553 5.7.1 Sender address rejected: not logged in

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

553 5.7.1 Sender address rejected: not logged in

Andreas Günther

Hallo und guten Abend,

 

ich habe einen Gateway-Mailserver mit Postfix 2.11.3 auf Debian Jessie für mehrere Domains laufen. Auf einem Apache-Server mit Postfix 3.1.6 ist ein Smartrelay-Server eingerichtet, damit meine Typo3-Installationen (v8.7.8) per "sendmail -t -i" Formulare versenden können. Dazu habe ich [hidden email] auf dem Gateway-Mailserver eingerichtet und die LocalConfiguration.php.

 

Der Versand vom Smartrelay-Server zum Gateway-Mailserver klappt auch. Nur Letzterer meldet dann:


"
553 5.7.1<[hidden email]>: Sender address rejected: not logged in (in reply to RCPT TO command)"
Das habe ich insoweit so verstanden, dass,
wenn man als Absender (Envelope From), eine Mail angibt welche auch ein Postfach auf dem Empfängersystem besitzt, Postfix die Mail ablehnt.

 

Wie kann ich das jetzt lösen? Wenn [hidden email] nicht auf dem Mailserver existiert, dann wird die Mail vom Smartrelay-Server gar nicht akzeptiert.

 

Anbei meine main.cf:

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

append_dot_mydomain = no

biff = no

bounce_queue_lifetime = 1d

broken_sasl_auth_clients = yes

config_directory = /etc/postfix

disable_vrfy_command = yes

html_directory = /usr/share/doc/postfix/html

inet_interfaces = all

inet_protocols = all

mailbox_size_limit = 0

maximal_backoff_time = 1800s

maximal_queue_lifetime = 1d

message_size_limit = 26214400

milter_default_action = accept

milter_protocol = 6

minimal_backoff_time = 300s

mydestination = mail.example.de, localhost.example.de, localhost

myhostname = mail.example.de

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.4/32

myorigin = /etc/mailname

non_smtpd_milters = inet:127.0.0.1:10040

postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr

postscreen_bare_newline_enable = no

postscreen_blacklist_action = drop

postscreen_cache_cleanup_interval = 24h

postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache

postscreen_dnsbl_action = enforce

postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.4*1 hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2

postscreen_dnsbl_threshold = 8

postscreen_dnsbl_ttl = 5m

postscreen_greet_action = enforce

postscreen_greet_banner = $smtpd_banner

postscreen_greet_ttl = 2d

postscreen_greet_wait = 3s

postscreen_non_smtp_command_enable = no

postscreen_pipelining_enable = no

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps

queue_run_delay = 300s

readme_directory = /usr/share/doc/postfix

recipient_delimiter = +

relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf

relay_recipient_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf

relayhost =

smtp_header_checks = pcre:/etc/postfix/anonymize_headers.pcre

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtp_tls_cert_file = /etc/ssl/mail/mail.crt

smtp_tls_key_file = /etc/ssl/mail/mail.key

smtp_tls_loglevel = 1

smtp_tls_security_level = may

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_banner = $myhostname

smtpd_data_restrictions = reject_unauth_pipelining, permit

smtpd_delay_reject = yes

smtpd_error_sleep_time = 10s

smtpd_hard_error_limit = ${stress?1}${stress:5}

smtpd_helo_required = yes

smtpd_milters = inet:127.0.0.1:10040

smtpd_proxy_timeout = 600s

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access

smtpd_restriction_classes = z1_greylisting

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = private/auth_dovecot

smtpd_sasl_type = dovecot

smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_sender_acl.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf

smtpd_sender_restrictions = reject_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain

smtpd_soft_error_limit = 3

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/ssl/private/mail.example.de.crt

smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem

smtpd_tls_eecdh_grade = strong

smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA

smtpd_tls_key_file = /etc/ssl/private/mail.example.de.key

smtpd_tls_loglevel = 1

smtpd_tls_mandatory_ciphers = high

smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

virtual_gid_maps = static:5000

virtual_mailbox_base = /var/vmail/

virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

virtual_minimum_uid = 104

virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_uid_maps = static:5000

z1_greylisting = permit_dnswl_client list.dnswl.org, check_policy_service inet:127.0.0.1:10023

