PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Postfix, Confixx, SASL, Recipient adress rejected



eff
08.02.06, 15:26
Hallo,

Ich frickel da jetzt schon Ewigkeiten rum und hab einfach den Durchblick verloren und sehe den Fehler nicht mehr. Wäre sehr dankbar wenn mir jemand der damit erfahren ist mal seine kurz weiterhilft.

Zum Problem: Ich wollte etwas ausprobieren, was nicht klappte und habe die main.cf wieder zurückgesetzt (hatte ich vorher gespeichert). Seit dem geht nichts mehr, amavis hatte sich zwischenzeitlich auch noch als Quelle herrausgestellt, der ist mir jetzt aber in Ermangelung von Zeit erstmal egal.
Ich kann keine Mails an z.B. web.de schicken (bekanntes Problem, aber überall steht was anderes und nichts hilft)

"Recipient adress rejected: Relay access denied"

System ist SuSE 9.0

postconf -n sagt:


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
mydestination = domain.tld, 127.0.0.1
mydomain = domain.tld
myhostname = domain.tld
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
program_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = $mydestination
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_auth_destination, check_relay_domains, permit_mynetworks, permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_use_tls = yes
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450


Das Problem aus /var/log/mail sieht so aus


host:/etc/postfix # cat /var/log/mail | grep 14:41:26
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: name_mask: host
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: mynetworks: 127.0.0.1/32 62.112.156.189/32 62.112.156.190/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: mynetworks ~? debug_peer_list
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: mynetworks ~? fast_flush_domains
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: mynetworks ~? mynetworks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: relay_domains ~? debug_peer_list
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: relay_domains ~? fast_flush_domains
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: relay_domains ~? mynetworks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: relay_domains ~? permit_mx_backup_networks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: relay_domains ~? qmqpd_authorized_clients
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: relay_domains ~? relay_domains
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: permit_mx_backup_networks ~? debug_peer_list
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: permit_mx_backup_networks ~? fast_flush_domains
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: permit_mx_backup_networks ~? mynetworks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: maps_append: proxy:unix:passwd.byname
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: connect to subsystem private/proxymap
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr request = open
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr table = unix:passwd.byname
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr flags = 64
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/proxymap socket: wanted attribute: status
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: status
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: 0
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/proxymap socket: wanted attribute: flags
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: flags
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: 80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/proxymap socket: wanted attribute: (list terminator)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: (end)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=0120
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: dict_open: proxy:unix:passwd.byname
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: maps_append: hash:/etc/aliases
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: dict_open: hash:/etc/aliases
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? debug_peer_list
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? fast_flush_domains
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? mynetworks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? permit_mx_backup_networks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? relay_domains
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_string: smtpd_access_maps ~? smtpd_access_maps
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_create: 0x808bf80 18000
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_stop: 0x808bf80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_start: 0x808bf80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: connection established
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: master_notify: status 0
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: name_mask: resource
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: name_mask: software
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: connect from i577B2464.*******.de[87.123.36.100]
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 220 server.tld ESMTP Postfix
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_pat: 0x808bf80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: < i577B2464.*******.de[87.123.36.100]: EHLO Pest.******.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250-server.tld
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250-PIPELINING
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250-SIZE 10240000
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250-VRFY
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250-ETRN
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostname: i577B2464.*******.de ~? 127.0.0.1/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostaddr: 87.123.36.100 ~? 127.0.0.1/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostname: i577B2464.*******.de ~? 62.112.156.189/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostaddr: 87.123.36.100 ~? 62.112.156.189/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostname: i577B2464.*******.de ~? 62.112.156.190/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostaddr: 87.123.36.100 ~? 62.112.156.190/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_list_match: i577B2464.*******.de: no match
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_list_match: 87.123.36.100: no match
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250 8BITMIME
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_pat: 0x808bf80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: < i577B2464.*******.de[87.123.36.100]: RSET
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250 Ok
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_pat: 0x808bf80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: < i577B2464.*******.de[87.123.36.100]: MAIL FROM:<myself@******.de>
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: extract_addr: input: <myself@******.de>
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: extract_addr: result: myself@******.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: fsspace: .: block size 4096, blocks free 8609911
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: smtpd_check_size: blocks 4096 avail 8609911 min_free 0 size 0
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: connect to subsystem public/cleanup
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: public/cleanup socket: wanted attribute: queue_id
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: queue_id
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: 37D04500F8
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: public/cleanup socket: wanted attribute: (list terminator)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: (end)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr flags = 2
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: 37D04500F8: client=i577B2464.*******.de[87.123.36.100]
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 250 Ok
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: watchdog_pat: 0x808bf80
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: < i577B2464.*******.de[87.123.36.100]: RCPT TO:<******@web.de>
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: extract_addr: input: <******@web.de>
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: extract_addr: result: ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: generic_checks: START
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: generic_checks: name=permit_mynetworks
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: permit_mynetworks: i577B2464.*******.de 87.123.36.100
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostname: i577B2464.*******.de ~? 127.0.0.1/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostaddr: 87.123.36.100 ~? 127.0.0.1/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostname: i577B2464.*******.de ~? 62.112.156.189/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostaddr: 87.123.36.100 ~? 62.112.156.189/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostname: i577B2464.*******.de ~? 62.112.156.190/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_hostaddr: 87.123.36.100 ~? 62.112.156.190/32
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_list_match: i577B2464.*******.de: no match
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: match_list_match: 87.123.36.100: no match
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: generic_checks: name=permit_mynetworks status=0
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: generic_checks: name=reject_unauth_destination
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: reject_unauth_destination: ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: permit_auth_destination: ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: connect to subsystem private/rewrite
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr request = rewrite
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr rule = canonicalize
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr address = ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: address
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: address
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: (list terminator)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: (end)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: rewrite_clnt: canonicalize: ******@web.de -> ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr request = resolve
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: send attr address = ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: transport
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: transport
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: smtp
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: nexthop
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: nexthop
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: recipient
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: recipient
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: flags
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: flags
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute value: 4096
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: private/rewrite socket: wanted attribute: (list terminator)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: input attribute name: (end)
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: resolve_clnt_query: `******@web.de' -> t=`smtp' h=`web.de' r=`******@web.de'
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: ctable_locate: install entry key ******@web.de
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: 37D04500F8: reject: RCPT from i577B2464.*******.de[87.123.36.100]: 554 <******@web.de>: Relay access denied; from=<myself@******.de> to=<******@web.de> proto=ESMTP helo=<Pest.******.de>
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: generic_checks: name=reject_unauth_destination status=2
Feb 8 14:41:26 1710-1 postfix/smtpd[19504]: > i577B2464.*******.de[87.123.36.100]: 554 <******@web.de>: Relay access denied




