#26 Le 13/03/2009, à 01:11
- toniotonio
Re : [Résolu] postfix & address verify & co
fais voir ton postconf -n actuel
si ton verif fonctionne mal c'est que ta conf générale est bancale
tu peux utiliser un relay_recipient_maps a la place du verify mais c'a n'enlevera pas le fait que ta conf a un souci qu'il faut resoudre
Tutoriaux Postfix sur www.starbridge.org/spip
Messagerie Dédiée, Relais Mail Antispam/Antivirus, Infogérance 24/7: http://www.eole-its.com
Hors ligne
#27 Le 13/03/2009, à 16:20
- licks0re
Re : [Résolu] postfix & address verify & co
Voilà le postconf -n :
address_verify_map = btree:/var/lib/postfix/unknown_senders
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = cla.ch
myhostname = mailserver.cla.ch
mynetworks = 192.168.1.2, 192.168.1.3
myorigin = cla.ch
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions = permit_mynetworks, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient, check_recipient_access hash:/etc/postfix/verify_domains, permit
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/amavis_senderbypass
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
Je vais regarder la directive relay_recipient_maps que je ne connais pas.
Merci de l'aide apportée, c'est apprécié
G.
Dernière modification par licks0re (Le 13/03/2009, à 16:21)
Hors ligne
#28 Le 13/03/2009, à 18:12
- toniotonio
Re : [Résolu] postfix & address verify & co
je ne vois pas le parametre relay_domains ?
Tutoriaux Postfix sur www.starbridge.org/spip
Messagerie Dédiée, Relais Mail Antispam/Antivirus, Infogérance 24/7: http://www.eole-its.com
Hors ligne
#29 Le 16/03/2009, à 09:31
- licks0re
Re : [Résolu] postfix & address verify & co
J'ai fait le changement et j'ai explicitement renseigné les domaines que je vais relayer.
Mon postconf -n est maintenant :
address_verify_map = btree:/var/lib/postfix/unknown_senders
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = cla.ch
myhostname = mailserver.cla.ch
mynetworks = 192.168.1.10, 192.168.1.11
myorigin = cla.ch
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains = cla.ch, clb.ch, clc.ch, wnet.cla.ch
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions = permit_mynetworks, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient, check_recipient_access hash:/etc/postfix/verify_domains, check_sender_access hash:/etc/postfix/sender_access, permit
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/amavis_senderbypass, reject_unauth_destination, reject_unknown_recipient_domain
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
Dernière modification par licks0re (Le 16/03/2009, à 11:27)
Hors ligne
#30 Le 16/03/2009, à 11:45
- licks0re
Re : [Résolu] postfix & address verify & co
Et dans le master .cf, y'a rien à spécifier en terme de vérification d'adresse?
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
#Amavis
smtp-amavis unix - - y - 5 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks
Hors ligne
#31 Le 16/03/2009, à 13:42
- licks0re
Re : [Résolu] postfix & address verify & co
Ca bounce toujours, mais en fait, voici un log *complet* d'un mail avec le verify qui plante. Je me suis rendu compte que dans mes exemples d'avant, il m'en manquait un morceau .. (je vais m'auto flageller, pas de prob... )
Les 3 phases du message ci dessous:
Phase 1 : reception du message. La source indique bien une ip d'un load balancer.
Mar 16 13:34:08 mailserver postfix/smtpd[3841]: 92EC735540: client=lb1.cla.ch[192.168.1.10]
Mar 16 13:34:08 mailserver postfix/cleanup[3843]: 92EC735540: message-id=<000d01c9a633$35eeb8b0$6400a8c0@carpetbaggedrx6>
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: 92EC735540: from=<carpetbaggedrx6@dubaku.com>, size=2621, nrcpt=1 (queue active)
Mar 16 13:34:08 mailserver postfix/smtp[3844]: 92EC735540: to=<tluthfr@clb.ch>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.24, delays=0.05/0/0.01/0.19, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03322-14, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C484335543)
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: 92EC735540: removed
Phase 2 : le message revient du content filtering et c'est seulement maintenant que le nextsmtp répond une erreur 550 pour "No such user".
