postfix / postscreen Problem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix / postscreen Problem

Günther J. Niederwimmer
Hallo Liste,

Ich komme da anscheinend nicht weiter, ich habe einen Fehler in meiner
Konfiguration der anscheinend nicht zu finden ist ?
Ich benutze postfix 3.2.3
mit Centos 7.4

irgendwie ist das für mich nicht logisch ?

laut log ist die Mail ja schon abgeleht (jedefalls für mich), kommt aber
trotzdem durch
Das ist ein auszug aus dem Log mehr steht nicht drin trotz dem Hinweis auf das
Log ?

die domain ist meine Hauptdomain, den User gibt es nicht ??

Nov 19 12:59:27 mx01 postfix/postscreen[27782]: CONNECT from [198.2.186.15]:
26200 to [89.26.108.7]:25
Nov 19 12:59:27 mx01 postfix/dnsblog[27786]: addr 198.2.186.15 listed by domain
list.dnswl.org as 127.0.15.0
Nov 19 12:59:27 mx01 postfix/dnsblog[27784]: addr 198.2.186.15 listed by domain
hostkarma.junkemailfilter.com as 127.0.0.3
Nov 19 12:59:27 mx01 postfix/dnsblog[27784]: addr 198.2.186.15 listed by domain
hostkarma.junkemailfilter.com as 127.0.1.1
Nov 19 12:59:29 mx01 postfix/dnsblog[27794]: addr 198.2.186.15 listed by domain
wl.mailspike.net as 127.0.0.18
Nov 19 12:59:32 mx01 postfix/postscreen[27782]: PASS OLD [198.2.186.15]:26200
Nov 19 12:59:32 mx01 postfix/smtpd[27801]: connect from
mail186-15.suw21.mandrillapp.com[198.2.186.15]
Nov 19 12:59:32 mx01 postfix/smtpd[27801]: Anonymous TLS connection established
from mail186-15.suw21.mandrillapp.com[198.2.186.15]: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Nov 19 12:59:33 mx01 postfix/smtpd[27801]: NOQUEUE: reject: RCPT from
mail186-15.suw21.mandrillapp.com[198.2.186.15]: 450 4.1.1 <[hidden email]>:
Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said:
451 4.3.0 <[hidden email]> Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command); from=<bounce-
[hidden email]>
to=<[hidden email]> proto=ESMTP helo=<mail186-15.suw21.mandrillapp.com>
Nov 19 12:59:33 mx01 postfix/smtpd[27801]: disconnect from
mail186-15.suw21.mandrillapp.com[198.2.186.15] ehlo=2 starttls=1 mail=1
rcpt=0/1 quit=1 commands=5/6
Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max connection rate
1/60s for (smtpd:198.2.186.15) at Nov 19 12:59:32
Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max connection count 1
for (smtpd:198.2.186.15) at Nov 19 12:59:32
Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max cache size 1 at Nov
19 12:59:32
Nov 19 13:14:33 mx01 postfix/postscreen[28606]: CONNECT from [198.2.186.15]:
38242 to [89.26.108.7]:25
Nov 19 13:14:33 mx01 postfix/dnsblog[28608]: addr 198.2.186.15 listed by domain
hostkarma.junkemailfilter.com as 127.0.0.3
Nov 19 13:14:33 mx01 postfix/dnsblog[28608]: addr 198.2.186.15 listed by domain
hostkarma.junkemailfilter.com as 127.0.1.1
Nov 19 13:14:33 mx01 postfix/dnsblog[28609]: addr 198.2.186.15 listed by domain
list.dnswl.org as 127.0.15.0
Nov 19 13:14:34 mx01 postfix/dnsblog[28617]: addr 198.2.186.15 listed by domain
wl.mailspike.net as 127.0.0.18
Nov 19 13:14:38 mx01 postfix/postscreen[28606]: PASS OLD [198.2.186.15]:38242
Nov 19 13:14:38 mx01 postfix/smtpd[28624]: connect from
mail186-15.suw21.mandrillapp.com[198.2.186.15]
Nov 19 13:14:39 mx01 postfix/smtpd[28624]: Anonymous TLS connection established
from mail186-15.suw21.mandrillapp.com[198.2.186.15]: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Nov 19 13:14:39 mx01 postfix/smtpd[28624]: NOQUEUE: reject: RCPT from
mail186-15.suw21.mandrillapp.com[198.2.186.15]: 450 4.1.1 <[hidden email]>:
Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said:
451 4.3.0 <[hidden email]> Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command); from=<bounce-
[hidden email]>
to=<[hidden email]> proto=ESMTP helo=<mail186-15.suw21.mandrillapp.com>
Nov 19 13:14:39 mx01 postfix/smtpd[28624]: disconnect from
mail186-15.suw21.mandrillapp.com[198.2.186.15] ehlo=2 starttls=1 mail=1
rcpt=0/1 quit=1 commands=5/6
Nov 19 13:17:59 mx01 postfix/anvil[28626]: statistics: max connection rate
1/60s for (smtpd:198.2.186.15) at Nov 19 13:14:38
Nov 19 13:17:59 mx01 postfix/anvil[28626]: statistics: max connection count 1
for (smtpd:198.2.186.15) at Nov 19 13:14:38

