最後更新: 2018-09-27
目錄
- master.cf 與 main.cf
- 設置 helo
- maildir 保存 mail
- Soft Bounce
- SMTP Status Code
- 一些常用的指令
- Mail Queue(postqueue)
- 對 Queue 內的 Mail 作處理(postsuper)
- Tuning
- Anti-Spam & Virus
- Log
- 陷阱
- Debian 上可用的 maps
- Banner
- Postfix MySQL client configuration
- Client IP to DNS lookup
- Debug
- 沒有 TCP wrappers 的 postfix
- 陷阱
- Debian 上可用的 maps
- bounce_queue_lifetime
- Timeout setting
- Does not resolve to address
- Duplicate(enable_original_recipient)
- DNS lookup
- mailbox_command
- postfix using sub-interface IP to sent out mail
- reject_unknown_X
- defer_if_permit
- smtpd_client_connection_count_limit
- chroot
- delay_warning_time
- Domain not found
- 限制一信可以 To, Cc, Bcc 幾多人
- Troubleshoot
master.cf 與 main.cf
Postfix 的 configure file
- master.cf <== 它設定 smtp, pickup, qmgr 等的運行方式(listen port 係由 "master" daemon 負責)
service type private unpriv chroot wakeup maxproc command + args (yes) (yes) (yes) (never) (100) smtp inet n - n - - smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr bounce unix - - n - 0 bounce
dovecot unix - n n - - pipe
- main.cf <== Postfix 的設定值
master.cf 內的 "-o"
在 master.cf 內用 "-o" arguments 係唔可以用 spaces 去分隔 options 的
define variables in main.cf and use them in
main.cf:
2025_smtpd_client_restrictions = check_client_access hash:/etc/postfix/printer_access
master.cf
2025 inet n - n - - smtpd -o cleanup_service_name=pre-cleanup -o message_size_limit=10240000 -o smtpd_client_restrictions=${2025_smtpd_client_restrictions}
Parameter
Comments
# This lines is comments.
Whitespace
By starting a line with whitespace, you tell Postfix that the line is a continuation of the previous line.
i.e.
mydestination = localhost datahunter.org mail.datahunter.org
Order
the parameter contents the order of the keywords may matter.
parameter = A, B
parameter = B, A
dollar sign
a dollar sign directly followed by the name of the parameter whose value you wish to obtain
mydomain = example.com myhostname mail.example.com mydestination = $myhostname, localhost.$mydomain, localhost
postconf ( 查看及修改設定值 )
# 查看現在生效
postconf mydestination
mydestination = datahunter.org, mail.datahunter.org lamp, localhost.localdomain, localhost
查看 default 的值
postconf -d mydestination
mydestination = $myhostname, localhost.$mydomain, localhost
# 修改
$ postconf –e relay_domains=example.com
postfix ( 一些常用的指令 )
postfix [-D] [stop | start | reload | flush]
check # 檢查 directory/file ownership or permission 錯誤
abort # stop immediately
flush # 強制將目前正在郵件佇列的郵件寄出!
reload # 重新讀入設定檔,也就是 /etc/postfix/main.cf
-D # Run each Postfix daemon under control of a debugger
postmap
postmap command is used to compile the input file
written by the user to a binary format the Postfix reads.
remember to use postmap after editing the file.
# 查看支援什麼 map
postconf -m
btree cidr environ hash ldap mysql nis pcre proxy regexp static unix
master file
一直在行
/usr/lib/postfix/master
pickup -l -t fifo -u -c
qmgr -l -t fifo -u
Status
postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 28661
出信/收信的 Domain 名
# affect how Postfix transforms hostnames that are not fully qualifie
# Default: T$myhostname minus the first component, or "localdomain"
mydomain = example.com
# greets a client and when the SMTP client says HELLO to
# By default myhostname = lamp.localdomain
myhostname =
# be used to qualify e-mail addresses that have no domain part at all
# By default, myorigin = $myhostname
myorigin = $myhostname
# domains are considered local,
# By default mydestination = $myhostname, localhost.$mydomain, localhost
mydestination =
# 設定是否用 "myorigin", Default: yes
append_at_myorigin = yes
設置 helo
Send Mail 時用什麼名稱來 helo 對方
smtp_helo_name = $myhostname
maildir 保存 mail
home_mailbox (default 會影響 local)
Default: empty
Maildir
* "/" for qmail-style delivery
由
home_mailbox = Mailbox
改成
home_mailbox = Maildir/
log
Oct 26 10:35:26 c1383 postfix/local[31423]: 4F5F940D73DE: to=<x@y>, relay=local, delay=0.56, delays=0.52/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Dovecot
Dovecot 2
Basic
mail_location = maildir:~/Maildir
Adv.