 

Die master.cf:

 

smtp inet n - n - 1 postscreen

 

smtpd pass - - n - - smtpd

-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname

-o smtpd_proxy_filter=127.0.0.1:10025

-o smtpd_client_connection_count_limit=10

-o smtpd_proxy_options=speed_adjust

 

smtps inet n - n - - smtpd

-o smtpd_tls_wrappermode=yes

-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

-o smtpd_proxy_filter=127.0.0.1:10025

-o smtpd_client_connection_count_limit=10

-o smtpd_proxy_options=speed_adjust

 

submission inet n - - - - smtpd

-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

-o smtpd_proxy_filter=127.0.0.1:10025

-o smtpd_client_connection_count_limit=10

-o smtpd_proxy_options=speed_adjust

-o smtpd_enforce_tls=yes

-o smtpd_tls_security_level=encrypt

-o tls_preempt_cipherlist=yes

 

tlsproxy unix - - n - 0 tlsproxy

dnsblog unix - - n - 0 dnsblog

pickup fifo n - - 60 1 pickup

cleanup unix n - - - 0 cleanup

qmgr fifo n - n 300 1 qmgr

tlsmgr unix - - - 1000? 1 tlsmgr

rewrite unix - - - - - trivial-rewrite

bounce unix - - - - 0 bounce

defer unix - - - - 0 bounce

trace unix - - - - 0 bounce

verify unix - - - - 1 verify

flush unix n - - 1000? 0 flush

proxymap unix - - n - - proxymap

proxywrite unix - - n - 1 proxymap

smtp unix - - - - - smtp

relay unix - - - - - smtp

showq unix n - - - - showq

error unix - - - - - error

retry unix - - - - - error

discard unix - - - - - discard

local unix - n n - - local

virtual unix - n n - - virtual

lmtp unix - - - - - lmtp

anvil unix - - - - 1 anvil

scache unix - - - - 1 scache

maildrop unix - n n - - pipe

flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

uucp unix - n n - - pipe

flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail unix - n n - - pipe

flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix - n n - - pipe

flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient

scalemail-backend unix - n n - 2 pipe

flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

mailman unix - n n - - pipe

flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

${nexthop} ${user}

127.0.0.1:10026 inet n - n - - smtpd

-o smtpd_authorized_xforward_hosts=127.0.0.0/8

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o smtpd_data_restrictions=

-o mynetworks=127.0.0.0/8

-o receive_override_options=no_unknown_recipient_checks

-o smtpd_milters=inet:127.0.0.1:10040

 

 

Das Log auf dem Smartrelay, dem Webserver bei Versenden einer Typo3-Testmail:

Nov 24 17:18:03 apache2425 postfix/pickup[13062]: D6D8A6A: uid=33 from=<[hidden email]>

Nov 24 17:18:03 apache2425 postfix/cleanup[13364]: D6D8A6A: message-id=<[hidden email]>

Nov 24 17:18:03 apache2425 postfix/qmgr[12429]: D6D8A6A: from=<[hidden email]>, size=937, nrcpt=1 (queue active)

Nov 24 17:18:04 apache2425 postfix/smtp[13368]: D6D8A6A: to=<[hidden email]>, relay=mail.example.de[187.54.78.28]:25, delay=0.48, delays=0.13/0.01/0.24/0.1, dsn=5.7.1, status=bounced (host mail.example.de[187.54.78.28] said: 553 5.7.1 <[hidden email]>: Sender address rejected: not logged in (in reply to RCPT TO command))

Nov 24 17:18:04 apache2425 postfix/cleanup[13364]: 400446B: message-id=<[hidden email]>

Nov 24 17:18:04 apache2425 postfix/bounce[13369]: D6D8A6A: sender non-delivery notification: 400446B

Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: 400446B: from=<>, size=3141, nrcpt=1 (queue active)

Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: D6D8A6A: removed

Nov 24 17:18:08 apache2425 postfix/smtp[13368]: 400446B: to=<[hidden email]>, relay=mail.example.de[187.54.78.28]:25, delay=4, delays=0.06/0/0.02/3.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 58C3E121253)

Nov 24 17:18:08 apache2425 postfix/qmgr[12429]: 400446B: removed

 

Das Log passend auf dem Mailserver:

 

Nov 24 17:18:03 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:60636 to [192.168.1.2]:25

Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60636

Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-example.com[187.54.78.30]

Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: reject: RCPT from apache2.it-example.com[187.54.78.30]: 553 5.7.1 <[hidden email]>: Sender address rejected: not logged in; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<apache2425.it-example.com>

Nov 24 17:18:04 mail postfix/smtpd[4542]: disconnect from apache2.it-example.com[187.54.78.30]

Nov 24 17:18:04 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:60638 to [192.168.1.2]:25

Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60638

Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-example.com[187.54.78.30]

Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: client=apache2.it-example.com[187.54.78.30]

Nov 24 17:18:04 mail postfix/smtpd[4543]: connect from localhost[127.0.0.1]

Nov 24 17:18:04 mail postfix/smtpd[4543]: 58C3E121253: client=localhost[127.0.0.1], orig_client=apache2.it-example.com[187.54.78.30]

Nov 24 17:18:04 mail spamd[2227]: spamd: got connection over /var/run/spamd.sock

Nov 24 17:18:04 mail spamd[2227]: spamd: processing message <[hidden email]> for (unknown):113

Nov 24 17:18:08 mail spamd[2227]: spamd: clean message (-1.1/3.0) for (unknown):113 in 3.7 seconds, 3345 bytes.

Nov 24 17:18:08 mail spamd[2227]: spamd: result: . -1 - BAYES_00,HTML_MESSAGE,MPART_ALT_DIFF,URIBL_BLOCKED scantime=3.7,size=3345,user=(unknown),uid=113,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<[hidden email]>,bayes=0.000000,autolearn=no autolearn_force=no

Nov 24 17:18:08 mail postfix/cleanup[4544]: 58C3E121253: message-id=<[hidden email]>

Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signing table match for '[hidden email]'

Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signature data

Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: from=<>, size=3871, nrcpt=1 (queue active)

Nov 24 17:18:08 mail postfix/smtpd[4542]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as 58C3E121253; from=<> to=<[hidden email]> proto=ESMTP helo=<apache2425.it-example.com>

Nov 24 17:18:08 mail postfix/smtpd[4542]: disconnect from apache2.it-example.com[187.54.78.30]

Nov 24 17:18:08 mail postfix/smtpd[4543]: disconnect from localhost[127.0.0.1]

Nov 24 17:18:08 mail spamd[30677]: prefork: child states: II

Nov 24 17:18:08 mail postfix/lmtp[4547]: 58C3E121253: to=<[hidden email]>, orig_to=<[hidden email]>, relay=mail.example.de[private/dovecot-lmtp], delay=4.2, delays=3.9/0.01/0/0.27, dsn=2.0.0, status=sent (250 2.0.0 <[hidden email]> jxluD0BGGFrEEQAAvAY5HQ Saved)

Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: removed

 

Ich würde mich über hilfreiche Antworten freuen.

 

Grüße

 

Andreas

 

Reply | Threaded
Open this post in threaded view
|

Re: 553 5.7.1 Sender address rejected: not logged in

Alex JOST
Am 24.11.2017 um 17:48 schrieb Andreas Günther:

