NoMad's questions

我已将后缀配置为开放中继，以将邮件推送到 Office 365 SMTP 连接器。连接器配置为静态 IP 地址身份验证，工作正常。

当我尝试使用 telnet 发送邮件时，Office365 退回： host smtp.office365.com[40.101.125.210] said: 550 Relay access denied (in reply to RCPT TO command)

我是否需要在 O365 中设置特殊权限才能允许从连接器发送邮件？会不会有不允许这样做的规则？我不是 O365/Exchange 方面的专家...

我还测试了同一域 (mydomain.com) 和不同 FROM 地址上的其他收件人。该域在 O365 在线交换界面的“接受域”（mydomain.com - 授权）下列出，并且远程域中只有一个条目（默认 * = 允许所有远程域）。

编辑： main.cf 现在有正确的中继地址（relayhost 选项）。问题仍然存在。

以下是来自我的 SMTP 中继的更多详细信息：

/var/log/mail.log：

Jul 20 10:31:11 smtp postfix[4704]: Postfix is running with backwards-compatible default settings
Jul 20 10:31:11 smtp postfix[4704]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jul 20 10:31:11 smtp postfix[4704]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jul 20 10:31:12 smtp postfix/master[4741]: daemon started -- version 3.1.0, configuration /etc/postfix
Jul 20 10:31:18 smtp postfix/smtpd[4745]: connect from unknown[192.168.1.25]
Jul 20 10:31:49 smtp postfix/smtpd[4745]: 04D8E2E061E: client=unknown[192.168.1.25]
Jul 20 10:32:05 smtp postfix/cleanup[4749]: 04D8E2E061E: message-id=<20170720083149.04D8E2E061E@smtp>
Jul 20 10:32:05 smtp postfix/qmgr[4743]: 04D8E2E061E: from=<[email protected]>, size=328, nrcpt=1 (queue active)
Jul 20 10:32:05 smtp postfix/smtp[4750]: 04D8E2E061E: to=<[email protected]>, relay=smtp.office365.com[40.101.125.210]:25, delay=29, delays=29/0.01/0.12/0.01, dsn=5.0.0, status=bounced (host smtp.office365.com[40.101.125.210] said: 550 Relay access denied (in reply to RCPT TO command))
Jul 20 10:32:05 smtp postfix/cleanup[4749]: 641272E0635: message-id=<20170720083205.641272E0635@smtp>
Jul 20 10:32:05 smtp postfix/qmgr[4743]: 641272E0635: from=<>, size=2145, nrcpt=1 (queue active)
Jul 20 10:32:05 smtp postfix/bounce[4751]: 04D8E2E061E: sender non-delivery notification: 641272E0635
Jul 20 10:32:05 smtp postfix/qmgr[4743]: 04D8E2E061E: removed
Jul 20 10:32:05 smtp postfix/smtp[4750]: 641272E0635: to=<[email protected]>, relay=smtp.office365.com[40.101.61.114]:25, delay=0.01, delays=0/0/0/0, dsn=5.0.0, status=bounced (host smtp.office365.com[40.101.61.114] said: 550 Relay access denied (in reply to RCPT TO command))
Jul 20 10:32:05 smtp postfix/qmgr[4743]: 641272E0635: removed
Jul 20 10:32:09 smtp postfix/smtpd[4745]: disconnect from unknown[192.168.1.25] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

我的远程登录输入：

root@smtp:/etc/postfix# telnet 192.168.1.25 25
Trying 192.168.1.25...
Connected to 192.168.1.25.
Escape character is '^]'.
220 smtp ESMTP Postfix (Ubuntu)
EHLO localhost
250-smtp
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: [email protected]
250 2.1.0 Ok
RCPT TO: [email protected]
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Testmail
Test

.
250 2.0.0 Ok: queued as 921452E061E
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
inet_interfaces = 192.168.1.25
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = www.mydomain.com, $myhostname, smtp, localhost.localdomain, localhost
myhostname = smtp
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
myorigin = /etc/mailname    #mydomain.com
readme_directory = no
recipient_delimiter = +
relay_domains = static:ALL
relay_transport = relay
relayhost = smtp.office365.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Windows DNS Server 能否回退到它具有权威性的域的公共 DNS 记录？

Windows 域不遵循最佳做法，而是使用公共域名。DC 管理内部域 example.com 的 DNS，但公共 DNS 服务器上的 example.com 有各种子域，这些子域仍应在域内工作。

我可以添加静态记录以反映公共记录，但我必须在公共 DNS 和内部这两个地方手动更改它们。

如果本地域中没有配置记录，Windows DNS 是否可以只返回来自公共 NS 的结果？

示例：example.com 在像 namecheap 这样的公共注册商处注册，并使用 namecheap 名称服务器。内部 windows 域 example.com DNS 由 DC 管理，并且应该仍然能够解析本地主机，如 srvint.example.com，但不在内部域中的主机，如 www.example.com，必须从namecheap 名称服务器。

在运行 WSUS 的服务器上，是否HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer 应配置为 localhost/自身？

