Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1 2

#26 Le 13/03/2009, à 01:11

toniotonio

Re : [Résolu] postfix & address verify & co

fais voir ton postconf -n actuel

si ton verif fonctionne mal c'est que ta conf générale est bancale

tu peux utiliser un relay_recipient_maps a la place du verify mais c'a n'enlevera pas le fait que ta conf a un souci qu'il faut resoudre

Tutoriaux Postfix sur www.starbridge.org/spip
Messagerie Dédiée, Relais Mail Antispam/Antivirus, Infogérance 24/7: http://www.eole-its.com

Hors ligne

#27 Le 13/03/2009, à 16:20

licks0re

Re : [Résolu] postfix & address verify & co

Voilà le postconf -n :

address_verify_map = btree:/var/lib/postfix/unknown_senders
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = cla.ch
myhostname = mailserver.cla.ch
mynetworks = 192.168.1.2, 192.168.1.3
myorigin = cla.ch
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions = permit_mynetworks,  permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,    reject_non_fqdn_hostname,       reject_invalid_hostname,        permit
smtpd_recipient_restrictions = reject_unauth_pipelining,        permit_mynetworks,      reject_non_fqdn_recipient,              reject_unauth_destination,      reject_unknown_recipient_domain,      reject_unverified_recipient,    check_recipient_access hash:/etc/postfix/verify_domains,        permit
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/amavis_senderbypass
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

Je vais regarder la directive relay_recipient_maps que je ne connais pas.

Merci de l'aide apportée, c'est apprécié smile

G.

Dernière modification par licks0re (Le 13/03/2009, à 16:21)

Hors ligne

#28 Le 13/03/2009, à 18:12

toniotonio

Re : [Résolu] postfix & address verify & co

je ne vois pas le parametre relay_domains ?

Tutoriaux Postfix sur www.starbridge.org/spip
Messagerie Dédiée, Relais Mail Antispam/Antivirus, Infogérance 24/7: http://www.eole-its.com

Hors ligne

#29 Le 16/03/2009, à 09:31

licks0re

Re : [Résolu] postfix & address verify & co

J'ai fait le changement et j'ai explicitement renseigné les domaines que je vais relayer.

Mon postconf -n est maintenant :

address_verify_map = btree:/var/lib/postfix/unknown_senders
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = cla.ch
myhostname = mailserver.cla.ch
mynetworks = 192.168.1.10, 192.168.1.11
myorigin = cla.ch
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains = cla.ch, clb.ch, clc.ch, wnet.cla.ch
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions = permit_mynetworks,  permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,    reject_non_fqdn_hostname,       reject_invalid_hostname,        permit
smtpd_recipient_restrictions = reject_unauth_pipelining,        permit_mynetworks,      reject_non_fqdn_recipient,              reject_unauth_destination,      reject_unknown_recipient_domain,  reject_unverified_recipient,    check_recipient_access hash:/etc/postfix/verify_domains,        check_sender_access  hash:/etc/postfix/sender_access,     permit
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/amavis_senderbypass, reject_unauth_destination, reject_unknown_recipient_domain
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

Dernière modification par licks0re (Le 16/03/2009, à 11:27)

Hors ligne

#30 Le 16/03/2009, à 11:45

licks0re

Re : [Résolu] postfix & address verify & co

Et dans le master .cf, y'a rien à spécifier en terme de vérification d'adresse?

#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#submission inet n      -       n       -       -       smtpd
#       -o smtpd_etrn_restrictions=reject
#       -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps    inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_etrn_restrictions=reject
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

#Amavis

smtp-amavis unix -      -       y       -       5  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       y       -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks

Hors ligne

#31 Le 16/03/2009, à 13:42

licks0re

Re : [Résolu] postfix & address verify & co

Ca bounce toujours, mais en fait, voici un log *complet* d'un mail avec le verify qui plante. Je me suis rendu compte que dans mes exemples d'avant, il m'en manquait un morceau .. (je vais m'auto flageller, pas de prob... roll)

Les 3 phases du message ci dessous:

Phase 1 : reception du message. La source indique bien une ip d'un load balancer.

