• Opret dig
  • Glemt adgangskode

User account menu

  • Artikler
  • Forside
  • Forum
  • Nyheder
  • Log ind
Hjem
LinuxIN.dk

Snak med

Opret dig!

Af peque | 23.06.2008 12:30

Problemer med Sendmail/postfix

Hjælp generelt
Heysa - Min situation i korte træk:
Jeg har installeret en ny mailserver på arbejdet - hvor den egentlig virker kanon - indtil at vi skulle sende mails ud fra enm andeen intern server og jeg kan ikke få den til at relaye:

Til at starte med:
SYSTEM -> er vores interne server - der skal sende mails ud igennem vores mailserver:
MAIL er vores mailserver.

System er konfiguret således:
Sendmail:
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/mail/sendmail.cf by running the following command:
dnl
dnl m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linux setup for Red Hat Linux')dnl
OSTYPE(`linux')
dnl Uncomment and edit the following line if your mail needs to be sent out
dnl through an external mail server:
define(`SMART_HOST',`mail.insatech.com')
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash /etc/mail/auth/client-info')dnl
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl The '-t' option will retry delivery if e.g. the user runs over his quota.
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl a kernel patch
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24x7 DNS do need this.
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`relay_based_on_MX')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl # FEATURE(`ms')
Cwlocalhost.localdomain

MAILSERVER
Kører postfix med følgende konfiguration:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/postfix/certs/mailcert.pem
smtpd_tls_key_file=/etc/postfix/certs/mailkey.pem
smtpd_tls_CAfile=/etc/postfix/certs/cacert.pem
smtpd_use_tls=yes
smtp_use_tls=yes
smtpd_discard_ehlo_keywords= silent-discard
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_recieved_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/random
tls_smtp_use_tls = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = insatech.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost = 172.16.50.3/32
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.50.0/23
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
transport_maps = hash:/etc/postfix/transport

####### SASL BITS ########
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
permit_mynetworks,
check_relay_domains
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes

######### Virtual User Configurations ##########
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit = 5120000000
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /storage
virtual_transport = virtual


###### Additional support for Quota
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_maildir_limit_message = Sorry - The maildir has overdrawn the diskspace quota - free up some spaces of your mailbox and try again...
virtual_overquota_bounce = yes

######### Spamfilter & Scanning
content_filter=smtp-amavis:[127.0.0.1]:10024


Logfiler:
SYSTEM:
Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5P022387: Authentication-Warning: hugin.insatech.com: mera set sender to [M0645260] using -f
Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5P022387: from=[M0645260], size=945, class=0, nrcpts=1, msgid=<200806231014.m5NAEj5P022387@hugin.insatech.com>, bodytype=8BITMIME, relay=mera@localhost
Jun 23 12:14:45 insa02 sendmail[22387]: STARTTLS=client, relay=mail.insatech.com, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5P022387: SYSERR(mera): hash map "authinfo": unsafe map file /etc/mail/auth/client-info.db: Permission denied
Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5P022387: to=sol@daka.dk, ctladdr=[M0645260] (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30945, relay=mail.insatech.com [172.16.50.6], dsn=5.7.1, stat=Service unavailable
Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5P022387: m5NAEj5Q022387: DSN: Service unavailable
Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5Q022387: to=[M0645260], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31969, relay=mail.insatech.com [172.16.50.6], dsn=2.0.0, stat=Sent (Ok: queued as 6541F1503B8)

Omkring authinfo filen - jeg ville bare gerne have at postfix tilladte at denne server på denne IP må sende lige så meget den kan/vil - da alt fra vores salgsorder,faktura system kommer derfra !


MAil
server fra samme tidspunkt:
Jun 23 12:14:43 sif postfix/smtpd[1431]: connect from unknown[172.16.50.3]
Jun 23 12:14:43 sif postfix/smtpd[1431]: setting up TLS connection from unknown[172.16.50.3]
Jun 23 12:14:43 sif postfix/smtpd[1431]: Anonymous TLS connection established from unknown[172.16.50.3]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jun 23 12:14:43 sif postfix/smtpd[1431]: NOQUEUE: reject: RCPT from unknown[172.16.50.3]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Jun 23 12:14:43 sif postfix/smtpd[1431]: 6541F1503B8: client=unknown[172.16.50.3]
Jun 23 12:14:43 sif postfix/cleanup[1466]: 6541F1503B8: message-id=<200806231014.m5NAEj5Q022387@hugin.insatech.com>
Jun 23 12:14:43 sif postfix/qmgr[913]: 6541F1503B8: from=<>, size=3389, nrcpt=1 (queue active)
Jun 23 12:14:43 sif postfix/smtpd[1431]: disconnect from unknown[172.16.50.3]

Hvor katten er det jeg over ser noget siden jeg ikke kan få den til at relaye for den server?
Alle mine klienter mm virker fantastisk!
  • Log ind eller opret dig for at tilføje kommentarer

Kommentarer2

# 1

17 år 5 måneder siden

Permalink

Indsendt af delpede den 24. juni 2008 kl. 09:23

Permalink

Re: Problemer med Sendmail/postfix

Det her her nok noget du skal have løst først.

Jun 23 12:14:45 insa02 sendmail[22387]: m5NAEj5P022387: SYSERR(mera): hash map "authinfo": unsafe map file /etc/mail/auth/client-info.db: Permission denied

Sendmail skal jo slå op i den db fil. Om det er hele problemet, kan jeg ikke lige svare på
  • Log ind eller opret dig for at tilføje kommentarer

# 2

17 år 5 måneder siden

Permalink

Indsendt af peque den 24. juni 2008 kl. 10:06

Permalink

Re: Problemer med Sendmail/postfix

Næææ min mening var nu mere at den skulle acceptere fra my_networks uden at skulle validere auth mm - Og dette ser efter ombytning af følgende :

smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
permit_mynetworks,
check_relay_domains

Til

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_relay_domains

Så fungerede det hele som det skulle uden problemer!
  • Log ind eller opret dig for at tilføje kommentarer

Svar søges

KDE overgår indsamlingsmålet for 2025 med rekordstor støtte fra lokalsamfundet 0
Zypper Package Manager brugervejledning til openSUSE brugere og deres derivater 0
KDE Spectacle tilføjer OCR understøttelse for at kopiere tekst direkte fra skærmbilleder 0
Deaktiverer alle AI-funktioner i Firefox Web Browser 0
Gratis solenergi, skrivebord og valg 0

Seneste aktivitet

Har brugt GLF OS, en NixOS-baseret distribution lavet i Frankrig. 1
Linuxin er nu migreret til Drupal 11 15
Flere genveje på Firefox skrivebordet 3
Dansk distro til software udviklere 3
Driver til min scanner? 3
Affinity V3 2
copy hvordan 1
Sortering af filer - sort of... 4
Det der ikke må galt gik galt 5
VPN — 8 tests, 1 klar vinder i 2025 3
Lidt nostalgi 1
Forum. 1
BigLinux 1
Mount btrfs-device fra ext4 8
Skal vi være nervøse? 22
How to upgrade to LMDE 7 6
Kontakt til dansk-gruppen 3
Internettet er ved at dø. Vi kan stadig stoppe det 1
Nørder søger nørder: Første Linux-brugergruppe på Mors 3
Østrigsk ministerium smider Microsoft ud til fordel for Nextcloud 1

© 2025 Linuxin og de respektive skribenter

Oprettet og drevet af nørder siden 2004 !