Postfix

550 收件人地址被拒絕:使用者未知(回复 RCPT TO 命令)- 用於外部域

  • December 14, 2018

在 postfix 中,我無法接收來自特定域的郵件,但我可以向它發送郵件。

出於某種原因,postfix 認為域是內部的,如果我錯了,請糾正我?

來自 postfix 郵件日誌的範例:

Sep 17 18:45:52 smail1 postfix/smtp[23241]: 269D140A92: to=<prvs=7337e4471e=johnd@abc.co.il>, relay=mail1.abc.co.il[5.6.7.8]:25, delay=0.28, delays=0/0/0.27/0.01, dsn=5.0.0, status=undeliverable (host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command))
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: send attr address = prvs=7337e4471e=johnd@abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: input attribute value: host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command)
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_mail_access: prvs=7337e4471e=johnd@abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: ctable_locate: move existing entry key prvs=7337e4471e=johnd@abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_access: prvs=7337e4471e=johnd@abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_domain_access: abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_namadr_access: name xyz.abc.co.il addr 1.2.3.4
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_domain_access: xyz.abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_namadr_access: name xyz.abc.co.il addr 1.2.3.4
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: check_domain_access: xyz.abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: dict_regexp_lookup: /etc/postfix/regexp_client: xyz.abc.co.il
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: NOQUEUE: reject: RCPT from xyz.abc.co.il[1.2.3.4]: 450 4.1.7 <prvs=7337e4471e=johnd@abc.co.il>: Sender address rejected: unverified address: host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command); from=<prvs=7337e4471e=johnd@abc.co.il> to=<janed@neptune.co.il> proto=ESMTP helo=<mail1.abc.co.il>
Sep 17 18:45:55 smail1 postfix/smtpd[23196]: > xyz.abc.co.il[1.2.3.4]: 450 4.1.7 <prvs=7337e4471e=johnd@abc.co.il>: Sender address rejected: unverified address: host mail1.abc.co.il[5.6.7.8] said: 550 Recipient address rejected: User unknown (in reply to RCPT TO command)
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: < xyz.abc.co.il[1.2.3.4]: QUIT
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: > xyz.abc.co.il[1.2.3.4]: 221 2.0.0 Bye
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 192.168.57.0/24
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 127.0.0.0/8
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 192.168.8.1/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 172.19.214.0/24
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.1.2.0/24
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.7.15.152/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.7.15.150/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 10.7.15.152/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_hostname: xyz.abc.co.il ~? 192.168.58.8/32
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: match_list_match: xyz.abc.co.il: no match
Sep 17 18:46:00 smail1 postfix/smtpd[23196]: disconnect from xyz.abc.co.il[1.2.3.4]

會議後-N

2bounce_notice_recipient = postmaster@neptune.co.il
address_verify_sender = postmaster@neptune.co.il
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_notice_recipient = postmaster@neptune.co.il
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = neptune.co.il
default_destination_concurrency_limit = 8
delay_notice_recipient = postmaster@neptune.co.il
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
error_notice_recipient = postmaster@neptune.co.il
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 10
local_destination_recipient_limit = 300
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = neptune.co.il
myhostname = mail.neptune.co.il
mynetworks = 192.168.57.0/24, 127.0.0.0/8, 192.168.8.1/32, 172.19.214.0/24, 10.1.2.0/24, 10.7.15.152/32 , 10.7.15.150/32 ,10.7.15.152/32, 192.168.58.8/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sender_dependent_authentication = yes
smtp_tls_policy_maps = hash:/mailroot/postfix/tls_policy
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_data_restrictions = permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,       permit_sasl_authenticated,      reject_unlisted_sender, reject_unlisted_recipient,      reject_invalid_hostname,        reject_invalid_helo_hostname,   reject_non_fqdn_helo_hostname,       reject_non_fqdn_sender, reject_non_fqdn_recipient,      reject_unknown_sender_domain,   reject_unknown_recipient_domain,        reject_unverified_sender,       reject_unlisted_recipient       reject_unauth_destination,      check_sender_access hash:/etc/postfix/sender_access  check_client_access hash:/etc/postfix/vip_ip,   check_client_access regexp:/etc/postfix/regexp_client,  reject_rbl_client bl.spamcop.net,       reject_rbl_client sbl.spamhaus.org,     reject_rbl_client cbl.abuseat.org,   reject_rbl_client dul.dnsbl.sorbs.net,  reject_rbl_client bl.spamcop.net,       permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = ldap:/etc/postfix/loginmaps.cf
smtpd_tls_CAfile = /etc/pki/tls/certs/rapidssl.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.neptune.co.il.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.neptune.co.il.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/groupmaps.cf
virtual_mailbox_base = /mailroot/var/lib/imap
virtual_mailbox_domains = ldap:domain
virtual_mailbox_maps = ldap:/etc/postfix/loginmaps.cf
virtual_transport = lmtp:unix:/mailroot/var/lib/imap/socket/lmtp

