Postfix intenta buscar direcciones externas localmente

tag-icon tag-icon email postfix email-server
Postfix intenta buscar direcciones externas localmente

Actualmente estoy intentando configurar un servidor de correo usando postfix, dovecot, amavis, sqlite, etc.

Digamos que tengo: midominio.com y correo.midominio.com (puntos de registro MX aquí)

Al enviar un correo electrónico a una dirección de correo externa (digamos[correo electrónico protegido]), postfix intenta encontrar ese correo electrónico en la base de datos del buzón virtual. (Antes de configurar el sistema de correo virtual, podía enviar correo mediante el comando de correo).

/var/log/mail.log:

Sep 12 12:34:11 mail postfix/submission/smtpd[7695]: initializing the server-side TLS engine
Sep 12 12:34:11 mail postfix/submission/smtpd[7695]: connect from unknown[myhomeip]
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: setting up TLS connection from unknown[myhomeip]
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: unknown[myhomeip]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL:!LOW:!EXP:!MEDIUM:!ADH:!AECDH:!MD5:!DSS:!ECDSA:!3DES:!DES:!eNULL:!RC4:!CBC3-SHA:!PSK"
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:before SSL initialization
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:before SSL initialization
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: unknown[myhomeip]: Decrypting session ticket, key expiration: 1631442310
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:SSLv3/TLS read client hello
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:SSLv3/TLS write server hello
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:SSLv3/TLS write change cipher spec
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:TLSv1.3 write encrypted extensions
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:SSLv3/TLS write finished
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:TLSv1.3 early data
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:TLSv1.3 early data
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: SSL_accept:SSLv3/TLS read finished
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: unknown[myhomeip]: Reusing old session (RFC 5077 session ticket)
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: Anonymous TLS connection established from unknown[myhomeip]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: 502B781E4E: client=unknown[myhomeip], sasl_method=PLAIN, [email protected]
Sep 12 12:34:12 mail postfix/cleanup[7700]: 502B781E4E: message-id=<[email protected]>
Sep 12 12:34:12 mail postfix/qmgr[6826]: 502B781E4E: from=<[email protected]>, size=330, nrcpt=1 (queue active)
Sep 12 12:34:12 mail postfix/submission/smtpd[7695]: disconnect from unknown[myhomeip] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 commands=7
Sep 12 12:34:12 mail dovecot: imap([email protected])<7250><x83QYcnLPEhehlnC>: Connection closed (noop finished 0.207 secs ago) in=1695 out=5945 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=241 body_count=0 body_bytes=0
Sep 12 12:34:12 mail postfix/smtpd[7704]: initializing the server-side TLS engine
Sep 12 12:34:12 mail postfix/smtpd[7704]: connect from localhost[127.0.0.1]
Sep 12 12:34:12 mail postfix/smtpd[7704]: B4A9F81E73: client=localhost[127.0.0.1]
Sep 12 12:34:12 mail postfix/cleanup[7700]: B4A9F81E73: message-id=<[email protected]>
Sep 12 12:34:12 mail postfix/qmgr[6826]: B4A9F81E73: from=<[email protected]>, size=780, nrcpt=1 (queue active)
Sep 12 12:34:12 mail postfix/smtpd[7704]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 12 12:34:12 mail amavis[847]: (00847-08) Passed CLEAN {RelayedOpenRelay}, [myhomeip]:18412 [myhomeip] <[email protected]> -> <[email protected]>, Queue-ID: 502B781E4E, Message-ID: <[email protected]>, mail_id: thEgZdv5F-0T, Hits: 0.688, size: 330, queued_as: B4A9F81E73, 327 ms
Sep 12 12:34:12 mail postfix/lmtp[7701]: 502B781E4E: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.5, delays=0.14/0.01/0.01/0.34, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B4A9F81E73)
Sep 12 12:34:12 mail postfix/qmgr[6826]: 502B781E4E: removed
Sep 12 12:34:12 mail postfix/virtual[7705]: B4A9F81E73: to=<[email protected]>, relay=virtual, delay=0.06, delays=0/0.03/0/0.02, dsn=5.1.1, status=bounced (unknown user: "[email protected]")
Sep 12 12:34:12 mail postfix/cleanup[7700]: C2D3C81E74: message-id=<[email protected]>
Sep 12 12:34:12 mail postfix/qmgr[6826]: C2D3C81E74: from=<>, size=2692, nrcpt=1 (queue active)
Sep 12 12:34:12 mail postfix/bounce[7706]: B4A9F81E73: sender non-delivery notification: C2D3C81E74
Sep 12 12:34:12 mail postfix/qmgr[6826]: B4A9F81E73: removed
Sep 12 12:34:12 mail postfix/virtual[7705]: C2D3C81E74: to=<[email protected]>, relay=virtual, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Sep 12 12:34:12 mail postfix/qmgr[6826]: C2D3C81E74: removed
Sep 12 12:34:19 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=myhomeip, lip=myserverip, mpid=7712, TLS, session=<B00g5MnL7kdehlnC>