# %h - home directory mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
Soft Bounce
soft_bounce = no <-- 把所有 5xx 的 Error 回報成 4xx
SMTP Status Code
4XX # temporary routing issue ( soft bounce )
5xx # permanent failure
4XX
- 421 Service not available, closing transmission channel (This may be a reply to any command if the service knows it must shut down)
- 432 4.7.12 A password transition is needed [3]
- 450 Requested mail action not taken: mailbox unavailable (e.g., mailbox busy or temporarily blocked for policy reasons)
- 451 Requested action aborted: local error in processing
- 451 4.4.1 IMAP server unavailable [4]
- 452 Requested action not taken: insufficient system storage
- 454 4.7.0 Temporary authentication failure [3]
- 455 Server unable to accommodate parameters
5XX
-
500 Syntax error, command unrecognized
(This may include errors such as command line too long) - 500 5.5.6 Authentication Exchange line is too long
- 501 Syntax error in parameters or arguments
- 501 5.5.2 Cannot Base64-decode Client responses
-
501 5.7.0 Client initiated Authentication Exchange
(only when the SASL mechanism specified that client does not begin the authentication exchange) - 502 Command not implemented
- 503 Bad sequence of commands
- 504 Command parameter is not implemented
- 504 5.5.4 Unrecognized authentication type
- 521 Server does not accept mail
- 523 Encryption Needed
- 530 5.7.0 Authentication required
- 534 5.7.9 Authentication mechanism is too weak
- 535 5.7.8 Authentication credentials invalid
- 538 5.7.11 Encryption required for requested authentication mechanism
-
550 Requested action not taken: mailbox unavailable
(e.g., mailbox not found, no access, or command rejected for policy reasons) - 551 User not local; please try <forward-path>
- 552 Requested mail action aborted: exceeded storage allocation
- 553 Requested action not taken: mailbox name not allowed
- 554 Transaction has failed (Or, in the case of a connection-opening response, "No SMTP service here")
- 554 5.3.4 Message too big for system
- 556 Domain does not accept mail
其他設定
inet_protocols = ipv4 <-- default 是 all 的
in_flow_delay = 1s <-- 每個 incoming 的 connection 都會 delay 1s 才回應, default: on
header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_use_tls = no
SASL Login:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
不同 imap server 的 agent:
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
mail size
設定每 Mail 的 Size:
# Unit: bytes
# 15 Mbyte message_size_limit = 15728640
當 Over 時會 log
... warning: Mail-ID: queue file size limit exceede
# ehlo HELLO_NAME 才看到 Server 支援的 mesg size
The SMTP server can inform the client what is the maximum message size
C: ehlo mail.datahunter.org
S: ...
S: 250-SIZE 52428800
S: ...
當 Size 超過時, 就會自動斷線.
# Server Log
... postfix/smtpd[3182]: connect from unknown[R.R.R.R] # 效果如同 Client side proccss 被 kill ... postfix/smtpd[3182]: lost connection after EHLO from unknown[R.R.R.R] ... postfix/smtpd[3182]: disconnect from unknown[R.R.R.R]
由於未到 FROM 及 RCPT, 所以 Server 唔會知誰發信比誰
* QUIT 沒有呢句 "... lost connection after ..."
解決方案: smtpd_discard_ehlo_keywords
SIZE
15 Mbytes 的 data 相當於 21 Mbytes EML
所以如果要寄 15 MB mail, 那就 set 22 MB 較安全
SMTP SIZE command
The client can inform the SMTP server the (estimated) size of the e-mail message that will be sent.