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = btree
html_directory = no
inet_interfaces = all
lmtp_dns_support_level = dnssec
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20480000
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
milter_rcpt_macros = i {rcpt_addr}
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
myhostname = mx01.4gjn.com
mynetworks = 89.26.108.0/28, 127.0.0.0/8, 192.168.100.0/24, [2001:470:1f0b:
371::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/
postscreen_access.cidr
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3
b.barracudacentral.org*2 bad.psky.me*2 psbl.surriel.com bl.blocklist.de
bl.spamcop.net spam.spamrats.com bl.spameatingmonkey.net dnsbl.cobion.com
ix.dnsbl.manitu.net hostkarma.junkemailfilter.com dnsbl.inps.de
list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2
list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].
[0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.
[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1h
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
postscreen_whitelist_interfaces = static:all
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3-3.2.3/README_FILES
recipient_delimiter = +
relay_domains = btree:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix3-3.2.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_dns_support_level = dnssec
smtp_sasl_security_options = noplaintext, noanonymous
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = dane
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unverified_recipient, reject_invalid_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous,
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access btree:/etc/postfix/
check_sender_access
smtpd_tls_CAfile = /etc/pki/tls/cert.pem
smtpd_tls_CApath = /etc/pki/tls
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/pki/postfix/private/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/pki/postfix/private/dh_1024.pem
smtpd_tls_eecdh_grade = ultra
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, MD5, PSK, aECDH, EDH-
DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA, CAMELLIA128-SHA.
CAMELLIA256-SHA
smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, MD5, PSK, aECDH,
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA, CAMELLIA128-
SHA. CAMELLIA256-SHA
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_bytes = 128
transport_maps = btree:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 577
virtual_alias_maps = btree:/etc/postfix/virtual_alias

für jede Hilfe dankbar,

--
mit freundlichen Grüssen / best regards,

  Günther J. Niederwimmer
Reply | Threaded
Open this post in threaded view
|

Re: postfix / postscreen Problem

Alexander Dalloz
Am 19.11.2017 um 13:34 schrieb Günther J. Niederwimmer:

> Hallo Liste,
>
> Ich komme da anscheinend nicht weiter, ich habe einen Fehler in meiner
> Konfiguration der anscheinend nicht zu finden ist ?
> Ich benutze postfix 3.2.3
> mit Centos 7.4
>
> irgendwie ist das für mich nicht logisch ?
>
> laut log ist die Mail ja schon abgeleht (jedefalls für mich), kommt aber
> trotzdem durch

Wo siehst Du, dass die Mail durch postscreen abgelehnt sei?