Observe el estado = usuario desconocido rebotado en la línea 33. También obtengo esto del demonio de correo: Código de diagnóstico: X-Postfix; usuario desconocido: "[correo electrónico protegido]"

Puedo recibir correo electrónico externo y puedo recibir/enviar correo electrónico si envío desde mi dominio a mi dominio.

Mi nombre de host es mail.midominio.com

Mi archivo de hosts:

127.0.0.1       localhost
127.0.1.1       mail.mydomain.com

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
myserverip    mydomain.com

Contenido de transporte SQL:

sqlite> SELECT * FROM transports;
mydomain.com|1001|virtual:

Salida de postconf -n:

append_dot_mydomain = no
biff = no
compatibility_level = 2
content_filter = lmtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mailbox_size_limit = 1024
masquerade_domains = $mydomain
mydestination = $mydomain, $myhostname, localhost.mydomain.com, localhost
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_exclude_ciphers = LOW, EXP
smtp_tls_loglevel = 2
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = reject_unknown_client_hostname
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/letsencrypt/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, 3DES, DES, eNULL, RC4, CBC3-SHA, PSK
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.com/privkey.pem
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_preempt_cipherlist = yes
tls_ssl_options = NO_RENEGOTIATION
transport_maps = sqlite:/etc/postfix/sqlite_transports_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /home/mail/
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf
virtual_uid_maps = static:1001

/etc/nombredecorreo contiene midominio.com

Contenido de master.cf:

smtp      inet  n       -       y       -       -       smtpd
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_wrappermode=no
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_recipient_restrictions=
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_tls_wrappermode=yes
lmtp-amavis unix -      -       -       -       2       lmtp
  -o lmtp_data_done_timeout=1200
  -o lmtp_send_xforward_command=yes
  -o max_use=20
127.0.0.1:10025 inet n  -       n       -       -       smtpd
  -o content_filter=
  -o mynetworks=127.0.0.0/8
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_delay_reject=no
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o smtpd_restriction_classes=
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
  -o local_header_rewrite_clients=
  -o smtpd_milters=
  -o local_recipient_maps=
  -o relay_recipient_maps=
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
  -o header_checks=regexp:/etc/postfix/header_checks
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Ya probé varias configuraciones de mydestination.

Gracias por tu ayuda !

Respuesta1

Postfix puede seleccionar virtualdominios que en realidad no se supone que debe manejar cuandouna de sus búsquedas devuelve un (cualquier) resultado cuando no debería: unfalso positivo.

Es probable transport_mapso virtual_mailbox_domains(por defecto, aplazar virtual_mailbox_maps). Has probado esta teoría siambossu dominio y uno que de hecho debería ser retransmitido producen resultados de una de sus búsquedas configuradas, por ejemplo, intente esto:

postmap -q [email protected] sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf
postmap -q [email protected] sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf
postmap -q @other.example sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf

postmap -q mydomain.example sqlite:/etc/postfix/sqlite_transports_maps.cf
postmap -q other.example sqlite:/etc/postfix/sqlite_transports_maps.cf

Si obtuvo resultados para ambos, observe atentamente la consulta, específicamente la WHEREcláusula con el marcador de posición (que comienza con %) ydetermine por qué devuelve más resultados para dominios que no ha incluido explícitamente en su base de datos.Devolver la clave misma o resultados estáticosescomún en Postfix por lo que no activa una advertencia... simplemente no es útil para su caso.

no he usadoAmavísde esta manera, pero creo que prevalecertransportaen Postfix no es necesario para casos de uso estándar como este. En su lugar, utilice el hecho de que Postfix comprobará el respectivotransporte_mailbox_domains realiza búsquedas para determinar qué dominios y buzones de correo se transportan y cómo.

Es posible que no necesite anular el transporte para esto y probablemente obtendrá una configuración más flexible y menos propensa a errores si enumera sus dominios virtuales en virtual_mailbox_domainslugar de transport_mapsy usa este último solo para anulaciones específicas.

información relacionada