我有一个服务器上安装了Postfix多实例,每个实例都有自己的ip:
>实例1:example.com(带有用于bounce / fbl ad-hoc处理的邮箱的根域)
>实例2:unsub.eg.example.com(带有用于取消处理的邮箱的子域)
>实例3:out1.eg.example.com(仅限出站)
>实例4:out2.eg.example.com(仅限出站)
就发送电子邮件或在域unsub.eg.example.com上接收电子邮件而言,一切正常.
但是,当发送电子邮件到[email protected]或[email protected]时…四个实例中的任何一个都可以处理它,而不仅仅是example.com实例.当通过unsub,out1或out2获取时,NOQUEUE:拒绝:RCPT来自:554 5.7.1:拒绝中继访问;处理实例记录错误.如果实例1碰巧拿起它,它就会被送到邮箱没问题.
所以它让我疯狂为什么其他实例正在接收一封绑定example.com的电子邮件
以下是针对实例的main.cf的高亮配置,我认为这可能导致问题:
smtp.example.com
queue_directory = /var/spool/postfix-smtpcommand_directory=/usr/sbindaemon_directory=/usr/libexec/postfixdata_directory=/var/lib/postfix-smtpmail_owner=postfixsyslog_name=pfix-smtpmyhostname=smtp.example.commydomain=example.commyorigin=$mydomaininet_interfaces=$myhostnameinet_protocols=ipv4mydestination=localhostmynetworks_style=hostrelay_domains=relayhost=home_mailBox=Maildir/disable_vrfy_command=yesvirtual_mailBox_domains=$mydomainvirtual_mailBox_maps=hash:/etc/postfix/vmailBoxsmtpd_sasl_auth_enable=yesbroken_sasl_auth_clIEnts=yessmtpd_sasl_type=dovecotsmtpd_sasl_path=private/authsmtpd_sasl_security_options=noanonymoussmtpd_recipIEnts_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destinationsmtpd_sender_restrictions=reject_unkNown_sender_domainsmtpd_sasl_local_domainlocal_recipIEnt_maps=$alias_maps,$virtual_mailBox_maps
unsub.eg.example.com
queue_directory = /var/spool/postfix-unsubcommand_directory=/usr/sbindaemon_directory=/usr/libexec/postfixdata_directory=/var/lib/postfix-unsubmail_owner=postfixsyslog_name=pfix-unsubmyhostname=unsub.eg.example.commydomain=unsub.eg.example.commyorigin=$mydomaininet_interfaces=$myhostnameinet_protocols=ipv4mydestination=localhostmynetworks_style=hostrelay_domains=relayhost=home_mailBox=Maildir/disable_vrfy_command=yesvirtual_mailBox_domains=$myhostnamevirtual_mailBox_maps=hash:/etc/postfix/vmailBoxvirtual_alias_maps=hash:/etc/postfix-unsub/virtualsmtpd_sasl_auth_enable=yesbroken_sasl_auth_clIEnts=yessmtpd_sasl_type=dovecotsmtpd_sasl_path=private/authsmtpd_sasl_security_options=noanonymoussmtpd_recipIEnts_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destinationsmtpd_sender_restrictions=reject_unkNown_sender_domainsmtpd_sasl_local_domain=local_recipIEnt_maps=$alias_maps,$virtual_mailBox_maps
out1.eg.example.com
queue_directory = /var/spool/postfix-ou1command_directory=/usr/sbindaemon_directory=/usr/libexec/postfixdata_directory=/var/lib/postfix-ou1mail_owner=postfixsyslog_name=pfix-out1myhostname=out1.eg.example.commydomain=out1.eg.example.commyorigin=$mydomaininet_interfaces=$myhostnameinet_protocols=ipv4mydestination=mynetworks_style=hostrelay_domains=relayhost=
out2.eg.example.com
queue_directory = /var/spool/postfix-ou2command_directory=/usr/sbindaemon_directory=/usr/libexec/postfixdata_directory=/var/lib/postfix-ou2mail_owner=postfixsyslog_name=pfix-out2myhostname=out2.eg.example.commydomain=out2.eg.example.commyorigin=$mydomaininet_interfaces=$myhostnameinet_protocols=ipv4mydestination=mynetworks_style=hostrelay_domains=relayhost=
注意:我还为所有实例生成了自签名tls证书和dkim签名,但事情看起来很好,我不认为这些可能是罪魁祸首.
谢谢大家!