模擬 Oversize
C: MAIL FROM:<[email protected]> SIZE=52428801
S: 552 5.3.4 Message size exceeds fixed limit
mail.log
May 28 13:21:15 sf3 postfix/smtpd[29539]: NOQUEUE: reject: MAIL from unknown[n.n.n.n]: 552 5.3.4 Message size exceeds fixed limit; proto=ESMTP helo=<mail.datahunter.org>
postqueue (Mail Queue)
對於高流量的 E-Mail 服務器來講, mail queue 可以說是它們的精髓來
現在大部份 E-Mail Server 都是存放多個 E-Mail Domain 的 !! 所以, Queue 更為重要.
在 Postfix 上的所有 Queue 都以目錄形式存放在 /var/spool/postfix 內
- incoming <-- 存放新到的信, 一會兒會去 ative queue
- active <-- 準備要處理的信
- deferred <-- 等待 retry 的信
- maildrop <-- sendmail(postdrop) command 放入來要寄的信
- hold <-- 要 admin 人手決定去留的信
- corrupt <-- 受損的信, 可以用 postcat 查看它的內容
查看 queue 的情況:
mailq = postqueue -p
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 6CC4B4740BB4 9392 Sun Feb 12 18:18:25 <Sender> (temporary failure. Command output: maildrop: maildir over quota.) <Recipient>
remark
- * 代表在 active queue
- ! 代表在 hold queue
查看在 queue 內 mail 的內容:
postcat -q <queue id>
立即重寄某個 Domain 的 E-Mail
postqueue -s example.com
立即重寄某個 E-Mail
postqueue -i queue_id
立即重寄所有 E-Mail
postfix flush = postqueue -f
對 Queue 內的 Mail 作處理(postsuper)
它是用來控制一封 E-Mail 的去留
不帶參數時相當於 -s -p
-p 刪除無用的tmp file
-s Structure check and structure repair (name files = inode number)
-v Enable verbose logging for debugging purposes.
Usage
postsuper -v
postsuper: name_mask: ipv4 postsuper: inet_addr_local: configured 2 IPv4 addresses postsuper: queue: defer postsuper: queue: bounce postsuper: queue: maildrop postsuper: queue: incoming postsuper: queue: active postsuper: queue: deferred postsuper: queue: hold postsuper: queue: flush
刪除 queue 內某一 E-Mail
postsuper -d <queue-id> <--- default: hold, incoming, active and deferred
postsuper -d 6CC4B4740BB4 postsuper: 6CC4B4740BB4: removed postsuper: Deleted: 1 message
清空 queue 內的所有 E-mail
postsuper -d All [deferred] <--- 在 Centos 上要用 "ALL"
刪除一天前無法發出的郵件
find /var/spool/postfix/deferred -type f -mtime +1 -exec rm -f {} \;
暫時發送一郵件
postsuper -h <queue-id>
繼續發送
postsuper -H <queue-id>
Requeue 某 mail, Queue (hold, incoming, active 及 deferred)
postsuper -r <queue-id>
Postfix After-Queue Content Filter
mailq
704463219F8 1080 Mon Jan 25 11:00:14 nagios@myserver (mail transport unavailable) admin@myserver
postcat -q 704463219F8
............. content_filter: amavis:[128.0.0.1]:10024 .............
-r queue_id
Requeue the message with the named queue ID from the named mail queue(s)
(default: hold, incoming, active and deferred).
A requeued message is moved to the maildrop queue, from where it is copied by the pickup(8)
and cleanup(8) daemons to a new queue file.
* The message is not subjected to the smtpd_milters or non_smtpd_milters settings.
* The message is subjected again to mail address rewriting and substitution.
Jan 25 16:05:49 mail postfix/postsuper[7773]: Requeued: 25 messages
Tuning
當 postfix 用 default setting 時, 好有可能會有以下後果 !!!
是的, 它 "爆Q" 了 ...
經此一事, 明白了default setting 是很大食的 ....
