我有一个这样的后缀设置:
__________ +-----+ |F| +-----+
__( )____ / /| |I| / /|
(___ ( ___) / / | |R| / / |
_( Internet ) <=====> +-----+ | <==|E|==> +-----+ |
(___, ) _) | M | | |W| | H | |
(_________) | A | + |A| | O | +
| I | / |L| | S | /
| L |/ |L| | T |/
+--+--+ | | +-----+
我现在已经配置好将电子邮件从 中继mail到host。这是postconf -non的输出mail:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
message_size_limit = 41943040
mydestination =
myhostname = example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 203.0.113.190
readme_directory = no
recipient_delimiter = +
relay_domains = host.example.com, example.com, example.org,
relayhost = [host.example.com]:587
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination,
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext,
smtpd_sasl_tls_security_options = noanonymous,
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5,
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3,
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_preempt_cipherlist = yes
这非常有效 - 我可以从 gmail 和其他提供商发送邮件,并且它们正确地在我的邮箱中结束host。
但是,当我尝试从 发送电子邮件时,我host很确定它正在尝试将电子邮件从. 我在日志中看到了这一点:mailhosthost
Dec 28 16:44:28 host postfix/submission/smtpd[29743]: warning: hostname mail2.example.com does not resolve to address 203.0.113.14: Name or service not known
Dec 28 16:44:28 host postfix/submission/smtpd[29743]: connect from unknown[203.0.113.14]
Dec 28 16:44:28 host postfix/submission/smtpd[29743]: Anonymous TLS connection established from unknown[203.0.113.14]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 28 16:44:28 host postfix/submission/smtpd[29743]: NOQUEUE: reject: RCPT from unknown[203.0.113.14]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<example.com>
Dec 28 16:44:28 host postfix/submission/smtpd[29743]: disconnect from unknown[203.0.113.14]
然后mail我得到这些日志:
Dec 28 16:54:27 mail postfix/smtp[17899]: Untrusted TLS connection established to host.example.com[203.0.113.190]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 28 16:54:28 mail postfix/smtp[17899]: 7B6A620FFB: to=<[email protected]>, relay=host.example.com[203.0.113.190]:587, delay=1064, delays=1063/0.01/0.71/0.08, dsn=4.7.1, status=deferred (host host.example.com[203.0.113.190] said: 454 4.7.1 <[email protected]>: Relay access denied (in reply to RCPT TO command))
上host,这是我的postconf -n输出:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
message_size_limit = 41943040
mydestination = host, host.example.com, example.com
myhostname = host.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relay_domains = $mydestination
relayhost = example.com:587
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination,
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext,
smtpd_sasl_tls_security_options = noanonymous,
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5,
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3,
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_preempt_cipherlist = yes
postconf: warning: /etc/postfix/main.cf: unused parameter: compatibility_level=2
基本上我想要的:
开host或mail:
- 如果电子邮件发送到
wayne@host,wayne@mail,[email protected],[email protected],[email protected]我希望将其发送给 `host. - 如果电子邮件被发送到其他任何地方-
[email protected]、[email protected]或[email protected]它碰巧在的任何地方 - 我想host通过 中继mail,并且我想mail将电子邮件发送到它应该发送到的任何服务器。
如何配置后缀以正确执行此操作?
事实证明这比我预期的要容易得多。在relay_transport的文档中找到了线索:
(强调我的)
我想翻转它 - 我希望收件人域首先出现,然后是中继主机。由于文档说我可以查看 transport(5) 表,这就是我所做的。我发现了这个花絮:
那看起来很有希望。如果我理解正确,这意味着我可以使用
smtp:host.example.com:587as mylocal_transport和 usemydestination而不是relay_domains. 你猜怎么着?有效!所以而不是:
我刚有
它完全按预期工作,成功!