> Hallo und guten Abend,
>
> ich habe einen Gateway-Mailserver mit Postfix 2.11.3 auf Debian Jessie für
> mehrere Domains laufen. Auf einem Apache-Server mit Postfix 3.1.6 ist ein
> Smartrelay-Server eingerichtet, damit meine Typo3-Installationen (v8.7.8) per
> "sendmail -t -i" Formulare versenden können. Dazu habe ich [hidden email]
> auf dem Gateway-Mailserver eingerichtet und die LocalConfiguration.php.
>
> Der Versand vom Smartrelay-Server zum Gateway-Mailserver klappt auch. Nur
> Letzterer meldet dann:
>
> "553 5.7.1<[hidden email]>: Sender address rejected: not logged in (in
> reply to RCPT TO command)"
> Das habe ich insoweit so verstanden, dass, wenn man als Absender (Envelope
> From), eine Mail angibt welche auch ein Postfach auf dem Empfängersystem
> besitzt, Postfix die Mail ablehnt.
>
> Wie kann ich das jetzt lösen? Wenn [hidden email] nicht auf dem Mailserver
> existiert, dann wird die Mail vom Smartrelay-Server gar nicht akzeptiert.
>
> Anbei meine main.cf:
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 1d
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> mailbox_size_limit = 0
> maximal_backoff_time = 1800s
> maximal_queue_lifetime = 1d
> message_size_limit = 26214400
> milter_default_action = accept
> milter_protocol = 6
> minimal_backoff_time = 300s
> mydestination = mail.example.de, localhost.example.de, localhost
> myhostname = mail.example.de
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.4/32
> myorigin = /etc/mailname
> non_smtpd_milters = inet:127.0.0.1:10040
> postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
> postscreen_access.cidr
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = drop
> postscreen_cache_cleanup_interval = 24h
> postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7
> dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5
> bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8
> dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3
> dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2
> dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8
> zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4
> zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3
> hostkarma.junkemailfilter.com=127.0.0.4*1
> hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
> [18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_ttl = 5m
> postscreen_greet_action = enforce
> postscreen_greet_banner = $smtpd_banner
> postscreen_greet_ttl = 2d
> postscreen_greet_wait = 3s
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
> $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
> $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
> $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
> $smtpd_sender_login_maps
> queue_run_delay = 300s
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf
> relay_recipient_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_maps.cf
> relayhost =
> smtp_header_checks = pcre:/etc/postfix/anonymize_headers.pcre
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> smtp_tls_cert_file = /etc/ssl/mail/mail.crt
> smtp_tls_key_file = /etc/ssl/mail/mail.key
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 10s
> smtpd_hard_error_limit = ${stress?1}${stress:5}
> smtpd_helo_required = yes
> smtpd_milters = inet:127.0.0.1:10040
> smtpd_proxy_timeout = 600s
> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
> reject_unknown_reverse_client_hostname, reject_unauth_destination,
> check_sender_access hash:/etc/postfix/sender_access
> smtpd_restriction_classes = z1_greylisting
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_path = private/auth_dovecot
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_sender_acl.cf, proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_maps.cf
> smtpd_sender_restrictions = reject_sender_login_mismatch, permit_mynetworks,
> reject_sender_login_mismatch, permit_sasl_authenticated,
> reject_unlisted_sender, reject_unknown_sender_domain

Ist Dein webserver in 'mynetworks' enthalten? Dann dürfte das Problem
gelöst sein, wenn Du 'permit_mynetworks' vor
'reject_sender_login_mismatch' setzt.