Mar 16 13:34:08 mailserver postfix/smtpd[3841]: 92EC735540: client=lb1.cla.ch[192.168.1.10]
Mar 16 13:34:08 mailserver postfix/cleanup[3843]: 92EC735540: message-id=<000d01c9a633$35eeb8b0$6400a8c0@carpetbaggedrx6>
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: 92EC735540: from=<carpetbaggedrx6@dubaku.com>, size=2621, nrcpt=1 (queue active)
Mar 16 13:34:08 mailserver postfix/smtp[3844]: 92EC735540: to=<tluthfr@clb.ch>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.24, delays=0.05/0/0.01/0.19, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03322-14, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C484335543)
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: 92EC735540: removed

Phase 2 : le message revient du content filtering et c'est seulement maintenant que le nextsmtp répond une erreur 550 pour "No such user".

Mar 16 12:34:08 mailserver postfix/smtpd[3847]: C484335543: client=unknown[127.0.0.1]
Mar 16 13:34:08 mailserver postfix/cleanup[3843]: C484335543: message-id=<000d01c9a633$35eeb8b0$6400a8c0@carpetbaggedrx6>
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: C484335543: from=<carpetbaggedrx6@dubaku.com>, size=3074, nrcpt=1 (queue active)
Mar 16 13:34:08 mailserver amavis[3322]: (03322-14) Passed CLEAN, MYNETS LOCAL [10.18.36.121] [58.187.177.48] <carpetbaggedrx6@dubaku.com> -> <tluthfr@clb.ch>, Message-ID: <000d01c9a633$35eeb8b0$6400a8c0@carpetbaggedrx6>, mail_id: zOGBv-arbeel, Hits: -, size: 2621, queued_as: C484335543, 175 ms
Mar 16 13:34:08 mailserver postfix/smtp[3844]: 92EC735540: to=<tluthfr@clb.ch>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.24, delays=0.05/0/0.01/0.19, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03322-14, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C484335543)
Mar 16 13:34:08 mailserver postfix/smtp[3848]: C484335543: to=<tluthfr@clb.ch>, relay=nextsmtp[192.168.1.50]:25, delay=0.04, delays=0.01/0/0/0.03, dsn=5.0.0, status=bounced (host nextsmtp[192.168.1.50] said: 550 tluthfr@clb.ch... No such user (in reply to RCPT TO command))
Mar 16 13:34:08 mailserver postfix/bounce[3866]: C484335543: sender non-delivery notification: CEC3835547
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: C484335543: removed

Phase 3 : génération du message de bounce et mise en deferred queue. (connection refused par le firewall)

Mar 16 13:34:08 mailserver postfix/cleanup[3843]: CEC3835547: message-id=<20090316123408.CEC3835547@mailserver.unog.ch>
Mar 16 13:34:08 mailserver postfix/bounce[3866]: C484335543: sender non-delivery notification: CEC3835547
Mar 16 13:34:08 mailserver postfix/qmgr[3792]: CEC3835547: from=<>, size=5121, nrcpt=1 (queue active)
Mar 16 13:34:09 mailserver postfix/smtp[3848]: CEC3835547: to=<carpetbaggedrx6@dubaku.com>, relay=none, delay=0.16, delays=0.01/0/0.15/0, dsn=4.4.1, status=deferred (connect to mail.dubaku.com[80.247.71.56]:25: Connection refused)

Est ce qu'il y a moyen d'avoir plus de détails sur les transactions du processus verify?
Merci d'avance,
G.

Dernière modification par licks0re (Le 16/03/2009, à 14:41)

Hors ligne

#32 Le 16/03/2009, à 15:49

licks0re

Re : [Résolu] postfix & address verify & co

big_smile

Après avoir tout relu les messages de toniotonio, repassé au crible les lignes de mon main.cf 1à 1, j'ai compris que ce qui me foutais le bazard était la directive "mynetworks".

J'avais "mynetworks = loadbalancer1, loadbalancer2" et je me suis rendu compte que le verify map marchait très bien d'une machine X mais que cela ne marchait pas pour les loadbalancers. Comme il n'y avait que cette directive qui mentionnait l'ip des 2 dits loadbalancers, j'ai remplacé la ligne "mynetworks = loadbalancer1, loadbalancer2"  par

"mynetworks = 127.0.0.0/8"

Bingo, les adresses sont maintenant vérifiées à chaque fois, je vois bien les mails de check from "double-bounce" etc etc etc....

Merci beaucoup pour ton aide toniotonio, tu m'a mis sur la piste plus d'une fois et j'aurai du être plus attentif la semaine dernière. Si je pouvais, je t'enverrai des chocolats par mail! Merci merci merci pour les indices smile

Et bonne semaine, qui tout compte fait ne commence pas si mal wink big_smile big_smile big_smile cool

Hors ligne

Pages : 1 2