最後, 我認為比教好的設定是
default_process_limit = 20
# 它定義了每種 daemon 同時執行的個數, default: 100
# 最終是以 master.cf 的設定值作準的
master.cf:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
Client-Error
smtpd_soft_error_limit = 5
# 當 client 對 smtpd 有 5 次 Error 時, 那慢速回應
smtpd_hard_error_limit = 10
# 當達 10 次 Error 時, 那就斷線
smtpd_error_sleep_time=1s
# 超過 soft_error 時, 每次 Error 後, 就 Delay 1 秒
# 這裡的 Error 包括 helo, rcpt to ...
Deliver
default_destination_concurrency_limit = 5
# 有幾多信可以同時去一個 Domain
# 它是以信為單位, 不計收件人數量
default_destination_recipient_limit = 5
# 信內的收件人數量(有幾個 "to" 的情況)
# 當大於此值時, 就會拆開來 Send
local_destination_concurrency_limit = 2 (default: 2)
local_destination_recipient_limit = 1 (default: 1)
# 以上設定組合成本地的收信人同一個時間可以收 1 封信
# 而同一個 Domain 同一個時間可以入兩封信
Postfix retry period (resend mail)
# 多久才放棄再寄未送出的 mail, 0 代表當失敗後不再嘗試
maximal_queue_lifetime = 1h (Default: 5d)
bounce_queue_lifetime = 900s (Default: 5d)
# qmgr 多久才檢查 deferred queue 一次
# This parameter should be set less than or equal to $minimal_backoff_time.
queue_run_delay = 600s
# 在 min 到 max 期間嘗試送信
maximal_backoff_time = 900s (default: 4000s)
minimal_backoff_time = 300s (default: 1000s)
Warning:
warning: bounce_queue_lifetime is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime
Anti-Spam & Virus
停用 ISPConfig 的 Amavisd:
#content_filter = amavis:[127.0.0.1]:10024 // transport:destination
// 此 filter 在 access(5), header_checks(5), body_checks(5) 之後
#receive_override_options = no_address_mappings // default: empty, 控制 cleanup
service
選項有:
- no_unknown_recipient_checks
- no_address_mappings (virtual alias map, BCC)
- no_header_body_checks
- no_milters (Disable Milter (mail filter))
# 在 BEFORE content filter 時用
# AFTER content filter 在 master.cf 設定
Example: AFTER content filter
127.0.0.1:10025 inet n - - - - smtpd ............. -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
以下設定會
main.cf: content_filter = smtp-amavis:[127.0.0.1]:10024 amavisd.conf: $forward_method = 'smtp:[127.0.0.1]:10025';
形成這樣的 log
Feb 5 12:28:43 mail postfix/smtp[3310]: F217042105: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.45, delays=0.08/0.02/0/0.35, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3C9864210B)
如果沒有用到 per user filter, 建議用以下 setting 去提高 performance 及方便 Alias 的 debug (no_address_mappings 加在 main.cf)
master.cf
127.0.0.1:10025 inet n - - - - smtpd
.............
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
main.cf
receive_override_options=no_address_mappings
log
第一次入來 C82793FCE6, 第二次入來 058163FDB1
......... Feb 5 15:46:40 mail postfix/smtpd[4488]: C82793FCE6: client=unknown[1.2.3.4] Feb 5 15:46:40 mail postfix/cleanup[4495]: C82793FCE6: message-id=<[email protected]> Feb 5 15:46:40 mail postfix/qmgr[4486]: C82793FCE6: from=<[email protected]>, size=1936, nrcpt=1 (queue active) ......... Feb 5 15:46:41 mail postfix/smtp[4496]: C82793FCE6: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.36, delays=0.08/0.01/0/0.26, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 058163FDB1) Feb 5 15:46:41 mail postfix/qmgr[4486]: C82793FCE6: removed Feb 5 15:46:41 mail postfix/pipe[4500]: 058163FDB1: to=<[email protected]>, relay=dovecot, delay=0.31, delays=0.06/0.02/0/0.23, dsn=2.0.0, status=sent (delivered via dovecot service) Feb 5 15:46:41 mail postfix/pipe[4501]: 058163FDB1: to=<[email protected]>, relay=dovecot, delay=0.39, delays=0.06/0.04/0/0.3, dsn=2.0.0, status=sent (delivered via dovecot service) Feb 5 15:46:41 mail postfix/pipe[4503]: 058163FDB1: to=<[email protected]>, relay=dovecot, delay=0.39, delays=0.06/0.06/0/0.27, dsn=2.0.0, status=sent (delivered via dovecot service) Feb 5 15:46:41 mail postfix/qmgr[4486]: 058163FDB1: removed
Postfix "message-id" format (msgid)
- A message-id is assigned by the MUA or postfix if the message doesn't have one.