Mar 16 12:34:08 mailserver postfix/smtpd[3847]: C484335543: client=unknown[127.0.0.1]
Mar 16 13:34:08 mailserver postfix/cleanup[3843]: C484335543: message-id=<000d01c9a633$35eeb8b0$6400a8c0@carpetbaggedrx6>
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: C484335543: from=<carpetbaggedrx6@dubaku.com>, size=3074, nrcpt=1 (queue active)
Mar 16 13:34:08 mailserver amavis[3322]: (03322-14) Passed CLEAN, MYNETS LOCAL [10.18.36.121] [58.187.177.48] <carpetbaggedrx6@dubaku.com> -> <tluthfr@clb.ch>, Message-ID: <000d01c9a633$35eeb8b0$6400a8c0@carpetbaggedrx6>, mail_id: zOGBv-arbeel, Hits: -, size: 2621, queued_as: C484335543, 175 ms
Mar 16 13:34:08 mailserver postfix/smtp[3844]: 92EC735540: to=<tluthfr@clb.ch>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.24, delays=0.05/0/0.01/0.19, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03322-14, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C484335543)
Mar 16 13:34:08 mailserver postfix/smtp[3848]: C484335543: to=<tluthfr@clb.ch>, relay=nextsmtp[192.168.1.50]:25, delay=0.04, delays=0.01/0/0/0.03, dsn=5.0.0, status=bounced (host nextsmtp[192.168.1.50] said: 550 tluthfr@clb.ch... No such user (in reply to RCPT TO command))
Mar 16 13:34:08 mailserver postfix/bounce[3866]: C484335543: sender non-delivery notification: CEC3835547
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: C484335543: removed
Phase 3 : génération du message de bounce et mise en deferred queue. (connection refused par le firewall)
Mar 16 13:34:08 mailserver postfix/cleanup[3843]: CEC3835547: message-id=<20090316123408.CEC3835547@mailserver.unog.ch>
Mar 16 13:34:08 mailserver postfix/bounce[3866]: C484335543: sender non-delivery notification: CEC3835547
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: CEC3835547: from=<>, size=5121, nrcpt=1 (queue active)
Mar 16 13:34:09 mailserver postfix/smtp[3848]: CEC3835547: to=<carpetbaggedrx6@dubaku.com>, relay=none, delay=0.16, delays=0.01/0/0.15/0, dsn=4.4.1, status=deferred (connect to mail.dubaku.com[80.247.71.56]:25: Connection refused)
Est ce qu'il y a moyen d'avoir plus de détails sur les transactions du processus verify?
Merci d'avance,
G.
Dernière modification par licks0re (Le 16/03/2009, à 14:41)
Hors ligne
#32 Le 16/03/2009, à 15:49
- licks0re
Re : [Résolu] postfix & address verify & co
Après avoir tout relu les messages de toniotonio, repassé au crible les lignes de mon main.cf 1à 1, j'ai compris que ce qui me foutais le bazard était la directive "mynetworks".
J'avais "mynetworks = loadbalancer1, loadbalancer2" et je me suis rendu compte que le verify map marchait très bien d'une machine X mais que cela ne marchait pas pour les loadbalancers. Comme il n'y avait que cette directive qui mentionnait l'ip des 2 dits loadbalancers, j'ai remplacé la ligne "mynetworks = loadbalancer1, loadbalancer2" par
"mynetworks = 127.0.0.0/8"
Bingo, les adresses sont maintenant vérifiées à chaque fois, je vois bien les mails de check from "double-bounce" etc etc etc....
Merci beaucoup pour ton aide toniotonio, tu m'a mis sur la piste plus d'une fois et j'aurai du être plus attentif la semaine dernière. Si je pouvais, je t'enverrai des chocolats par mail! Merci merci merci pour les indices
Et bonne semaine, qui tout compte fait ne commence pas si mal
Hors ligne