smtpd_*_restriction一點建議:如果您不了解它們的工作原理,請不要輸入一些規則,它總有一天會咬到您。

是什麼導致外部發件人出現“使用者未知(回复 RCPT TO 命令)”錯誤

這些錯誤是由此限制引起的:reject_unverified_sender. 此特殊限制將檢查發件人地址是否prvs=7337e4471e=johnd@example.co.il作為遠端發件人存在。可以在本文件中找到檢查機制的詳細資訊。

簡而言之,postfix將嘗試到telnet遠端發送者並檢查遠端是否接受EMAIL TO prvs=7337e4471e=johnd@example.co.il. 您的日誌中會顯示遠端發件人不接受電子郵件TO prvs=7337e4471e=johnd@example.co.il

9 月 17 日 18:45:52 smail1 後綴/smtp

$$ 23241 $$: 269D140A92: to=, 中繼=mail1.abc.co.il$$ 5.6.7.8 $$:25,延遲=0.28,延遲=0/0/0.27/0.01,dsn=5.0.0,狀態=無法投遞(主機 mail1.abc.co.il$$ 5.6.7.8 $$說:550 收件人地址被拒絕:使用者未知(回复 RCPT TO 命令))

在上述情況下,因為遠端發件人拒絕了它,所以sender was unverified。因此,您的伺服器拒絕接收電子郵件。

對於小的電子郵件流量,這樣做sender_verification很好,但對於較大的流量可能會很煩人。在這篇文章中查看為什麼應該關閉它的一些原因

配置審查

這是您應該關閉的限制列表,或者至少在打開它們之前了解它們的行為。

讓我們檢查一下您的smtpd_recipient_restrictions參數。

permit_mynetworks,
permit_sasl_authenticated, 


reject_unlisted_sender,

看到這個頁面

reject_unlisted_recipient,

看到這個頁面

reject_invalid_hostname,

reject_invalid_hostnamereject_invalid_helo_hostname的別名。

reject_invalid_helo_hostname,

限制reject_invalid_hostname是針對postfix< 2.3HELO當或EHLO主機名格式錯誤時,此限制將拒絕請求。

reject_non_fqdn_helo_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,


reject_unknown_sender_domain,
reject_unknown_recipient_domain,

好的。它將拒絕來自不存在的域或配置不正確的域的電子郵件。

reject_unverified_sender,

如上所述

reject_unlisted_recipient,

複製 (?)

reject_unauth_destination,

這是強制性限制。

check_sender_access hash:/etc/postfix/sender_access,
check_client_access hash:/etc/postfix/vip_ip,
check_client_access regexp:/etc/postfix/regexp_client,


reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,


reject_rbl_client bl.spamcop.net,

重複(再次?)

permit

引用自:https://serverfault.com/questions/629531

相關問答

Ubuntu

vmail_ssl.map.db 中格式錯誤的 BASE64 值

  • October 19, 2022
檢視問答
Postfix

拒絕:來自未知的 RCPT:450 4.7.1 客戶端主機被拒絕:找不到您的反向主機名

  • August 28, 2022
檢視問答
Postfix

postfix+dovecot 多域配置

  • January 22, 2022
檢視問答
Postfix

如何讓 DKIM 為子域和根域地址簽名?

  • June 24, 2021
檢視問答
Postfix

Postfix 拒絕從 O365 轉發的電子郵件

  • June 11, 2021
檢視問答
Postfix

如果我使用 dovecot 送出,我應該拒絕所有通過 postfix 發送的電子郵件嗎?

  • April 20, 2019
檢視問答