host:/etc/postfix # cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login DIGEST-MD5 CRAM-MD5 GSSAPI




host:/etc/postfix # cat /etc/sysconfig/saslauthd
SASLAUTHD_AUTHMECH=shadow




host:/etc/postfix # ps aux | grep sasl
root 16327 0.0 0.4 4136 1064 ? S 12:25 0:00 /usr/sbin/saslauthd -a shadow
root 16328 0.0 0.4 4136 1084 ? S 12:25 0:00 /usr/sbin/saslauthd -a shadow
root 16329 0.0 0.4 4136 1064 ? S 12:25 0:00 /usr/sbin/saslauthd -a shadow
root 16330 0.0 0.4 4136 1064 ? S 12:25 0:00 /usr/sbin/saslauthd -a shadow
root 16331 0.0 0.4 4136 1064 ? S 12:25 0:00 /usr/sbin/saslauthd -a shadow
root 19921 0.0 0.2 1764 556 pts/1 R 15:24 0:00 grep sasl

host:/etc/postfix # ps aux | egrep postfix
root 18039 0.0 0.5 4100 1308 ? S 14:03 0:00 /usr/lib/postfix/master
postfix 19816 0.0 0.5 4204 1296 ? S 15:10 0:00 pickup -l -t fifo -u
postfix 19817 0.0 0.5 4224 1328 ? S 15:10 0:00 qmgr -l -t fifo -u
root 19923 0.0 0.1 2356 480 pts/1 R 15:24 0:00 /bin/sh /usr/bin/grep postfix


Danke im Vorraus, Felix

Roger Wilco
08.02.06, 22:49
relay_domains löschen, myhostname richtig setzen, mydestination richtig setzen.

eff
09.02.06, 11:53
Okay, relay_domains habe ich gelöscht
was bitte meinst du mit "richtig". Ich habe mydestination auch gelöscht, damit sollte es ja schon mal richtig sein. myhostname fällt mir schwer, da der zu keiner domain gehört. Jedenfalls zu keiner für die ich die mails austragen möchte. Oder ist das egal und ich lösche einfach nur den hostname und dann isses das?

Ändert aber auch nichts... :(

Danke erstmal. Sonst noch ne Idee?