AbcLinuxu:/ Poradna / Linuxová poradna / IredAdmin, postfix

Štítky: ad, data, Debian, distribuce, doména, domény, dovecot, e-mail, For, Internet, IPv4, login, mail, MTA, net, Postfix, server, SMTP, SSL, TLS

Dotaz: IredAdmin, postfix

5.10.2015 06:49 NoXO
IredAdmin, postfix

Přečteno: 506×

Odpovědět | Admin

Zdravím,

prosím, potřebuji trošku nakopnout, používám už dlouhodobě iredadmina s připojenýma schránkama přes AD.

Zjistil jsem však, rozdílnost v chování domén, původní doména.net funguje podle představ (ldap server iredadmina), ale virtuální doména.cz (ad) se chová jinak.

Když posílám email s domény.net, tak po mě smtp vyžaduje autentifikaci, ale u domény.cz ji po mě můj smtp nechce, což je pro mě nežádoucí. (Posílám s venku mimo mynetworks)

Doména.cz projde amavisem, podepíše se dkimem ..., ale nevím kde ji připsat, aby po mě postfix vyžadoval autentifikaci před odesláním.

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 srv-mx1.xx.cz ESMTP Postfix (Debian/GNU)
SMTP -> FROM SERVER: 
250-srv-mx1.xx.cz
250-PIPELINING
250-SIZE 25000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: user@xx.cz
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: user@xx.cz
SMTP -> FROM SERVER:
250 2.1.5 Ok
Sending Mail Message Body...
SMTP -> FROM SERVER:
354 End data with .
SMTP -> FROM SERVER:
250 2.0.0 Ok: queued as 09F667F497
Message completed successfully.

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 srv-mx1.xx.cz ESMTP Postfix (Debian/GNU)
SMTP -> FROM SERVER: 
250-srv-mx1.xx.cz
250-PIPELINING
250-SIZE 25000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: user@xx.net
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: user@xx.cz
SMTP -> FROM SERVER:
553 5.7.1 : Sender address rejected: not logged in
SMTP -> ERROR: RCPT not accepted from server: 553 5.7.1 : Sender address rejected: not logged in

Message sending failed.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters

#smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
#smtpd_tls_key_file = /etc/ssl/private/iRedMail.key

smtpd_tls_cert_file = /etc/ssl/certs/xx.pem
smtpd_tls_key_file = /etc/ssl/private/_.xx.key
smtpd_tls_CAfile = /etc/ssl/certs/certum_dv_sha2.cer
smtpd_tls_CApath = /etc/ssl/certs
#mime_header_checks = regexp:/etc/postfix/mime_header_checks.pcre
#header_checks = pcre:/etc/postfix/header_checks.pcre


smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = srv-mx1.xx.cz
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
myorigin = srv-mx1.xx.cz
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
relayhost =
#mynetworks = 127.0.0.0/8, 10.0.0.180/32
mynetworks = 127.0.0.0/8 10.0.0.0/8 178.xx.xx.0/28 172.16.0.0/12
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
virtual_alias_domains = 
allow_percent_hack = no
swap_bangpath = no
mydomain = xx.net
mynetworks_style = host
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtp_tls_security_level = may
smtp_tls_CAfile = $smtpd_tls_CAfile
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
delay_warning_time = 0h
maximal_queue_lifetime = 4h
bounce_queue_lifetime = 4h
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
queue_run_delay = 300s
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
enable_original_recipient = no
disable_vrfy_command = yes
home_mailbox = Maildir/
allow_min_user = no
message_size_limit = 25000000
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/ad_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/ad_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf, proxy:ldap:/etc/postfix/ldap/ad_virtual_mailbox_maps.cf
sender_bcc_maps = 
recipient_bcc_maps = 
relay_domains = 
#
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap/ad_sender_login_maps.cf
smtpd_sasl_auth_enable = yes
#
smtpd_sasl_local_domain = xx.cz
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = no
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_tls_security_level = may
smtpd_tls_loglevel = 0

#smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem

tls_random_source = dev:/dev/urandom
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = ./dovecot-auth
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1
relay_recipient_maps =

Nástroje: Začni sledovat (0) ?

Odpovědi

5.10.2015 08:46 NoXO
Rozbalit Rozbalit vše Re: IredAdmin, postfix

zjistil jsem, že problém s odesíláním nastává jen u aliasu, u plného jména chce rovněž smtp ověření.

5.10.2015 10:07 dan
Rozbalit Rozbalit vše Re: IredAdmin, postfix

ja tam mam

local_recipient_maps = unix:passwd.byname $alias_maps

mozno to chyba

5.10.2015 13:08 NoXO
Rozbalit Rozbalit vše Re: IredAdmin, postfix

já lokální schránky nemám, všechno jsou virtuální domény.

vidím problém někde v tomto:

http://www.iredmail.org/docs/allow.certain.users.to.send.email.as.different.user.html

Založit nové vlákno • Nahoru

Tiskni Sdílej: