Mailversand bei neuinstallierten Postfix nicht möglich

Klaus Tachtler klaus at tachtler.net
Di Feb 9 12:53:01 CET 2021 

Hallo Andreas,

> Hallo zusammen,
>
> ich bekomme beim Senden von einem Mailclient an meinen neuen Mailserver
> (Debian/Buster mit Postfix und Dovecot) mx2.example.tld folgende
> Fehlermeldung:
>
>
> Feb  9 12:06:10 mx2 postfix/postscreen[15181]: CONNECT from [93.195.93.185]:
> 58552 to [192.168.1.65]:25
> Feb  9 12:06:10 mx2 postfix/postscreen[15181]: PREGREET 25 after 0.02 from
> [93.195.93.185]:58552: EHLO stuttgart.localnet\r\n
> Feb  9 12:06:10 mx2 postfix/postscreen[15181]: DISCONNECT [93.195.93.185]:
> 58552

http://www.postfix.org/POSTSCREEN_README.html#before_220
Schau Dir da mal den Teil mit PREGREET test an.

Oder auch gerne:
https://dokuwiki.tachtler.net/doku.php?id=tachtler:postfix_centos_7_-_postscreen_einsetzen#postscreen_greet_action


> Und vom Webmailer auf demselben Server:
> Feb  9 12:06:54 mx2 postfix/submission/smtpd[15175]: connect from
> mx2.example.tld[192.168.1.65]
> Feb  9 12:06:54 mx2 postfix/submission/smtpd[15175]: Anonymous TLS connection
> established from mx2.example.tld[192.168.1.65]: TLSv1.2 with cipher DHE-RSA-
> CHACHA20-POLY1305 (256/256 bits)
> Feb  9 12:06:54 mx2 postfix/submission/smtpd[15175]: warning: SASL:  
> Connect to
> private/auth failed: No such file or directory
> Feb  9 12:06:54 mx2 postfix/submission/smtpd[15175]: fatal: no SASL
> authentication mechanisms
> Feb  9 12:06:55 mx2 postfix/master[15103]: warning: process /usr/lib/postfix/
> sbin/smtpd pid 15175 exit status 1

Da steht: fatal: no SASL authentication mechanisms

> Emails Abrufen über Client und Webmailer funktionieren dagegen.

Naja, das ist eben auch nicht senden, sonder holen - imap/pop3 ?!?

>
> Ich versuche gerade Rspamd anstelle von Amavis zu installieren.
> Anbei die Ausgabe von postconf -n:
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 1h
> broken_sasl_auth_clients = yes
> compatibility_level = 2
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> mailbox_size_limit = 0
> maximal_backoff_time = 15m
> maximal_queue_lifetime = 1h
> message_size_limit = 52428800
> milter_default_action = accept
> milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
> milter_protocol = 6
> minimal_backoff_time = 5m
> mua_client_restrictions = permit_mynetworks permit_sasl_authenticated reject
> mua_relay_restrictions = reject_non_fqdn_recipient
> reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated
> reject
> mua_sender_restrictions = permit_mynetworks reject_non_fqdn_sender
> reject_sender_login_mismatch permit_sasl_authenticated reject
> mydestination = mx.example.tld, localhost.example.tld, localhost
> myhostname = mx2.example.tld
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
> myorigin = /etc/mailname
> non_smtpd_milters = inet:localhost:11332
> plaintext_reject_code = 550
> postscreen_access_list = permit_mynetworks  
> cidr:/etc/postfix/postscreen_access
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = drop
> postscreen_cache_cleanup_interval = 24h
> postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
> postscreen_dnsbl_action = drop
> postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7
> dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5
> bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8
> dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3
> dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2
> dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8
> zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4
> zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3
> hostkarma.junkemailfilter.com=127.0.0.4*1
> hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
> [18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_ttl = 5m
> postscreen_greet_action = drop
> postscreen_greet_banner = $smtpd_banner
> postscreen_greet_ttl = 2d
> postscreen_greet_wait = 3s
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> proxy_read_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_sender_acl.cf,
> proxy:mysql:/etc/postfix/sql/mysql_tls_enforce_out_policy.cf, proxy:mysql:/
> etc/postfix/sql/mysql_tls_enforce_in_policy.cf, $local_recipient_maps
> $mydestination $virtual_alias_maps $virtual_alias_domains
> $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps
> $relay_domains $canonical_maps $sender_canonical_maps
> $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
> $smtpd_sender_login_maps
> queue_run_delay = 5m
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf
> relay_recipient_maps = proxy:mysql:/etc/postfix/sql/
> mysql_relay_recipient_maps.cf
> relayhost =
> sender_dependent_default_transport_maps = proxy:mysql:/etc/postfix/sql/
> mysql_tls_enforce_out_policy.cf
> smtp_dns_support_level = dnssec
> smtp_header_checks = pcre:/etc/postfix/submission_header_cleanup
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> smtp_tls_ciphers = high
> smtp_tls_loglevel = 1
> smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
> smtp_tls_protocols = !SSLv2, !SSLv3
> smtp_tls_security_level = dane
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname
> smtpd_client_restrictions = permit_mynetworks check_client_access hash:/etc/
> postfix/without_ptr reject_unknown_client_hostname
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 10s
> smtpd_hard_error_limit = ${stress?1}${stress:5}
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
> reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
> smtpd_milters = inet:localhost:11332
> smtpd_proxy_timeout = 600s
> smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/
> check_sender_access, permit_sasl_authenticated, permit_mynetworks,
> reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname,
> reject_unauth_destination
> smtpd_relay_restrictions = reject_non_fqdn_recipient
> reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination
> smtpd_restriction_classes = mua_sender_restrictions mua_client_restrictions
> mua_relay_restrictions
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_path = private/auth_dovecot
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_sender_acl.cf
> smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
> permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated,
> reject_unlisted_sender, reject_unknown_sender_domain
> smtpd_soft_error_limit = 3
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/live/mx2.example.tld/fullchain.pem
> smtpd_tls_ciphers = high
> smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams_2048.pem
> smtpd_tls_dh512_param_file = /etc/ssl/mail/dhparams_512.pem
> smtpd_tls_eecdh_grade = strong
> smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
> smtpd_tls_key_file = /etc/letsencrypt/live/mx2.example.tld/privkey.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
> smtpd_tls_mandatory_protocols = !SSLv3
> smtpd_tls_protocols = !SSLv3
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> tls_high_cipherlist =
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
> +CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!
> MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-
> SHA:AES128-SHA
> tls_preempt_cipherlist = yes
> tls_ssl_options = NO_COMPRESSION
> virtual_alias_maps =  
> proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
> proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/
> etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/
> sql/mysql_virtual_alias_domain_catchall_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_domains_maps.cf
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_minimum_uid = 104
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> virtual_uid_maps = static:5000
>
> Vielleicht könnt Ihr mir auf dei Sprünge helfen.
>
> Mit besten Grüßen
>
> Andreas

Grüße
Klaus.



-- 

---------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: https://www.tachtler.net
DokuWiki: https://dokuwiki.tachtler.net
---------------------------------------
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-keys
Dateigröße  : 3121 bytes
Beschreibung: Öffentlicher PGP-Schlüssel
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20210209/5c50fe3b/attachment.skr>

Mehr Informationen über die Mailingliste Postfixbuch-users