040
> 
> 
> Das Log auf dem Smartrelay, dem Webserver bei Versenden einer Typo3-Testmail:
> Nov 24 17:18:03 apache2425 postfix/pickup[13062]: D6D8A6A: uid=33
> from=<noreply at it-example.com>
> Nov 24 17:18:03 apache2425 postfix/cleanup[13364]: D6D8A6A: message-
> id=<b629918ba945354e71cda898ebd7288a at project.it-example.com>
> Nov 24 17:18:03 apache2425 postfix/qmgr[12429]: D6D8A6A: from=<noreply at it-
> example.com>, size=937, nrcpt=1 (queue active)
> Nov 24 17:18:04 apache2425 postfix/smtp[13368]: D6D8A6A: to=<info at it-
> example.com>, relay=mail.example.de[187.54.78.28]:25, delay=0.48,
> delays=0.13/0.01/0.24/0.1, dsn=5.7.1, status=bounced (host
> mail.example.de[187.54.78.28] said: 553 5.7.1 <noreply at it-example.com>: Sender
> address rejected: not logged in (in reply to RCPT TO command))
> Nov 24 17:18:04 apache2425 postfix/cleanup[13364]: 400446B: message-
> id=<20171124161804.400446B at apache2425.it-example.com>
> Nov 24 17:18:04 apache2425 postfix/bounce[13369]: D6D8A6A: sender non-delivery
> notification: 400446B
> Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: 400446B: from=<>, size=3141,
> nrcpt=1 (queue active)
> Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: D6D8A6A: removed
> Nov 24 17:18:08 apache2425 postfix/smtp[13368]: 400446B: to=<noreply at it-
> example.com>, relay=mail.example.de[187.54.78.28]:25, delay=4,
> delays=0.06/0/0.02/3.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
> 58C3E121253)
> Nov 24 17:18:08 apache2425 postfix/qmgr[12429]: 400446B: removed
> 
> Das Log passend auf dem Mailserver:
> 
> Nov 24 17:18:03 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:
> 60636 to [192.168.1.2]:25
> Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60636
> Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: reject: RCPT from
> apache2.it-example.com[187.54.78.30]: 553 5.7.1 <noreply at it-example.com>:
> Sender address rejected: not logged in; from=<noreply at it-example.com>
> to=<info at it-example.com> proto=ESMTP helo=<apache2425.it-example.com>
> Nov 24 17:18:04 mail postfix/smtpd[4542]: disconnect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:
> 60638 to [192.168.1.2]:25
> Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60638
> Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: client=apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/smtpd[4543]: connect from localhost[127.0.0.1]
> Nov 24 17:18:04 mail postfix/smtpd[4543]: 58C3E121253:
> client=localhost[127.0.0.1], orig_client=apache2.it-example.com[187.54.78.30]
> Nov 24 17:18:04 mail spamd[2227]: spamd: got connection over /var/run/
> spamd.sock
> Nov 24 17:18:04 mail spamd[2227]: spamd: processing message
> <20171124161804.400446B at apache2425.it-example.com> for (unknown):113
> Nov 24 17:18:08 mail spamd[2227]: spamd: clean message (-1.1/3.0) for
> (unknown):113 in 3.7 seconds, 3345 bytes.
> Nov 24 17:18:08 mail spamd[2227]: spamd: result: . -1 -
> BAYES_00,HTML_MESSAGE,MPART_ALT_DIFF,URIBL_BLOCKED
> scantime=3.7,size=3345,user=(unknown),uid=113,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=/
> var/run/spamd.sock,mid=<20171124161804.400446B at apache2425.it-
> example.com>,bayes=0.000000,autolearn=no autolearn_force=no
> Nov 24 17:18:08 mail postfix/cleanup[4544]: 58C3E121253: message-
> id=<20171124161804.400446B at apache2425.it-example.com>
> Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signing table match for
> 'MAILER-DAEMON at apache2425.it-example.com'
> Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signature data
> Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: from=<>, size=3871,
> nrcpt=1 (queue active)
> Nov 24 17:18:08 mail postfix/smtpd[4542]: proxy-accept: END-OF-MESSAGE: 250
> 2.0.0 Ok: queued as 58C3E121253; from=<> to=<noreply at it-example.com>
> proto=ESMTP helo=<apache2425.it-example.com>
> Nov 24 17:18:08 mail postfix/smtpd[4542]: disconnect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:08 mail postfix/smtpd[4543]: disconnect from localhost[127.0.0.1]
> Nov 24 17:18:08 mail spamd[30677]: prefork: child states: II
> Nov 24 17:18:08 mail postfix/lmtp[4547]: 58C3E121253: to=<andreas at it-
> example.com>, orig_to=<noreply at it-example.com>, relay=mail.example.de[private/
> dovecot-lmtp], delay=4.2, delays=3.9/0.01/0/0.27, dsn=2.0.0, status=sent (250
> 2.0.0 <andreas at it-example.com> jxluD0BGGFrEEQAAvAY5HQ Saved)
> Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: removed
> 
> Ich würde mich über hilfreiche Antworten freuen.
> 
> Grüße
> 
> Andreas
> 

-- 
Alex JOST



Mehr Informationen über die Mailingliste Postfixbuch-users