> Das ist ein auszug aus dem Log mehr steht nicht drin trotz dem Hinweis auf das
> Log ?
>
> die domain ist meine Hauptdomain, den User gibt es nicht ??
>
> Nov 19 12:59:27 mx01 postfix/postscreen[27782]: CONNECT from [198.2.186.15]:
> 26200 to [89.26.108.7]:25
> Nov 19 12:59:27 mx01 postfix/dnsblog[27786]: addr 198.2.186.15 listed by domain
> list.dnswl.org as 127.0.15.0
> Nov 19 12:59:27 mx01 postfix/dnsblog[27784]: addr 198.2.186.15 listed by domain
> hostkarma.junkemailfilter.com as 127.0.0.3
> Nov 19 12:59:27 mx01 postfix/dnsblog[27784]: addr 198.2.186.15 listed by domain
> hostkarma.junkemailfilter.com as 127.0.1.1
> Nov 19 12:59:29 mx01 postfix/dnsblog[27794]: addr 198.2.186.15 listed by domain
> wl.mailspike.net as 127.0.0.18

4 Listentreffer gemäß Deiner postscreen Konfiguration in main.cf:

list.dnswl.org as 127.0.15.0 => -1
hostkarma.junkemailfilter.com as 127.0.0.3 => +1
hostkarma.junkemailfilter.com as 127.0.1.1 => +1
wl.mailspike.net as 127.0.0.18 => -1

In Summe also 0 Punkte. Warum sollte postscreen also die weitere
Bearbeitung blockieren?

> Nov 19 12:59:32 mx01 postfix/postscreen[27782]: PASS OLD [198.2.186.15]:26200

Und hier siehst Du, dass der Client bereits als PASS gecached wurde.

