问题[email-server](server)

当我尝试在端口 587 上执行 telnet 时，当我输入“AUTH LOGIN”时，连接被关闭（“连接被外部主机关闭。”）并且我的 postfix 服务器中有以下日志：

May  1 09:42:48 ip-172-31-44-68 postfix/submission/smtpd[30858]: connect from mx-ll-171.5.1-121.dynamic.3bb.co.th[171.5.1.121]
May  1 09:42:55 ip-172-31-44-68 postfix/submission/smtpd[30858]: SSL_accept error from mx-ll-171.5.1-121.dynamic.3bb.co.th[171.5.1.121]: -1
May  1 09:42:55 ip-172-31-44-68 postfix/submission/smtpd[30858]: warning: TLS library problem: error:0A00010B:SSL routines::wrong version number:../ssl/record/ssl3_record.c:354:
May  1 09:42:55 ip-172-31-44-68 postfix/submission/smtpd[30858]: lost connection after STARTTLS from mx-ll-171.5.1-121.dynamic.3bb.co.th[171.5.1.121]
May  1 09:42:55 ip-172-31-44-68 postfix/submission/smtpd[30858]: disconnect from mx-ll-171.5.1-121.dynamic.3bb.co.th[171.5.1.121] starttls=0/1 commands=0/1

我更改了证书，我用于Let's encrypt此。

我如何进一步调查这个问题以找到真正的根本原因？

我在我的 Vultr 上设置了 Postfix Dovecot 电子邮件服务器。我从谷歌收到以下消息：

   gmail-smtp-in.l.google.com said: 550-5.7.1
     Our system has detected that
    550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
    550-5.7.1 records and authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=IPv6AuthError for more information 550
    5.7.1 . e2-20020a05622a110200b0041203888045si7330616qty.45 - gsmtp (in
    reply to end of DATA command)

所以我需要将反向 DNS 记录添加到我的 Vultr 中。我用谷歌搜索了如何做到这一点，它告诉我我可能需要一个host and value反向 DNS。然而，Vultr 页面显示如下， 所以反向 DNS 是可编辑的，但只有一个文本框。如何在一个文本框中同时添加名称和值？

我需要创建工单才能进行 PTR 记录吗？或者我实际上可以在这个文本框中创建反向 DNS？如果可以的话我应该输入什么？

这是我的 DNS 服务器配置，我不确定它对于反向 DNS 是否正确。

Type            Name             Data             TTL
TXT              @             mail.xxxx.com      1 hour

我试图确定这些电子邮件是否来自同一办公室或同一个人，但缺乏对 IP6 的深入了解以及对相同“子网前缀”含义的理解。

从电子邮件标题中，IP6 来自：

发件人 A：2a01:111:f403:7005::72f
发件人 B：2a01:111:f403:7005::609

我们可以从发件人那里确定得出什么结论？什么可以排除合理怀疑？

电子邮件标题上的 diffchecker 结果

我想离开我当前的电子邮件提供商，它也托管我的域，并在我的本地机器上设置一个 24/7 全天候运行的私人邮件服务器。

假设我有 4 个注册电子邮件地址[email protected], [email protected],[email protected]以及我在 IONOS 注册的域名在[email protected]哪里。example.com

我想使用我的 IONOS 域 DNS 配置并将example.comMX 服务器路由到我的本地计算机（可通过 DynDNS 域访问）。

1. 我是否必须调整我的电子邮件客户端配置以直接使用我的私人机器的邮件服务器，或者是否仍然可以使用并且imap.ionos.de他们将负责路由到我的本地机器，该本地机器在我的 DynDNS 域的 MX 记录中提供？
2. 设置这些后，我是否会遇到主要的黑名单和垃圾邮件标记问题，或者我的邮件地址是否仍会被列入白名单，因为它通过 imap/smtp.ionos.de 路由？

非常感谢。

我在一家德国公司工作，该公司每天向我们的客户发送数千封电子邮件。我们的员工通过 Microsoft 356 发送电子邮件，但系统不使用邮件服务器并通过 PHP sendmail 发送电子邮件，因此我们的许多电子邮件最终都进入了客户的垃圾邮件文件夹。我的问题是我们如何设置我们自己的邮件服务器并以这样一种方式配置它，以降低进入阻止列表的风险。rDNS、SPF、DKIM、SSL？

