Postfix

後綴:通過 sendmail 二進制發送的郵件由於 HELO 錯誤而被阻止

  • January 15, 2015

我的伺服器使用的是 Centos 6.5,我上週從 Plesk 11.5 更新到 12,postfix 更新到 2.8.17。從那時起,所有使用 sendmail 二進製文件(通知、郵件轉發……)發送的郵件都被錯誤的 HELO 主機名拒絕:localhost。似乎 sendmail 使用 locahost 作為不被接受的 HELO 標籤。

預先感謝您的幫助

這是以下錯誤:

Jun 23 14:23:20 ns395167 plesk sendmail[29817]: handlers_stderr: SKIP
Jun 23 14:23:20 ns395167 plesk sendmail[29817]: SKIP during call 'check-quota' handler
Jun 23 14:23:20 ns395167 postfix/pickup[29480]: B94BC6AA20A6: uid=0 from=<root@curuba.fr>
Jun 23 14:23:20 ns395167 postfix/cleanup[29507]: B94BC6AA20A6: message-id=<20140623122320.B94BC6AA20A6@ns395167.ip-176-31-117.eu>
Jun 23 14:23:20 ns395167 greylisting filter[29824]: Starting greylisting filter...
Jun 23 14:23:20 ns395167 greylisting filter[29824]: Wrong HELO hostname: localhost
Jun 23 14:23:20 ns395167 /usr/lib64/plesk-9.0/psa-pc-remote[29457]: handlers_stderr: REJECT
Jun 23 14:23:20 ns395167 /usr/lib64/plesk-9.0/psa-pc-remote[29457]: REJECT during call 'grey' handler
Jun 23 14:23:20 ns395167 /usr/lib64/plesk-9.0/psa-pc-remote[29457]: Message aborted.
Jun 23 14:23:20 ns395167 postfix/cleanup[29507]: B94BC6AA20A6: milter-reject: DATA from localhost[127.0.0.1]: 5.7.1 Command rejected; from=<root@curuba.fr> to=<root@curuba.fr>
Jun 23 14:23:20 ns395167 postfix/cleanup[29507]: B94BC6AA20A6: to=<root@localhost.localdomain>, orig_to=<root@curuba.fr>, relay=none, delay=0.12, delays=0.12/0/0/0, dsn=5.7.1, status=bounced (Command rejected)
Jun 23 14:23:20 ns395167 postfix/cleanup[29502]: C594B6AA20A8: message-id=<20140623122320.C594B6AA20A8@ns395167.ip-176-31-117.eu>
Jun 23 14:23:20 ns395167 postfix/bounce[29506]: B94BC6AA20A6: sender non-delivery notification: C594B6AA20A8
Jun 23 14:23:20 ns395167 postfix/qmgr[29481]: C594B6AA20A8: from=<>, size=2211, nrcpt=1 (queue active)
Jun 23 14:23:20 ns395167 postfix/cleanup[29502]: CFFE56AA2094: message-id=<20140623122320.C594B6AA20A8@ns395167.ip-176-31-117.eu>
Jun 23 14:23:20 ns395167 postfix/local[29721]: C594B6AA20A8: to=<root@localhost.localdomain>, orig_to=<root@curuba.fr>, relay=local, delay=0.08, delays=0.04/0/0/0.04, dsn=2.0.0, status=sent (forwarded as CFFE56AA2094)
Jun 23 14:23:20 ns395167 postfix/qmgr[29481]: CFFE56AA2094: from=<>, size=2361, nrcpt=1 (queue active)
Jun 23 14:23:20 ns395167 postfix/qmgr[29481]: C594B6AA20A8: removed
Jun 23 14:23:20 ns395167 postfix-local[29825]: postfix-local: from=MAILER-DAEMON, to=admin@curuba.fr, dirname=/var/qmail/mailnames
Jun 23 14:23:20 ns395167 postfix-local[29825]: Unable to get sender domain by sender mailname
Jun 23 14:23:20 ns395167 dk_check[29826]: DK_STAT_NOSIG: No signature available in message
Jun 23 14:23:20 ns395167 postfix-local[29825]: handlers_stderr: PASS
Jun 23 14:23:20 ns395167 postfix-local[29825]: PASS during call 'dd52-domainkeys' handler
Jun 23 14:23:20 ns395167 postfix/pipe[29508]: CFFE56AA2094: to=<admin@curuba.fr>, orig_to=<root@curuba.fr>, relay=plesk_virtual, delay=0.1, delays=0.04/0/0/0.06, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Jun 23 14:23:20 ns395167 postfix/qmgr[29481]: CFFE56AA2094: removed

這是我的 postconf -n 內容:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 10240000
mydestination = localhost.$mydomain, localhost, localhost.localdomain
myhostname = ns395167.ip-176-31-117.eu
mynetworks = 127.0.0.0/8 [::1]/128 176.31.117.106/32 [2001:41d0:8:3c6a::1]/128, 50.57.69.12/32
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:127.0.0.1:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.8.17/README_FILES
sample_directory = /usr/share/doc/postfix-2.8.17/samples
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client xbl.spamhaus.org, reject_rbl_client b.barracudacentral.org
smtpd_milters = inet:127.0.0.1:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = , hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:30

我的系統主機名似乎正確:hostname -f ns395167.ip-176-31-117.eu hostname ns395167.ip-176-31-117.eu

這些動作是後綴的預期行為。這是官方文件中此頁面的片段。

將 Milter 應用程序用於非 SMTP 郵件時有一個小問題:沒有 SMTP 會話。為了讓 Milter 應用程序滿意,Postfix cleanup(8) 伺服器實際上必須模擬 SMTP 客戶端CONNECT 和 DISCONNECT 事件,以及 SMTP 客戶端 EHLO、MAIL FROM、RCPT TO 和 DATA 命令。

當新郵件通過 sendmail(1) 命令行到達時,Postfix cleanup(8) 伺服器會假裝郵件是從 IP 地址為 “127.0.0.1” 的 “localhost” 使用 ESMTP 到達的。結果與 Sendmail 8.12 及更高版本中命令行送出的結果非常相似,儘管 Sendmail 使用不同的機制來實現此結果。

查看 的日誌和輸出postconf -n,很明顯拒絕它的程序是通過 inet:127.0.0.1:12768 執行的 milter 應用程序。它是psa-pc-remotePlesk 提供的 milter。

雖然我對 Plesk 沒有任何經驗,但一些解決方法是僅針對non_smtpd關閉該 milter 。好吧,我不知道這是壞建議還是好建議,因為我不知道如何psa-pc-remote處理您的電子郵件。另一種方式,您可以查看 Plesk 中的一些設置來關閉這種拒絕。

引用自:https://serverfault.com/questions/607275