Estoy probando mi configuración de PostFix enviando correos electrónicos desde mi cuenta de Gmail a una cuenta en un dominio virtual. La respuesta de Postfix es invariablemente:
NOQUEUE: reject: RCPT from mail-lb0-f177.google.com[209.85.217.177]: 454 4.7.1 <mailATbrokkr.net>: Relay access denied; from=<madspayATgmail.com> to=<mailATbrokkr.net> proto=ESMTP helo=<mail-lb0-f177.google.com>
Aquí está el archivo de configuración main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/nginx/certs/madsmide_ssl-unified.crt
smtpd_tls_key_file = /etc/nginx/certs/madsmide_ssl.key
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# host configuration
myhostname = mail.madsmi.de
#myorigin = /etc/mailname
mydomain = madsmi.de
myorigin = $mydomain
# Local domain mapping
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
#mydestination = localhost
mydestination =
# Virtal domain mapping
virtual_mailbox_domains = hash:/etc/postfix/my_virtual_mailbox_domains
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/my_virtual_mailbox_maps
virtual_uid_maps = static:128
virtual_gid_maps = static:142
#virtual_alias_maps = hash:/etc/postfix/virtual
# Unknown
#relayhost =
mailbox_size_limit = 1000000000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
Aquí está el archivo my_virtual_mailbox_domains:
madsmi.de
#madskas.dk
brokkr.net
y el archivo my_virtual_mailbox_maps:
mailATmadsmi.de madsmi.de/mail/
mailATbrokkr.net brokkr.net/mail/
Aquí hay un registro de depuración más detallado de un intento de conexión:
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: send attr request = seed
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: send attr size = 32
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: private/tlsmgr: wanted attribute: status
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: input attribute name: status
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: input attribute value: 0
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: private/tlsmgr: wanted attribute: seed
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: input attribute name: seed
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: input attribute value: h+12lK71F0Vgl8z8GN3zJmF2Sgcja/Y7rqFz1BV4raw=
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: private/tlsmgr: wanted attribute: (list terminator)
Jun 20 22:59:09 THEMINT postfix/smtpd[10294]: input attribute name: (end)
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: < mail-lb0-f180.google.com[209.85.217.180]: EHLO mail-lb0-f180.google.com
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_list_match: mail-lb0-f180.google.com: no match
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_list_match: 209.85.217.180: no match
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-mail.madsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-PIPELINING
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-SIZE 10240000
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-VRFY
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-ETRN
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-ENHANCEDSTATUSCODES
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250-8BITMIME
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250 DSN
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: < mail-lb0-f180.google.com[209.85.217.180]: MAIL FROM:<madspayATgmail.com> SIZE=4079
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: extract_addr: input: <madspayATgmail.com>
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: smtpd_check_addr: addr=madspayATgmail.com
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: ctable_locate: move existing entry key madspayATgmail.com
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: extract_addr: in: <madspayATgmail.com>, result: madspayATgmail.com
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: smtpd_check_rewrite: trying: permit_inet_interfaces
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: permit_inet_interfaces: mail-lb0-f180.google.com 209.85.217.180
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: fsspace: .: block size 4096, blocks free 37725053
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: smtpd_check_queue: blocks 4096 avail 37725053 min_free 0 msg_size_limit 10240000
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 250 2.1.0 Ok
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: < mail-lb0-f180.google.com[209.85.217.180]: RCPT TO:<mailATmadsmi.de>
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: extract_addr: input: <mailATmadsmi.de>
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: smtpd_check_addr: addr=mailATmadsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: ctable_locate: move existing entry key mailATmadsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: extract_addr: in: <mailATmadsmi.de>, result: mailATmadsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: >>> START Recipient address RESTRICTIONS <<<
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: name=permit_mynetworks
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: permit_mynetworks: mail-lb0-f180.google.com 209.85.217.180
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostname: mail-lb0-f180.google.com ~? 127.0.0.0/8
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostaddr: 209.85.217.180 ~? 127.0.0.0/8
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostname: mail-lb0-f180.google.com ~? [::ffff:127.0.0.0]/104