> smtpd_soft_error_limit = 3
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/private/mail.example.de.crt
> smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
> smtpd_tls_eecdh_grade = strong
> smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA
> smtpd_tls_key_file = /etc/ssl/private/mail.example.de.key
> smtpd_tls_loglevel = 1
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA
> +SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:
> +SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!
> ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
> proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/
> etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/
> sql/mysql_virtual_alias_domain_catchall_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_domains_maps.cf
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/
> mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/
> mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_minimum_uid = 104
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> virtual_uid_maps = static:5000
> z1_greylisting = permit_dnswl_client list.dnswl.org, check_policy_service
> inet:127.0.0.1:10023
>
> Die master.cf:
>
> smtp      inet  n       -       n       -       1       postscreen
>
> smtpd      pass  -       -       n       -       -       smtpd
>    -o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
>    -o smtpd_proxy_filter=127.0.0.1:10025
>    -o smtpd_client_connection_count_limit=10
>    -o smtpd_proxy_options=speed_adjust
>
> smtps    inet  n       -       n       -       -       smtpd
>    -o smtpd_tls_wrappermode=yes
>    -o
> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>    -o smtpd_proxy_filter=127.0.0.1:10025
>    -o smtpd_client_connection_count_limit=10
>    -o smtpd_proxy_options=speed_adjust
>
> submission inet n       -       -       -       -       smtpd
>    -o
> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>    -o smtpd_proxy_filter=127.0.0.1:10025
>    -o smtpd_client_connection_count_limit=10
>    -o smtpd_proxy_options=speed_adjust
>    -o smtpd_enforce_tls=yes
>    -o smtpd_tls_security_level=encrypt
>    -o tls_preempt_cipherlist=yes
>
> tlsproxy  unix  -       -       n       -       0       tlsproxy
> dnsblog   unix  -       -       n       -       0       dnsblog
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> proxywrite unix -       -       n       -       1       proxymap
> smtp      unix  -       -       -       -       -       smtp
> relay     unix  -       -       -       -       -       smtp
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> retry     unix  -       -       -       -       -       error
> discard   unix  -       -       -       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       -       -       -       lmtp
> anvil     unix  -       -       -       -       1       anvil
> scache    unix  -       -       -       -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $
> {nexthop} ${user} ${extension}
> mailman   unix  -       n       n       -       -       pipe
>    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>    ${nexthop} ${user}
> 127.0.0.1:10026 inet n - n - - smtpd
>    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>    -o smtpd_client_restrictions=
>    -o smtpd_helo_restrictions=
>    -o smtpd_sender_restrictions=
>    -o smtpd_recipient_restrictions=permit_mynetworks,reject
>    -o smtpd_data_restrictions=
>    -o mynetworks=127.0.0.0/8
>    -o receive_override_options=no_unknown_recipient_checks
>    -o smtpd_milters=inet:127.0.0.1:10040
>
>
> Das Log auf dem Smartrelay, dem Webserver bei Versenden einer Typo3-Testmail:
> Nov 24 17:18:03 apache2425 postfix/pickup[13062]: D6D8A6A: uid=33
> from=<[hidden email]>
> Nov 24 17:18:03 apache2425 postfix/cleanup[13364]: D6D8A6A: message-
> id=<[hidden email]>
> Nov 24 17:18:03 apache2425 postfix/qmgr[12429]: D6D8A6A: from=<noreply@it-
> example.com>, size=937, nrcpt=1 (queue active)