配置这些东西是否足够或是否有其他要求？不幸的是，我找不到确切的需求“列表”。

我有两台使用Exim的邮件服务器，一台专门接收邮件，一台专门发送邮件。

我如何计算服务器在一个月内发送了多少封电子邮件以及 Exim 在一个月内收到了多少封电子邮件？

我想使用 LoadBalancer 类型的服务在 GKE (Google Kubernetes) 上公开一个定制的邮件服务器。我能够在 DigitalOcean 的 Kubernetes 服务上执行此操作，但不能在 GKE 上执行此操作。

我读过谷歌正在阻止传出端口 25，但没有关于传入端口 25 的信息。

我已经尝试在另一个端口（例如 3000）上公开邮件服务，并且效果很好（使用 进行测试nc <EXTERNAL IP> 3000）。

有人可以阐明为什么传入端口 25 也会被阻止，或者是否需要以某种方式显式“打开”它？

我正在使用 Dovecot 2.2.33 运行 Ubuntu 邮件服务器，并且正在使用系统帐户：

passdb {
  driver = pam 

我有大约 100 个邮件用户。

我想强加每个用户的存储配额，但是 Dovecot docs on per-user quota configuration说：

Passwd userdb 不支持额外的字段。这就是为什么您不能直接将用户的配额限制设置为 passwd 文件。一种可能性是编写一个脚本，从另一个文件读取配额限制，将它们与 passwd 文件合并并生成另一个 passwd 文件，然后您可以将其与 Dovecot 的 Passwd 文件一起使用。

有没有人有这样一个脚本的例子？例如，我从文档中不清楚密码本身是如何处理的。或者是否有其他一些解决方法不需要迁移到虚拟用户设置来获得每个用户的配额？

我有一个邮件服务器，如果滥用，它必须从 Postfix 配置文件（main.cf）中删除“permit_mynetworks”。我只将它设置为允许 SASL autheniented 中继。但是现在，postfix 会拒绝任何外国收件人。有人可以告诉我有什么问题吗？提前致谢！

以下是配置：[main.cf]

# --------------------
# INSTALL-TIME CONFIGURATION INFORMATION
#
# location of the Postfix queue. Default is /var/spool/postfix.
queue_directory = /var/spool/postfix

# location of all postXXX commands. Default is /usr/sbin.
command_directory = /usr/sbin

# location of all Postfix daemon programs (i.e. programs listed in the
# master.cf file). This directory must be owned by root.
# Default is /usr/libexec/postfix
daemon_directory = /usr/lib/postfix/sbin

# location of Postfix-writable data files (caches, random numbers).
# This directory must be owned by the mail_owner account (see below).
# Default is /var/lib/postfix.
data_directory = /var/lib/postfix

# owner of the Postfix queue and of most Postfix daemon processes.
# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
# Default is postfix.
mail_owner = postfix

# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases

# full pathname of the Postfix mailq command.  This is the Sendmail-compatible
# mail queue listing command.
mailq_path = /usr/bin/mailq

# group for mail submission and queue management commands.
# This must be a group name with a numerical group ID that is not shared with
# other accounts, not even with the Postfix account.
setgid_group = postdrop

# external command that is executed when a Postfix daemon program is run with
# the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

debug_peer_level = 2

# --------------------
# CUSTOM SETTINGS
#

# SMTP server response code when recipient or domain not found.
unknown_local_recipient_reject_code = 550

# Do not notify local user.
biff = no

# Disable the rewriting of "site!user" into "user@site".
swap_bangpath = no

# Disable the rewriting of the form "user%domain" to "user@domain".
allow_percent_hack = no

# Allow recipient address start with '-'.
allow_min_user = no

# Disable the SMTP VRFY command. This stops some techniques used to
# harvest email addresses.
disable_vrfy_command = yes

# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
inet_protocols = all

# Enable all network interfaces.
inet_interfaces = all

#
# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CApath = /etc/ssl/certs

#
# Disable SSLv2, SSLv3
#
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3

smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3

lmtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

#
# Fix 'The Logjam Attack'.
#
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem

tls_random_source = dev:/dev/urandom

# Log only a summary message on TLS handshake completion — no logging of client
# certificate trust-chain verification errors if client certificate
# verification is not required. With Postfix 2.8 and earlier, log the summary
# message, peer certificate summary information and unconditionally log
# trust-chain verification errors.
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1

# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
# not require that clients use TLS encryption.
smtpd_tls_security_level = may

# Produce `Received:` message headers that include information about the
# protocol and cipher used, as well as the remote SMTP client CommonName and
# client certificate issuer CommonName.
# This is disabled by default, as the information may be modified in transit
# through other mail servers. Only information that was recorded by the final
# destination can be trusted.
#smtpd_tls_received_header = yes

# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext.
# References:
#   - http://www.postfix.org/TLS_README.html#client_tls_may
#   - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
smtp_tls_security_level = may

# Use the same CA file as smtpd.
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_note_starttls_offer = yes

# Enable long, non-repeating, queue IDs (queue file names).
# The benefit of non-repeating names is simpler logfile analysis and easier
# queue migration (there is no need to run "postsuper" to change queue file
# names that don't match their message file inode number).
enable_long_queue_ids = yes

# Reject unlisted sender and recipient
smtpd_reject_unlisted_recipient = no
smtpd_reject_unlisted_sender = no

# Header and body checks with PCRE table
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

# A mechanism to transform commands from remote SMTP clients.
# This is a last-resort tool to work around client commands that break
# interoperability with the Postfix SMTP server. Other uses involve fault
# injection to test Postfix's handling of invalid commands.
# Requires Postfix-2.7+.
smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre

# Relay restriction
smtpd_relay_restrictions =
        permit_sasl_authenticated,
        reject

# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_sasl_authenticated
    check_helo_access pcre:/etc/postfix/helo_access.pcre
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname

# Sender restrictions
smtpd_sender_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    check_sender_access pcre:/etc/postfix/sender_access.pcre
    reject

# Recipient restrictions
smtpd_recipient_restrictions =
    check_policy_service inet:127.0.0.1:7777
    permit_sasl_authenticated
    permit_mynetworks
    check_policy_service inet:127.0.0.1:12340
    reject_unauth_destination

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
    check_policy_service inet:127.0.0.1:7777

# Data restrictions
smtpd_data_restrictions = reject_unauth_pipelining

# SRS (Sender Rewriting Scheme) support
#sender_canonical_maps = tcp:127.0.0.1:7778
#sender_canonical_classes = envelope_sender
#recipient_canonical_maps = tcp:127.0.0.1:7779
#recipient_canonical_classes= envelope_recipient,header_recipient

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps

# Avoid duplicate recipient messages. Default is 'yes'.
enable_original_recipient = no

# Virtual support.
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail

# Do not set virtual_alias_domains.
virtual_alias_domains =

#
# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
#          be forced to submit email through port 587 instead.
#
smtpd_sasl_auth_enable = yes
smtpd_delay_reject = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_client_restrictions = permit_sasl_authenticated
broken_sasl_auth_clients = yes

# hostname
myhostname = mail.ads-network.top
myorigin = mail.ads-network.top
mydomain = mail.ads-network.top

# trusted SMTP clients which are allowed to relay mail through Postfix.
#
# Note: additional IP addresses/networks listed in mynetworks should be listed
#       in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
#       for example:
#
#       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
#
mynetworks = 127.0.0.1 [::1]

# Accepted local emails
mydestination = $myhostname, localhost, localhost.localdomain

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

# Default message_size_limit.
message_size_limit = 15728640

# The set of characters that can separate a user name from its extension
# (example: user+foo), or a .forward file name from its extension (example:
# .forward+foo).
# Postfix 2.11 and later supports multiple characters.
recipient_delimiter = +

# The time after which the sender receives a copy of the message headers of
# mail that is still queued. Default setting is disabled (0h) by Postfix.
#delay_warning_time = 1h

# Do not display the name of the recipient table in the "User unknown" responses.
# The extra detail makes trouble shooting easier but also reveals information
# that is nobody elses business.
show_user_unknown_table_name = no
compatibility_level = 2
#
# Lookup virtual mail accounts
#
transport_maps =
    proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf

sender_dependent_relayhost_maps =
    proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf

# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
smtpd_sender_login_maps =
    proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf

virtual_mailbox_domains =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf

relay_domains =
    $mydestination
    proxy:mysql:/etc/postfix/mysql/relay_domains.cf

virtual_mailbox_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
    proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
    proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
    proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf

sender_bcc_maps =
    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf

recipient_bcc_maps =
    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf

#
# Postscreen
#
postscreen_greet_action = drop
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_threshold = 2

# Attention:
#   - zen.spamhaus.org free tire has 3 limits
#     (https://www.spamhaus.org/organization/dnsblusage/):
#
#     1) Your use of the Spamhaus DNSBLs is non-commercial*, and
#     2) Your email traffic is less than 100,000 SMTP connections per day, and
#     3) Your DNSBL query volume is less than 300,000 queries per day.
#
#   - FAQ: "Your DNSBL blocks nothing at all!"
#     https://www.spamhaus.org/faq/section/DNSBL%20Usage#261
#
# It's strongly recommended to use a local DNS server for cache.
postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.2*2

postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr

# Require Postfix-2.11+
postscreen_dnsbl_whitelist_threshold = -2

#
# Dovecot SASL support.
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

#
# mlmmj - mailing list manager
#
mlmmj_destination_recipient_limit = 1

#
# Amavisd + SpamAssassin + ClamAV
#
content_filter = smtp-amavis:[127.0.0.1]:10024

# Concurrency per recipient limit.
smtp-amavis_destination_recipient_limit = 1000
relayhost = 

[master.cf]

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
smtp      inet  n       -       -       -       -       smtpd
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
#smtp       inet  n       -       -       -       -       smtpd
pickup     unix  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
cleanup    unix  n       -       n       -       0       cleanup
#qmgr     unix  n       -       n       300     1       oqmgr
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
relay      unix  -       -       n       -       -       smtp
    -o syslog_name=postfix/$service_name
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
postlog    unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# Other external delivery methods.
#
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R
    user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
    ${user} ${extension}

mailman    unix  -       n       n       -       -       pipe flags=FR
    user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
    ${user}
# Submission, port 587, force TLS connection.
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

# smtps, port 465, force SSL connection.
465 inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

# Use dovecot's `deliver` program as LDA.
dovecot unix    -       n       n       -       -      pipe
    flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

# mlmmj - mailing list manager
# ${nexthop} is '%d/%u' in transport ('mlmmj:%d/%u')
mlmmj   unix  -       n       n       -       -       pipe
    flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}

# Amavisd integration.
smtp-amavis unix -  -   n   -   4  smtp
    -o syslog_name=postfix/amavis
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

# smtp port used by Amavisd to re-inject scanned email back to Postfix
127.0.0.1:10025 inet n  -   n   -   -  smtpd
    -o syslog_name=postfix/10025
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

# smtp port used by mlmmj to re-inject scanned email back to Postfix, with
# address mapping support
127.0.0.1:10028 inet n  -   n   -   -  smtpd
    -o syslog_name=postfix/10028
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

此外，这是后缀报告的 DIAG：

Diagnostic-Code: smtp; 554 5.7.1 id=17953-16 - Rejected by next-hop MTA on
    relaying, from MTA(smtp:[127.0.0.1]:10025): 554 5.7.1
    <******@outlook.com>: Recipient address rejected: Access denied

我在我的服务器上运行我自己的 Postfix 实例来发送和接收信件。它被配置为拒绝来自“未知”主机的连接。没关系，我不会更改它以保持最小的垃圾邮件保护。

但是，这让我更难从本地机器发送信件，因为我使用的是 Windows 客户端 (TheBat)，而且我的机器位于没有主机名且也有动态 IP 的路由器之上。所以当我试图从本地机器发送信件时，Postfix 拒绝了。

为了解决这个问题，我会尝试在不同于 25 的端口上使用简单的代理之类的东西，这将允许我通过它发送信件。这个代理会将所有传入的信件重定向到 Postfix 端口 25，并且它会有一个主机名，所以 Postfix 不会拒绝信件。

这个模型会起作用吗？我不确定有没有更好的解决方案，因为我猜这个问题很流行。

谢谢！