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostaddr: 209.85.217.180 ~? [::ffff:127.0.0.0]/104
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostname: mail-lb0-f180.google.com ~? [::1]/128
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostaddr: 209.85.217.180 ~? [::1]/128
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_list_match: mail-lb0-f180.google.com: no match
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_list_match: 209.85.217.180: no match
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: name=permit_mynetworks status=0
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: name=permit_sasl_authenticated
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: name=permit_sasl_authenticated status=0
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: name=defer_unauth_destination
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: reject_unauth_destination: mailATmadsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: permit_auth_destination: mailATmadsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: ctable_locate: leave existing entry key mailATmadsmi.de
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: NOQUEUE: reject: RCPT from mail-lb0-f180.google.com[209.85.217.180]: 454 4.7.1 <mailATmadsmi.de>: Relay access denied; from=<madspayATgmail.com> to=<mailATmadsmi.de> proto=ESMTP helo=<mail-lb0-f180.google.com>
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: name=defer_unauth_destination status=2
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: >>> END Recipient address RESTRICTIONS <<<
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 454 4.7.1 <mailATmadsmi.de>: Relay access denied
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: < mail-lb0-f180.google.com[209.85.217.180]: DATA
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 554 5.5.1 Error: no valid recipients
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: < mail-lb0-f180.google.com[209.85.217.180]: QUIT
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: > mail-lb0-f180.google.com[209.85.217.180]: 221 2.0.0 Bye
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostname: mail-lb0-f180.google.com ~? 127.0.0.0/8
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostaddr: 209.85.217.180 ~? 127.0.0.0/8
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostname: mail-lb0-f180.google.com ~? [::ffff:127.0.0.0]/104
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostaddr: 209.85.217.180 ~? [::ffff:127.0.0.0]/104
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostname: mail-lb0-f180.google.com ~? [::1]/128
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_hostaddr: 209.85.217.180 ~? [::1]/128
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_list_match: mail-lb0-f180.google.com: no match
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: match_list_match: 209.85.217.180: no match
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: send attr request = disconnect
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: send attr ident = smtp:209.85.217.180
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: private/anvil: wanted attribute: status
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: input attribute name: status
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: input attribute value: 0
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: private/anvil: wanted attribute: (list terminator)
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: input attribute name: (end)
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: disconnect from mail-lb0-f180.google.com[209.85.217.180]
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: master_notify: status 1
Jun 20 22:59:10 THEMINT postfix/smtpd[10294]: connection closed
Mi pregunta es: ¿Por qué se rechazan los correos? Por lo poco que puedo deducir del registro, o bien el remitente (google.com) falla o no se reconoce al destinatario (en este caso: correo electrónico en madsmi.de).
Si es el primero, estoy confundido acerca de por qué se aplican reglas de retransmisión cuando el host es el destino y no se le pide que envíe el correo sino que lo entregue. Si es el segundo, ¿por qué PostFix no puede ver el destinatario en virtual_mailbox_maps?
Respuesta1
El problema ocurre debido al "hash:" a continuación, elimínelo y pasará.
Mapeo de dominios virtuales
dominios_buzón_virtual = hash:/etc/postfix/mis_dominios_buzón_virtual
Respuesta2
mi destino no puede estar vacío. El servidor de correo no puede encontrar ningún destino para el correo porque este campo está vacío. En esencia NOQUEUE no tiene adónde ir. Lo configuraría en mydestination = 127.0.0.1 o incluso localhost debería funcionar bien. defer_unauth_destination significa que tampoco está configurado como servidor MX de respaldo. El único momento en el que mydestination debería estar vacío es si actúa como servidor MX de respaldo. En ese caso, necesita configurar Relayhost como el servidor para el que actúa como respaldo.
20 de junio 22:59:10 THEMINT postfix/smtpd[10294]: NOQUEUE: rechazar: RCPT de mail-lb0-f180.google.com[209.85.217.180]: 454 4.7.1: Acceso de retransmisión denegado; from= to= proto=ESMTP helo= 20 de junio 22:59:10 THEMINT postfix/smtpd[10294]: generic_checks: nombre=defer_unauth_destination status=2 20 de junio 22:59:10 THEMINT postfix/smtpd[10294]: >>> FINAL Dirección del destinatario RESTRICCIONES <<<