> Nov 24 17:18:04 apache2425 postfix/smtp[13368]: D6D8A6A: to=<info@it-
> example.com>, relay=mail.example.de[187.54.78.28]:25, delay=0.48,
> delays=0.13/0.01/0.24/0.1, dsn=5.7.1, status=bounced (host
> mail.example.de[187.54.78.28] said: 553 5.7.1 <[hidden email]>: Sender
> address rejected: not logged in (in reply to RCPT TO command))
> Nov 24 17:18:04 apache2425 postfix/cleanup[13364]: 400446B: message-
> id=<[hidden email]>
> Nov 24 17:18:04 apache2425 postfix/bounce[13369]: D6D8A6A: sender non-delivery
> notification: 400446B
> Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: 400446B: from=<>, size=3141,
> nrcpt=1 (queue active)
> Nov 24 17:18:04 apache2425 postfix/qmgr[12429]: D6D8A6A: removed
> Nov 24 17:18:08 apache2425 postfix/smtp[13368]: 400446B: to=<noreply@it-
> example.com>, relay=mail.example.de[187.54.78.28]:25, delay=4,
> delays=0.06/0/0.02/3.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
> 58C3E121253)
> Nov 24 17:18:08 apache2425 postfix/qmgr[12429]: 400446B: removed
>
> Das Log passend auf dem Mailserver:
>
> Nov 24 17:18:03 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:
> 60636 to [192.168.1.2]:25
> Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60636
> Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: reject: RCPT from
> apache2.it-example.com[187.54.78.30]: 553 5.7.1 <[hidden email]>:
> Sender address rejected: not logged in; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<apache2425.it-example.com>
> Nov 24 17:18:04 mail postfix/smtpd[4542]: disconnect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/postscreen[4533]: CONNECT from [187.54.78.30]:
> 60638 to [192.168.1.2]:25
> Nov 24 17:18:04 mail postfix/postscreen[4533]: PASS OLD [187.54.78.30]:60638
> Nov 24 17:18:04 mail postfix/smtpd[4542]: connect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: client=apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:04 mail postfix/smtpd[4543]: connect from localhost[127.0.0.1]
> Nov 24 17:18:04 mail postfix/smtpd[4543]: 58C3E121253:
> client=localhost[127.0.0.1], orig_client=apache2.it-example.com[187.54.78.30]
> Nov 24 17:18:04 mail spamd[2227]: spamd: got connection over /var/run/
> spamd.sock
> Nov 24 17:18:04 mail spamd[2227]: spamd: processing message
> <[hidden email]> for (unknown):113
> Nov 24 17:18:08 mail spamd[2227]: spamd: clean message (-1.1/3.0) for
> (unknown):113 in 3.7 seconds, 3345 bytes.
> Nov 24 17:18:08 mail spamd[2227]: spamd: result: . -1 -
> BAYES_00,HTML_MESSAGE,MPART_ALT_DIFF,URIBL_BLOCKED
> scantime=3.7,size=3345,user=(unknown),uid=113,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=/
> var/run/spamd.sock,mid=<[hidden email]-
> example.com>,bayes=0.000000,autolearn=no autolearn_force=no
> Nov 24 17:18:08 mail postfix/cleanup[4544]: 58C3E121253: message-
> id=<[hidden email]>
> Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signing table match for
> '[hidden email]'
> Nov 24 17:18:08 mail opendkim[894]: 58C3E121253: no signature data
> Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: from=<>, size=3871,
> nrcpt=1 (queue active)
> Nov 24 17:18:08 mail postfix/smtpd[4542]: proxy-accept: END-OF-MESSAGE: 250
> 2.0.0 Ok: queued as 58C3E121253; from=<> to=<[hidden email]>
> proto=ESMTP helo=<apache2425.it-example.com>
> Nov 24 17:18:08 mail postfix/smtpd[4542]: disconnect from apache2.it-
> example.com[187.54.78.30]
> Nov 24 17:18:08 mail postfix/smtpd[4543]: disconnect from localhost[127.0.0.1]
> Nov 24 17:18:08 mail spamd[30677]: prefork: child states: II
> Nov 24 17:18:08 mail postfix/lmtp[4547]: 58C3E121253: to=<andreas@it-
> example.com>, orig_to=<[hidden email]>, relay=mail.example.de[private/
> dovecot-lmtp], delay=4.2, delays=3.9/0.01/0/0.27, dsn=2.0.0, status=sent (250
> 2.0.0 <[hidden email]> jxluD0BGGFrEEQAAvAY5HQ Saved)
> Nov 24 17:18:08 mail postfix/qmgr[3979]: 58C3E121253: removed
>
> Ich würde mich über hilfreiche Antworten freuen.
>
> Grüße
>
> Andreas
>