WSUS 是否尊重 Windows 更新服务的设置以进行同步，还是 WSUS 将使用单独的连接？

我正在 VoIP 环境中安装 SIP 电话。有 2 部系统电话可以正常工作（与 PBX 相同的制造商），第三部电话可以呼叫，但不能呼叫其他 2 部电话。

PBX 显示错误：“没有匹配的编解码器！呼叫被拒绝” 这是从第三部电话的角度来看的对话：

INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 192.168.0.14:5060;branch=z9hG4bK1040318360;rport
From: <sip:192.168.0.250>;tag=1540961770
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 160 INVITE
Contact: <sip:192.168.0.14:5060>
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2140 1.0.5.18
Privacy: none
P-Preferred-Identity: <sip:192.168.0.250>
Supported: replaces, path, timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length:   306

v=0
o=- 8000 8000 IN IP4 192.168.0.14
s=SIP Call
c=IN IP4 192.168.0.14
t=0 0
m=audio 5004 RTP/AVP 9 8 18 2 101
a=sendrecv
a=rtpmap:9 G722/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:2 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15


SIP/2.0 480 Temporarily not available
Via: SIP/2.0/UDP 192.168.0.14:5060;branch=z9hG4bK1040318360;rport=5060
From: <sip:192.168.0.250>;tag=1540961770
To: <sip:[email protected]>;tag=74C1BCB3775433109F0E49A014240025
Call-ID: [email protected]
CSeq: 160 INVITE
Content-Length: 0


ACK sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 192.168.0.14:5060;branch=z9hG4bK1040318360;rport
From: <sip:192.168.0.250>;tag=1540961770
To: <sip:[email protected]>;tag=74C1BCB3775433109F0E49A014240025
Call-ID: [email protected]
CSeq: 160 ACK
Content-Length: 0

但是来自来电：

INVITE sip:[email protected];transport=udp SIP/2.0
Via: SIP/2.0/UDP 192.168.0.250:5060;branch=z9hG4bKE85E5CC7F25533109F4949A014240025;rport
From: "Sys Tel 20" <sip:[email protected];user=phone>;tag=1E2DB6AE775433109F0C49A014240025
To: <sip:[email protected];user=phone>
Call-ID: 303F5CC7F25533109F4849A014240025
CSeq: 1 INVITE
Contact: <sip:[email protected]:5060;transport=udp>
Max-Forwards: 70
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, MESSAGE, SUBSCRIBE, UPDATE, PRACK, REFER
Supported: 100rel, replaces, timer
User-Agent: hybird_130j V.9.1 Rev. 10 (Patch 4) IPSec 
Alert-Info: <http://127.0.0.1>;info=alert-internal
Allow-Events: refer, message-summary, dialog
P-Asserted-Identity: "Sys Tel 20" <sip:[email protected];user=phone>
Session-Expires: 1800
Content-Type: application/sdp
Content-Length: 328

v=0
o=- 71 1 IN IP4 192.168.0.250
s=SIP call
c=IN IP4 192.168.0.250
t=0 0
m=audio 10848 RTP/AVP 0 8 18 2 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:2 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv


SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.250:5060;branch=z9hG4bKE85E5CC7F25533109F4949A014240025;rport=5060
From: "Sys Tel 20" <sip:[email protected];user=phone>;tag=1E2DB6AE775433109F0C49A014240025
To: <sip:[email protected];user=phone>
Call-ID: 303F5CC7F25533109F4849A014240025
CSeq: 1 INVITE
Supported: replaces, path, timer
User-Agent: Grandstream GXP2140 1.0.5.18
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Length: 0



SIP/2.0 180 Ringing
Via: SIP/2.0/UDP 192.168.0.250:5060;branch=z9hG4bKE85E5CC7F25533109F4949A014240025;rport=5060
From: "Sys Tel 20" <sip:[email protected];user=phone>;tag=1E2DB6AE775433109F0C49A014240025
To: <sip:[email protected];user=phone>;tag=471383942
Call-ID: 303F5CC7F25533109F4849A014240025
CSeq: 1 INVITE
Contact: <sip:192.168.0.14:5060>
Supported: replaces, path, timer
User-Agent: Grandstream GXP2140 1.0.5.18
Allow-Events: talk, hold
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Length: 0



SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.0.250:5060;branch=z9hG4bKE85E5CC7F25533109F4949A014240025;rport=5060
From: "Sys Tel 20" <sip:[email protected];user=phone>;tag=1E2DB6AE775433109F0C49A014240025
To: <sip:[email protected];user=phone>;tag=471383942
Call-ID: 303F5CC7F25533109F4849A014240025
CSeq: 1 INVITE
Contact: <sip:192.168.0.14:5060>
Supported: replaces, path, timer
User-Agent: Grandstream GXP2140 1.0.5.18
Session-Expires: 1800;refresher=uac
Require: timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Type: application/sdp
Content-Length:   306

请注意，两者都提供 PCMU/PCMA 和其他一些编解码器。为什么通话失败？

电话的 IP 是192.168.0.12和192.168.0.14，PBX 有192.168.0.250。