[postfix-jp: 4405] AWS SES経由でのメールの転送

Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[postfix-jp: 4405] AWS SES経由でのメールの転送

Yasuhiro KIMURA
木村と申します。

AWS EC2でDebian 9を動かしているのですが、ここから直接だとGmailなどは受
信拒否をするので、AWS SESを経由することにしました。やったことは以下の
通りです。

1. ↓を参考にしてSESのSMTP認証情報を取得
   https://docs.aws.amazon.com/ja_jp/ses/latest/DeveloperGuide/smtp-credentials.html
2. ↓を参考にしてドメインを検証済みにする
   https://docs.aws.amazon.com/ja_jp/ses/latest/DeveloperGuide/verify-domain-procedure.html
3. ↓を参考にしてドメインをサンドボックスの外に移動
   https://docs.aws.amazon.com/ja_jp/ses/latest/DeveloperGuide/request-production-access.html
4. ↓を参考にしてPostfixを設定
   https://docs.aws.amazon.com/ja_jp/ses/latest/DeveloperGuide/postfix.html

postconf -nの実行結果は以下のようになります。

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = yes
biff = no
compatibility_level = 2
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
milter_default_action = accept
mydestination = $myhostname, mail.examle.org, localhost.examle.org, , localhost
myhostname = mail.examle.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = email-smtp.us-east-1.amazonaws.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noplaintext,noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_cert_file = /etc/letsencrypt/live/server.examle.org/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/letsencrypt/live/server.examle.org/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

この状態でmail.examle.orgからメールを発信すると、Gmailなど直接だと
受信を拒否するところも含めて無事届くようになりました。

ところが外部からuser@mail.examle.org宛に送信されたメール
を~user/.forward等で他のアドレスに転送しようとすると、↓のようなログメッ
セージと共に転送がrejectされてしまいます。

Jan 19 14:53:32 mail postfix/smtpd[19403]: connect from gate.example.jp[10.0.0.1]
Jan 19 14:53:32 mail postfix/smtpd[19403]: Anonymous TLS connection established from gate.example.jp[10.0.0.1]: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)
Jan 19 14:53:32 mail postfix/smtpd[19403]: 629A74F3: client=gate.example.jp[10.0.0.1]
Jan 19 14:53:32 mail postfix/cleanup[19410]: 629A74F3: message-id=<[hidden email]>
Jan 19 14:53:36 mail postfix/qmgr[16757]: 629A74F3: from=<[hidden email]>, size=1495, nrcpt=1 (queue active)
Jan 19 14:53:36 mail postfix/smtpd[19403]: disconnect from gate.example.jp[10.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 19 14:53:36 mail postfix/local[19411]: 629A74F3: to=<[hidden email]>, relay=local, delay=4.1, delays=4.1/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jan 19 14:53:36 mail postfix/cleanup[19410]: 7FF264F4: message-id=<[hidden email]>
Jan 19 14:53:36 mail postfix/qmgr[16757]: 7FF264F4: from=<[hidden email]>, size=2199, nrcpt=2 (queue active)
Jan 19 14:53:36 mail postfix/local[19411]: 629A74F3: to=<[hidden email]>, relay=local, delay=4.1, delays=4.1/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 7FF264F4)
Jan 19 14:53:36 mail postfix/qmgr[16757]: 629A74F3: removed
Jan 19 14:53:38 mail postfix/smtp[19412]: Trusted TLS connection established to email-smtp.us-east-1.amazonaws.com[23.23.175.128]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 19 14:53:39 mail postfix/smtp[19412]: 7FF264F4: to=<[hidden email]>, orig_to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[23.23.175.128]:587, delay=2.7, delays=0.01/0.02/1.8/0.85, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[23.23.175.128] said: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: [hidden email], Example.jp mail user <[hidden email]> (in reply to end of DATA command))
Jan 19 14:53:39 mail postfix/smtp[19412]: 7FF264F4: to=<[hidden email]>, orig_to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[23.23.175.128]:587, delay=2.7, delays=0.01/0.02/1.8/0.85, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[23.23.175.128] said: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: [hidden email], Example.jp mail user <[hidden email]> (in reply to end of DATA command))
Jan 19 14:53:39 mail postfix/cleanup[19410]: 5C8474F5: message-id=<[hidden email]>
Jan 19 14:53:39 mail postfix/qmgr[16757]: 5C8474F5: from=<>, size=5389, nrcpt=1 (queue active)
Jan 19 14:53:39 mail postfix/bounce[19413]: 7FF264F4: sender non-delivery notification: 5C8474F5
Jan 19 14:53:39 mail postfix/qmgr[16757]: 7FF264F4: removed
Jan 19 14:53:40 mail postfix/smtp[19412]: Trusted TLS connection established to email-smtp.us-east-1.amazonaws.com[54.225.136.195]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 19 14:53:41 mail postfix/smtp[19412]: 5C8474F5: to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[54.225.136.195]:587, delay=1.7, delays=0/0/1.5/0.16, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[54.225.136.195] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))
Jan 19 14:53:41 mail postfix/qmgr[16757]: 5C8474F5: removed

外部からのメールをAWS SES経由で転送するにはどのように設定すれば良いの
でしょうか。うまく転送出来ている方がいらっしゃいましたら教えてください。

---
木村 康浩

_______________________________________________
Postfix-jp-list mailing list
[hidden email]
https://lists.osdn.me/mailman/listinfo/postfix-jp-list