--
Alex JOST
Reply | Threaded
Open this post in threaded view
|

AW: 553 5.7.1 Sender address rejected: not logged in

Daniel-6
In reply to this post by Andreas Günther
Dann sollte sich dein Smartrelay auch entsprechend einloggen zum einliefern bei deinem Mailserver der die Meldung ausgibt.

Oder möchtest sowas wie nen open Relay auf Mailserver und dann alles annimmt? ;-)

Oder müsstest halt Host/IP vom Smartrelay direkt akzeptieren.

Könntest auch für Forum nen Mailkonto anlegen, und lässt die so direkt an Hauptserver senden oder wenn es mehrere System betrifft direkt in php Konfig.

Gruß Daniel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 553 5.7.1 Sender address rejected: not logged in

Andreas Günther
In reply to this post by Alex JOST

Am Freitag, 24. November 2017, 18:26:23 CET schrieb Alex JOST:

> Ist Dein webserver in 'mynetworks' enthalten? Dann dürfte das Problem 

> gelöst sein, wenn Du 'permit_mynetworks' vor 

> 'reject_sender_login_mismatch' setzt.

 

Danke für die Antwort, mit 192.168.1.4/32 ist der Webserver in "mynetworks" enthalten und das Setzen von 'permit_mynetworks' vor 

'reject_sender_login_mismatch' hat leider nicht den gewünschten Erfolg. Die Fehlermeldung bleibt die Gleiche.

 

Andreas

 

 

Reply | Threaded
Open this post in threaded view
|

Re: 553 5.7.1 Sender address rejected: not logged in

Alexander Dalloz
Am 24.11.2017 um 19:22 schrieb Andreas Günther:
> Am Freitag, 24. November 2017, 18:26:23 CET schrieb Alex JOST:
>> Ist Dein webserver in 'mynetworks' enthalten? Dann dürfte das Problem
>> gelöst sein, wenn Du 'permit_mynetworks' vor
>> 'reject_sender_login_mismatch' setzt.
>
> Danke für die Antwort, mit 192.168.1.4/32 ist der Webserver in "mynetworks"
> enthalten und das Setzen von 'permit_mynetworks' vor
> 'reject_sender_login_mismatch' hat leider nicht den gewünschten Erfolg. Die
> Fehlermeldung bleibt die Gleiche.

Die Loginformation lautet:

Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: reject: RCPT from
apache2.it-example.com[187.54.78.30]: 553 5.7.1 <[hidden email]>:
Sender address rejected: not logged in; from=<[hidden email]>
to=<[hidden email]> proto=ESMTP helo=<apache2425.it-example.com>
Nov 24 17:18:04 mail postfix/smtpd[4542]: disconnect from apache2.it-
example.com[187.54.78.30]

Die IP Adresse des Clients ist eine andere und nicht RFC 1918.

Aber ich würde Dir abraten, per permit_mynetworks auf Port 25 zu
arbeiten. Du hast doch submission konfiguriert, dann nutze es auch und
auf dem Webserver nicht sendmail, sondern eine Einlieferung per SMTP auf
Port 587. Konfiguriere verschiedene Accounts für die verschiedenen
VHosts und Du kannst diese selektiv disablen, wenn ein Account mal
missbraucht wird.

> Andreas

Alexander


Reply | Threaded
Open this post in threaded view
|

Re: 553 5.7.1 Sender address rejected: not logged in

Andreas Günther

>

> Die Loginformation lautet:

>

> Nov 24 17:18:04 mail postfix/smtpd[4542]: NOQUEUE: reject: RCPT from

> apache2.it-example.com[187.54.78.30]: 553 5.7.1 <[hidden email]>:

> Sender address rejected: not logged in; from=<[hidden email]>

> to=<[hidden email]> proto=ESMTP helo=<apache2425.it-example.com>

> Nov 24 17:18:04 mail postfix/smtpd[4542]: disconnect from apache2.it-

> example.com[187.54.78.30]

 

Das hast Recht, das hatte ich übersehen, dass die externe IP-Adresse eine Erlaubnis braucht.

Somit klappt das jetzt mit Sendmail.

>

> Die IP Adresse des Clients ist eine andere und nicht RFC 1918.

>

> Aber ich würde Dir abraten, per permit_mynetworks auf Port 25 zu

> arbeiten. Du hast doch submission konfiguriert, dann nutze es auch und

> auf dem Webserver nicht sendmail,

Es sei denn, wir betrachten mein Lieblingsthema, das mir fast schon den Verstand geraubt hatte

> sondern eine Einlieferung per SMTP auf

> Port 587.

Das war nämlich meine erste Wahl. Nur anstatt zu funktionieren, sehe ich immer einen Verweis auf eine Exception:
Swift_TransportException thrown in file
/srv/www/typo3cms/typo3_src-8.7.8/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php in line 269.

 

Das ist jetzt kein Postfix-Thema, sondern gehört in Typo3-Foren, nur dort schweigt man sich aus. Also mein Topic ist mit den Hinweis oben erledigt.

 

Grüße

 

Andreas