- The message-id is in the header of the email.
- An email header will also have the original emails message-id if it's an reply.
- The postfix queue ID is NOT in the header of the emails.
GMT時間.上游的PQID@上游HOSTNAME
telnet -> mx1 server -> mail server
如果上游係 telnet, 那它會收到此 "上游的PQID"
ie.
# 最後收到的信 log
... mail postfix/cleanup[7495]: 9DDFF20CB7: message-id=<20220616090504[email protected]>
當 MUA(telnet) 無入 msgid 時的 EML
... Message-Id: <20220616090504[email protected]>
當 MUA(Thunderbird) 有 message-id 時的 EML
Message-ID: <UUID@DOMAIN>
在 main.cf 控制 maxproc
amavis_destination_concurrency_limit = 2
Log
helo msg
mail.warn 內有
Dec 16 20:37:19 vps2 postfix/smtpd[22342]: warning: x.x.x.x: address not listed for hostname x.y.z
是無害的, 它意思是 Hello 時的 "x.y.z" 與此 Domain 的 IP 與來者 x.x.x.x是不相同
log name
# A prefix that is prepended to the process name in syslog records,
# so that, for example, "smtpd" becomes "prefix/smtpd".
-o syslog_name=postfix/smtp-in
Oct 6 03:07:24 vm postfix/smtp-in/smtpd[29556]: disconnect from ....
陷阱
<1>
disable_dns_lookups=yes
當它 no 時, 外寄的信就不會查 MX record 去寄, 而是直接用收信 Domain 的 IP
<2>
Error: User unknown in local recipient table
功能: keeps undeliverable mail out of your queue
- local_recipient_maps parameter specifies lookup tables with all names or addresses of local recipients.
- local: $mydestination, $inet_interfaces or $proxy_interfaces
解決方法:
turn off
/etc/postfix/main.cf:
local_recipient_maps =
virtual
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
Debian 上可用的 maps
可用的 maps 設置在
/etc/postfix/dynamicmaps.cf
如果用到 mysq 的 map, 那要安裝 postfix-mysql 包
# Postfix dynamic maps configuration file.
#
# The first match found is the one that is used. Wildcards are not supported
# as of postfix 2.0.2
#
#type location of .so file open function (mkmap func)
#==== ================================ ============= ============
tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open
mysql /usr/lib/postfix/dict_mysql.so dict_mysql_open
Banner
telnet port 25 時會見到的資料
220 youhost.localdomain ESMTP Postfix (Debian/GNU)
相關設定:
- myhostname
- mydomain
Postfix MySQL client configuration
man 5 mysql_table
Client IP to DNS lookup (smtpd_peername_lookup)
# lookup client hostname from IP->rdns, or return "unknown" # Turning off name lookup reduces delays due to DNS lookup # Default: yes smtpd_peername_lookup = yes
Debug
# default: yes
smtpd_delay_reject = yes
Wait until the RCPT TO command before evaluating
$smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions,
在輸入 "rcpt to " 之後才 block
沒有 TCP wrappers 的 postfix
postfix 並沒有 link "libwrap"
smtpd_client_restrictions (default: empty)
check_client_access # client IP/Networks address
permit_inet_interfaces # Permit the request when the client IP address matches $inet_interfaces.
permit
reject # Reject the request.
This restriction is useful at the end of a restriction list,
to make the default policy explicit.
/etc/postfix/main.cf:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, permit_inet_interfaces, reject
/etc/postfix/access:
1.2.3 REJECT 1.2.3.4 OK
當被 Deny 時會有以下的 log
Apr 20 18:07:13 lxc postfix/smtpd[32294]: NOQUEUE: reject: RCPT from unknown[203.169.xxx.xxx]: 554 5.7.1 <unknown[203.169.xxx.xxx]>: Client host rejected: Access denied; from=<[email protected]> to=<root> proto=SMTP helo=<domain.net>
用 smtpd_delay_reject = no 設定時, 當 client 一 connect 就會有以下 msg
554 5.7.1 <unknown[x.x.x.x]>: Client host rejected: Access denied
bounce_queue_lifetime
bounce_queue_lifetime (default: 5d)
The maximal time a 'BOUNCE MESSAGE' is queued before it is considered undeliverable.
* Specify 0 when mail delivery should be tried only once.
# 在 mx server 記得加上它.
# Prevent too many "MAILER-DAEMON" msg
bounce_queue_lifetime = 4h
Timeout setting
# default: 30s
# The Postfix SMTP client time limit for completing a TCP connection
smtp_connect_timeout = 5s
# HELO or EHLO
smtp_helo_timeout = 10s
# MAIL FROM
smtp_mail_timeout = 10s
# RCPT TO
smtp_rcpt_timeout = 10s
# The Postfix SMTP client time limit for sending the SMTP "."
smtp_data_done_timeout = 300s
# The time limit for sending a Postfix SMTP server response and for receiving a remote SMTP client request.
smtpd_timeout = 300s
Does not resolve to address
在 log 內見到有
Aug 20 10:50:55 vm postfix/smtpd[17223]: connect from unknown[202.180.164.xxx] Aug 20 10:50:55 vm postfix/smtpd[17223]: lost connection after EHLO from unknown[202.180.164.xxx] Aug 20 10:50:55 vm postfix/smtpd[17223]: disconnect from unknown[202.180.164.xxx] Aug 20 10:50:55 vm postfix/smtpd[17223]: warning: hostname 164-xxx.static.onebb.com does not resolve to address 202.180.164.xxx: Name or service not known
原因是
host 202.180.164.xxx
解釋到
xxx.164.180.202.in-addr.arpa domain name pointer 164-xxx.static.onebb.com.
不過
ping 164-xxx.static.onebb.com
沒有反應或不相對
原因係
smtpd_peername_lookup (default: yes)
Attempt to look up the remote SMTP client hostname, and verify that the name matches the client IP address.
A client name is set to "unknown" when it cannot be looked up or verified, or when name lookup is disabled.
Turning off name lookup reduces delays due to DNS lookup and increases the maximal inbound delivery rate.
Duplicate(enable_original_recipient)
enable_original_recipient (default: yes)
Enable support for the "X-Original-To" message header. This header is needed for multi-recipient mailboxes.
When this parameter is set to
yes:
the cleanup(8) daemon performs duplicate elimination on distinct pairs of (original recipient, rewritten recipient),
and generates non-empty original recipient queue file records.
no:
the cleanup(8) daemon performs duplicate elimination on the rewritten recipient address only,
and generates empty original recipient queue file records.
Example:
[情況1]
u1@, u2@, u3@ -> datahunter@ # catchall / alias
假設有人發信到 u1@, u2@, u3@,
enable_original_recipient
- yes: datahunter@ # 用一個 S/N, 會收到 3 封信
- no: datahunter@ # 只收到 1 封信
[情況2]
假設有以下兩個 list
- all: admin@, info@
- manager: admin@, postmaster@
在 enable_original_recipient=yes 的情況下 (Default)
假設有人發信到 "all@" 及 "manager@", "admin" 就會收到 2 mail
Feb 5 12:55:01 mail postfix/smtp[3624]: ED3343FCE6: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=2, delays=1.3/0.02/0/0.67, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 908CA3FDB1)
在 "enable_original_recipient=no" 時
"admin" 只會收到 1 個 mail, 不過會無左 "orig_to=" 這有用的 info, 而且 log 會變成
Feb 5 12:28:43 mail postfix/qmgr[1681]: F217042105: from=<[email protected]>, size=1936, nrcpt=3 (queue active)
解決沒有了的 "orig_to="
方法1:
cleanup unix n - - - 0 cleanup -v
log 得太勁 ...
