我有一台使用Postfix(3.1.0)和Dovecot的新电子邮件服务器。我设法在客户端和服务器之间建立了TLS连接,但是遇到了一个奇怪的问题。每当我尝试发送电子邮件时,都会出现以下错误:554 5.7.1-中继访问被拒绝。
我搜索了此错误,发现需要设置smtpd_relay_restrictions,所以我尝试了。但是什么都没有改变。然后我添加了smtpd_sender_restrictions,但再次没有任何变化。
我尝试将电子邮件发送到不同的域,并在客户端设备上使用不同的网络。同样的错误。
这是我的main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = class
mailbox_size_limit = 0
home_mailbox = Maildir/
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.ro/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.ro/privkey.pem
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext,noanonymous
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
什么会产生此错误?
最佳答案
在Postfix设置方面:
对我来说,它看起来像您的“ mynetworks”设置:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
将仅允许通过IPv4 / IPv6为本地主机上的客户端中继。
如果客户端位于具有192.168.0.100的LAN IP的同一LAN上,我相信您需要进行如下设置:
mynetworks = 127.0.0.0/8 192.168.0.100 [::ffff:127.0.0.0]/104 [::1]/128
如果客户端以9.9.9.9的IP上网,我相信您需要进行以下设置:
mynetworks = 127.0.0.0/8 9.9.9.9 [::ffff:127.0.0.0]/104 [::1]/128
有帮助吗?
至于dovecot,在Wiki上有一个有用的页面-如果尚未安装,则将dovecot配置为要求ssl / tls进行身份验证登录更安全:
https://wiki.dovecot.org/SSL/DovecotConfiguration