9/25/2014日志:这些是我今天通过测试使用Outlook客户端发送电子邮件时得到的日志:
Sep 25 06:04:37 bm1 pfix-out2/anvil[11131]: statistics: max connection rate 3/60s for (smtp:XXX.XXX.XXX.42) at Sep 25 06:01:12Sep 25 06:04:37 bm1 pfix-out2/anvil[11131]: statistics: max connection count 3 for (smtp:XXX.XXX.XXX.42) at Sep 25 06:01:12Sep 25 06:04:37 bm1 pfix-out2/anvil[11131]: statistics: max cache size 1 at Sep 25 06:01:01Sep 25 06:05:46 bm1 pfix-out1/anvil[11191]: statistics: max connection rate 3/60s for (smtp:XXX.XXX.XXX.42) at Sep 25 06:02:21Sep 25 06:05:46 bm1 pfix-out1/anvil[11191]: statistics: max connection count 3 for (smtp:XXX.XXX.XXX.42) at Sep 25 06:02:21Sep 25 06:05:46 bm1 pfix-out1/anvil[11191]: statistics: max cache size 1 at Sep 25 06:02:10Sep 25 06:06:11 bm1 pfix-unsub/smtpd[11239]: connect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:06:11 bm1 pfix-unsub/smtpd[11239]: setting up TLS connection from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:06:11 bm1 pfix-unsub/smtpd[11239]: Anonymous TLS connection established from mail.sender.com[XXX.XXX.XXX.250]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)Sep 25 06:06:11 bm1 pfix-unsub/smtpd[11239]: NOQUEUE: reject: RCPT from mail.sender.com[XXX.XXX.XXX.250]: 554 5.7.1 <[email protected]>: Relay access denIEd; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sender.com>Sep 25 06:06:11 bm1 pfix-unsub/smtpd[11239]: disconnect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:07:02 bm1 pfix-smtp/smtpd[11257]: connect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:07:02 bm1 pfix-smtp/smtpd[11257]: setting up TLS connection from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:07:02 bm1 pfix-smtp/smtpd[11257]: Anonymous TLS connection established from mail.sender.com[XXX.XXX.XXX.250]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)Sep 25 06:07:02 bm1 pfix-smtp/smtpd[11257]: D91BB3060289: clIEnt=mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:07:02 bm1 pfix-smtp/cleanup[11260]: D91BB3060289: message-ID=<004001cfd886$d01b96c052c440$@[email protected]>Sep 25 06:07:02 bm1 opendkim[18460]: D91BB3060289: mail.sender.com [XXX.XXX.XXX.250] not internalSep 25 06:07:02 bm1 opendkim[18460]: D91BB3060289: not authenticatedSep 25 06:07:02 bm1 opendkim[18460]: D91BB3060289: no signature dataSep 25 06:07:02 bm1 pfix-smtp/qmgr[7018]: D91BB3060289: from=<[email protected]>,size=11502,nrcpt=1 (queue active)Sep 25 06:07:02 bm1 pfix-smtp/smtpd[11257]: disconnect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:07:02 bm1 pfix-smtp/virtual[11261]: D91BB3060289: to=<[email protected]>,relay=virtual,delay=0.09,delays=0.06/0.01/0/0.02,dsn=2.0.0,status=sent (delivered to maildir)Sep 25 06:07:02 bm1 pfix-smtp/qmgr[7018]: D91BB3060289: removedSep 25 06:07:46 bm1 pfix-smtp/anvil[11102]: statistics: max connection rate 3/60s for (smtp:XXX.XXX.XXX.42) at Sep 25 06:02:23Sep 25 06:07:46 bm1 pfix-smtp/anvil[11102]: statistics: max connection count 3 for (smtp:XXX.XXX.XXX.42) at Sep 25 06:02:23Sep 25 06:07:46 bm1 pfix-smtp/anvil[11102]: statistics: max cache size 2 at Sep 25 06:02:12Sep 25 06:08:10 bm1 pfix-smtp/smtpd[11257]: connect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:08:10 bm1 pfix-smtp/smtpd[11257]: setting up TLS connection from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:08:10 bm1 pfix-smtp/smtpd[11257]: Anonymous TLS connection established from mail.sender.com[XXX.XXX.XXX.250]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)Sep 25 06:08:10 bm1 pfix-smtp/smtpd[11257]: 8FC143060289: clIEnt=mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:08:10 bm1 pfix-smtp/cleanup[11260]: 8FC143060289: message-ID=<004601cfd886$f873f540$e95bdfc0$@[email protected]>Sep 25 06:08:10 bm1 opendkim[18460]: 8FC143060289: mail.sender.com [XXX.XXX.XXX.250] not internalSep 25 06:08:10 bm1 opendkim[18460]: 8FC143060289: not authenticatedSep 25 06:08:10 bm1 opendkim[18460]: 8FC143060289: no signature dataSep 25 06:08:10 bm1 pfix-smtp/qmgr[7018]: 8FC143060289: from=<[email protected]>,size=11431,nrcpt=1 (queue active)Sep 25 06:08:10 bm1 pfix-smtp/smtpd[11257]: disconnect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:08:10 bm1 pfix-smtp/virtual[11261]: 8FC143060289: to=<[email protected]>,delay=0.05,delays=0.04/0/0/0,status=sent (delivered to maildir)Sep 25 06:08:10 bm1 pfix-smtp/qmgr[7018]: 8FC143060289: removedSep 25 06:09:31 bm1 pfix-unsub/anvil[11219]: statistics: max connection rate 3/60s for (smtp:XXX.XXX.XXX.42) at Sep 25 06:03:26Sep 25 06:09:31 bm1 pfix-unsub/anvil[11219]: statistics: max connection count 3 for (smtp:XXX.XXX.XXX.42) at Sep 25 06:03:26Sep 25 06:09:31 bm1 pfix-unsub/anvil[11219]: statistics: max cache size 1 at Sep 25 06:03:15Sep 25 06:10:33 bm1 pfix-out2/smtpd[11289]: warning: dict_nis_init: NIS domain name not set - NIS lookups DisabledSep 25 06:10:33 bm1 pfix-out2/smtpd[11289]: connect from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:10:33 bm1 pfix-out2/smtpd[11289]: setting up TLS connection from mail.sender.com[XXX.XXX.XXX.250]Sep 25 06:10:33 bm1 pfix-out2/smtpd[11289]: Anonymous TLS connection established from mail.sender.com[XXX.XXX.XXX.250]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)Sep 25 06:10:33 bm1 pfix-out2/smtpd[11289]: NOQUEUE: reject: RCPT from mail.sender.com[XXX.XXX.XXX.250]: 554 5.7.1 <[email protected]>: Relay access denIEd; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sender.com>Sep 25 06:10:33 bm1 pfix-out2/smtpd[11289]: disconnect from mail.sender.com[XXX.XXX.XXX.250]
请注意,那
>发送到[email protected]的第一个测试由pfix-unsub处理:拒绝中继访问
>第二次测试发送到[email protected]通过正确的实例pfix-smtp“正确”处理
>发送到[email protected]的第3个测试由正确的实例pfix-smtp“正确”处理
>发送到[email protected]的第四个测试由pfix-out2处理:拒绝中继访问
DNS设置
IN MX 10 smtpIN MX 10 unsub.egIN MX 10 out1.egIN MX 10 out2.eg;A Recordsexample.com. IN A YYY.YYY.YYY.3subdomain1 IN A YYY.YYY.YYY.3smtp IN A XXX.XXX.XXX.123unsub.eg IN A XXX.XXX.XXX.124out1.eg IN A XXX.XXX.XXX.125out2.eg IN A XXX.XXX.XXX.126;SPF TXT RRexample.com. IN TXT "v=spf1 mx:smtp.example.com mx:out1.eg.example.com mx:out2.eg.example.com ~all"example.com. IN TXT "spf2.0/pra mx:smtp.example.com mx:out1.eg.example.com mx:out2.eg.example.com ~all";DKIM TXT RRdefault._domainkey IN TXT "v=DKIM1; k=rsa; p=**key**"解决方法 您已将所有后缀实例列为域的MX,并且具有相同的权重.这意味着发送邮件服务器可以选择他们想要的任何一个.
由于您只希望smtp.example.com处理传入邮件,因此您应删除除以外的所有MX行
IN MX 10 smtp
编辑以回应评论:MX记录专门适用于example.com – 它实际上是在说“如果您要向以@ example.com结尾的任何地址发送电子邮件,您可以使用列为MX的任何一个服务器.
对于unsub.eg.example.com,您有一条A记录.当发送邮件服务器查找如何将邮件路由到该地址时,它将首先查找unsub.eg.example.com的MX记录.如果找不到,它将寻找A记录.由于存在unsub.eg.example.com的A记录,因此该消息将直接发送到该服务器.因此,您不需要MX记录. (如果您确实想要使用MX记录,则应该为unsub.eg.example.com设置,而不是为example.com设置!)
至于SFP记录,这些记录专门用于传出流量. MX专门用于传入流量.对于较大的域,通常的做法是为传出流量与传入流量分别设置服务器.在这些情况下,出站服务器应仅列在SFP中,而传入的服务器应仅列为MX.
可以将SPF记录设置为包括所有MX.但同样可以简单地列出允许发送邮件的服务器的IP地址或A记录,无论服务器是否也用作MX.有关语法的更多信息,请参见OpenSPF.org
编辑2:这是一个新的SPF记录的建议:
;SPF TXT RRexample.com. IN TXT "v=spf1 a:out2.eg.example.com a:out1.eg.example.com ~all"总结
以上是内存溢出为你收集整理的linux – Postfix实例偶尔处理其他实例传入的电子邮件全部内容,希望文章能够帮你解决linux – Postfix实例偶尔处理其他实例传入的电子邮件所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)