方法2:
main.cf:
smtpd_end_of_data_restrictions =
check_sender_access static:WARN log_orig_to
log
Dec 28 15:07:39 mail postfix/smtpd[29519]: 0FB5F21A91: warn: END-OF-MESSAGE from unknown[r.r.r.r]: log_orig_to; from=<sender@from> to=<recipient@to> proto=ESMTP helo=<myserver>
DNS lookup
# 找出有關 lookup setting
postconf | grep lookup
# deprecated, 建議改用 smtp_dns_support_level disable_dns_lookups = no empty_address_relayhost_maps_lookup_key = <> ignore_mx_lookup_error = no lmtp_host_lookup = dns smtp_host_lookup = dns smtpd_null_access_lookup_key = <> smtpd_peername_lookup = yes
<1> 如果想 lookup "/etc/hosts" 先, 那要以下 setting
# Default: smtp_host_lookup = dns smtp_host_lookup=native,dns
OR
smtp_dns_support_level=disabled
* 這樣會令到完全停了 MX lookup
較好的方法是
在 main.cf 加入
transport_maps = hash:/etc/postfix/transport_maps
在 transport_maps 加入
server.domain smtp:[192.168.0.2]:25
mailbox_command
mailbox_command (default: empty)
Optional external command that the local(8) delivery agent should use for mailbox delivery.
The command is run with the user ID and the primary group ID privileges of the recipient.
Exception: command delivery for root executes with $default_privs privileges.
This is not a problem, because 1) mail for root should always be aliased to a real user and 2) don't log in as root, use "su" instead.
The precedence of local(8) delivery features from high to low is:
- aliases
- .forward files
- mailbox_transport_maps
- mailbox_transport
- mailbox_command_maps
- mailbox_command
- home_mailbox
- mail_spool_directory
- fallback_transport_maps
- fallback_transport
- luser_relay
The following environment variables are exported to the command:
CLIENT_ADDRESS
Remote client network address. Available in Postfix version 2.2 and later.
CLIENT_HELO
Remote client EHLO command parameter. Available in Postfix version 2.2 and later.
CLIENT_HOSTNAME
Remote client hostname. Available in Postfix version 2.2 and later.
CLIENT_PROTOCOL
Remote client protocol. Available in Postfix version 2.2 and later.
DOMAIN
The domain part of the recipient address.
EXTENSION
The optional address extension.
HOME
The recipient home directory.
LOCAL
The recipient address localpart.
LOGNAME
The recipient's username.
ORIGINAL_RECIPIENT
The entire recipient address, before any address rewriting or aliasing.
RECIPIENT
The full recipient address.
SASL_METHOD
SASL authentication method specified in the remote client AUTH command. Available in Postfix version 2.2 and later.
SASL_SENDER
SASL sender address specified in the remote client MAIL FROM command. Available in Postfix version 2.2 and later.
SASL_USER
SASL username specified in the remote client AUTH command. Available in Postfix version 2.2 and later.
SENDER
The full sender address.
SHELL
The recipient's login shell.
USER
The recipient username.
Examples:
mailbox_command = /some/where/procmail mailbox_command = /some/where/procmail -a "$EXTENSION" mailbox_command = /some/where/maildrop -d "$USER" -f "$SENDER" "$EXTENSION"
應用: procmail
postfix using sub-interface IP to sent out mail
# 此 setting 不會影響 listen
# incoming 與 outgoing 用不同 IP
smtp unix - - n - - smtp -o smtp_bind_address=192.168.8.3
reject_unknown_X
reject_unknown_reverse_client_hostname (ip -> ptr)
Reject the request when the client IP address has no address->name mapping.
This is a weaker restriction than the reject_unknown_client_hostname feature,
It only that the address->name and name->address mappings exist
response code: unknown_client_reject_code (default: 450)
reject_unknown_client_hostname (ip -> ptr) & (ptr -> ip)
Reject the request when
1) the client IP address->name mapping fails,
2) the name->address mapping fails, or
3) the name->address mapping does not match the client IP address.
but also that the two mappings reproduce the client IP address.
response code: unknown_client_reject_code (default: 450)
reject_unknown_recipient_domain
加了它, 那 client 出信時, 如果 DNS lookup 唔到, 咁就會有 "Domain not found"
Reject the request when Postfix is not final destination for the recipient domain, and the RCPT TO domain has
1) no DNS MX and no DNS A record or
2) a malformed MX record such as a record with a zero-length MX hostname
The reply is specified with the "unknown_address_reject_code" (default: 450) and "unknown_address_tempfail_action" (default: defer_if_permit)
unknown_address_tempfail_action = $reject_tempfail_action reject_tempfail_action = defer_if_permit
reject_unknown_sender_domain
Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM domain
1) no DNS MX and no DNS A record
reject_unknown_helo_hostname
Reject the request when the HELO or EHLO hostname has no DNS A or MX record.
* helo name 不關 ptr 事
unknown_?_reject_code
# Postfix SMTP server rejects a sender or recipient address because its domain is unknown
# one of the possible replies from the restrictions reject_unknown_sender_domain and reject_unknown_recipient_domain
unknown_address_reject_code = 450
# hostname specified with the HELO or EHLO command
# rejected by the reject_unknown_helo_hostname restriction
unknown_hostname_reject_code = 554
defer_if_permit
Defer the request if some later restriction would result in an explicit or implicit PERMIT action.
smtpd_client_connection_count_limit
# Default: 50 smtpd_client_connection_count_limit = 50
The maximum number of connections that an SMTP client may make simultaneously.
log
Aug 3 11:57:00 ns8 postfix/smtpd[4678]: warning: Connection concurrency limit exceeded: 51 from unknown[x.x.x.x] for service smtp
chroot
Some Postfix processes are running in a chroot environment by default.
(用 /etc/postfix/master.cf 設定某會被 chroot)
Therefore there usually is something to provide them with the necessary files on startup.
cp /etc/resolv.conf /var/spool/postfix/etc
delay_warning_time
Default: 0h # Disable
the sender receives a copy of the message headers of mail that is still queued
confirm_delay_cleared
Default: no
After sending a "your message is delayed" notification, inform the sender when the delay clears up.
Domain not found
450 4.1.2 <x@Y>: Recipient address rejected: Domain not found
原因1: DNS timeout
原因2: chroot 了的 postfix 沒有 resolv.conf
fix_chroot_postfix.sh
#!/bin/bash # # copy all necessary files inside the chroot # cd /var/spool/postfix/etc cp -f /etc/resolv.conf ./ cp -f /etc/localtime ./ cp -f /etc/services ./ cp -f /etc/hosts ./ cp -f /etc/nsswitch.conf ./
限制一信可以 To, Cc, Bcc 幾多人
收信
smtpd_recipient_limit (default: 1000)
The maximal number of recipients that the Postfix SMTP server accepts per message delivery request.
(Submit mail via SMTP instead of /usr/sbin/sendmail)
測試
當 "smtpd_recipient_limit = 3" 時
C: mail from: [email protected] C: rcpt to: postmaster@A C: rcpt to: postmaster@B C: rcpt to: postmaster@C C: rcpt to: postmaster@D S: 452 4.5.3 Error: too many recipients C: data S: 354 End data with <CR><LF>.<CR><LF> C: test msg. C: . S: 250 2.0.0 Ok: queued as 44A083EAFE
出信
default_destination_recipient_limit (default: 50)
This is the default limit for delivery via the lmtp(8), pipe(8), smtp(8) and virtual(8) delivery agents.
Remark
transport_destination_recipient_limit
Troubleshoot
[1]
service postfix start
postfix: error while loading shared libraries: libmysqlclient.so.16: cannot open shared object file: No such file or directory
[fix]
find /usr -name libmysqlclient.so
/usr/lib64/libmysqlclient.so
ln -s /usr/lib64/libmysqlclient.so /usr/lib64/libmysqlclient.so.16
ldconfig
[2] virtual_alias_maps / catchall_maps 失效
Setting:
virtual_alias_maps = ... proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
log
... mail postfix/pipe[2284]: A444B3E94A: to=<[email protected]>,
relay=dovecot, delay=0.04, delays=0.02/0/0/0.02, dsn=5.1.1, status=bounced (user unknown)
[原因]
加了 "receive_override_options = no_address_mappings" 但沒有過 filter
no_address_mappings 功能:
防止 aliases (and other mappings) 展開