> Nov 19 12:59:32 mx01 postfix/smtpd[27801]: connect from
> mail186-15.suw21.mandrillapp.com[198.2.186.15]
> Nov 19 12:59:32 mx01 postfix/smtpd[27801]: Anonymous TLS connection established
> from mail186-15.suw21.mandrillapp.com[198.2.186.15]: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> Nov 19 12:59:33 mx01 postfix/smtpd[27801]: NOQUEUE: reject: RCPT from
> mail186-15.suw21.mandrillapp.com[198.2.186.15]: 450 4.1.1 <[hidden email]>:
> Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said:
> 451 4.3.0 <[hidden email]> Internal error occurred. Refer to server log for
> more information. (in reply to RCPT TO command); from=<bounce-
> [hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<mail186-15.suw21.mandrillapp.com>
> Nov 19 12:59:33 mx01 postfix/smtpd[27801]: disconnect from
> mail186-15.suw21.mandrillapp.com[198.2.186.15] ehlo=2 starttls=1 mail=1
> rcpt=0/1 quit=1 commands=5/6
> Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max connection rate
> 1/60s for (smtpd:198.2.186.15) at Nov 19 12:59:32
> Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max connection count 1
> for (smtpd:198.2.186.15) at Nov 19 12:59:32
> Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max cache size 1 at Nov
> 19 12:59:32
> Nov 19 13:14:33 mx01 postfix/postscreen[28606]: CONNECT from [198.2.186.15]:
> 38242 to [89.26.108.7]:25
> Nov 19 13:14:33 mx01 postfix/dnsblog[28608]: addr 198.2.186.15 listed by domain
> hostkarma.junkemailfilter.com as 127.0.0.3
> Nov 19 13:14:33 mx01 postfix/dnsblog[28608]: addr 198.2.186.15 listed by domain
> hostkarma.junkemailfilter.com as 127.0.1.1
> Nov 19 13:14:33 mx01 postfix/dnsblog[28609]: addr 198.2.186.15 listed by domain
> list.dnswl.org as 127.0.15.0
> Nov 19 13:14:34 mx01 postfix/dnsblog[28617]: addr 198.2.186.15 listed by domain
> wl.mailspike.net as 127.0.0.18
> Nov 19 13:14:38 mx01 postfix/postscreen[28606]: PASS OLD [198.2.186.15]:38242
> Nov 19 13:14:38 mx01 postfix/smtpd[28624]: connect from
> mail186-15.suw21.mandrillapp.com[198.2.186.15]
> Nov 19 13:14:39 mx01 postfix/smtpd[28624]: Anonymous TLS connection established
> from mail186-15.suw21.mandrillapp.com[198.2.186.15]: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> Nov 19 13:14:39 mx01 postfix/smtpd[28624]: NOQUEUE: reject: RCPT from
> mail186-15.suw21.mandrillapp.com[198.2.186.15]: 450 4.1.1 <[hidden email]>:
> Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said:
> 451 4.3.0 <[hidden email]> Internal error occurred. Refer to server log for
> more information. (in reply to RCPT TO command); from=<bounce-
> [hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<mail186-15.suw21.mandrillapp.com>
> Nov 19 13:14:39 mx01 postfix/smtpd[28624]: disconnect from
> mail186-15.suw21.mandrillapp.com[198.2.186.15] ehlo=2 starttls=1 mail=1
> rcpt=0/1 quit=1 commands=5/6
> Nov 19 13:17:59 mx01 postfix/anvil[28626]: statistics: max connection rate
> 1/60s for (smtpd:198.2.186.15) at Nov 19 13:14:38
> Nov 19 13:17:59 mx01 postfix/anvil[28626]: statistics: max connection count 1
> for (smtpd:198.2.186.15) at Nov 19 13:14:38
>
> postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> bounce_template_file = /etc/postfix/bounce.de-DE.cf
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> compatibility_level = 2
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5
> default_database_type = btree
> html_directory = no
> inet_interfaces = all
> lmtp_dns_support_level = dnssec
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 20480000
> meta_directory = /etc/postfix
> milter_default_action = accept
> milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
> milter_protocol = 6
> milter_rcpt_macros = i {rcpt_addr}
> mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
> myhostname = mx01.4gjn.com
> mynetworks = 89.26.108.0/28, 127.0.0.0/8, 192.168.100.0/24, [2001:470:1f0b:
> 371::]/64
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> postscreen_access_list = permit_mynetworks cidr:/etc/postfix/
> postscreen_access.cidr
> postscreen_bare_newline_action = drop
> postscreen_bare_newline_enable = yes
> postscreen_blacklist_action = drop
> postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
> postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3
> b.barracudacentral.org*2 bad.psky.me*2 psbl.surriel.com bl.blocklist.de
> bl.spamcop.net spam.spamrats.com bl.spameatingmonkey.net dnsbl.cobion.com
> ix.dnsbl.manitu.net hostkarma.junkemailfilter.com dnsbl.inps.de
> list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2
> list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].
> [0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.
> [17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_ttl = 1h
> postscreen_dnsbl_whitelist_threshold = -1
> postscreen_greet_action = enforce
> postscreen_non_smtp_command_enable = yes
> postscreen_pipelining_enable = yes
> postscreen_whitelist_interfaces = static:all
> proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix3-3.2.3/README_FILES
> recipient_delimiter = +
> relay_domains = btree:/etc/postfix/relay_domains
> sample_directory = /usr/share/doc/postfix3-3.2.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> shlib_directory = /usr/lib/postfix
> smtp_dns_support_level = dnssec
> smtp_sasl_security_options = noplaintext, noanonymous
> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> smtp_tls_loglevel = 1
> smtp_tls_mandatory_ciphers = high
> smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
> smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtp_tls_note_starttls_offer = yes
> smtp_tls_protocols = !SSLv2,!SSLv3

> smtp_tls_security_level = dane
> smtp_use_tls = yes

Warum dieser Eintrag (smtp_use_tls) in Kombination mit dem Eintrag
davor? Lies doch noch mal die manpage.

> smtpd_helo_required = yes
> smtpd_milters = inet:localhost:11332
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination, reject_unverified_recipient, reject_invalid_hostname
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = no
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_sasl_tls_security_options = noanonymous,
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = check_sender_access btree:/etc/postfix/
> check_sender_access
> smtpd_tls_CAfile = /etc/pki/tls/cert.pem
> smtpd_tls_CApath = /etc/pki/tls
> smtpd_tls_ask_ccert = yes
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain.pem
> smtpd_tls_dh1024_param_file = /etc/pki/postfix/private/dh_2048.pem
> smtpd_tls_dh512_param_file = /etc/pki/postfix/private/dh_1024.pem
> smtpd_tls_eecdh_grade = ultra
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, MD5, PSK, aECDH, EDH-
> DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA, CAMELLIA128-SHA.
> CAMELLIA256-SHA
> smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
> smtpd_tls_loglevel = 1
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, MD5, PSK, aECDH,
> EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA, CAMELLIA128-
> SHA. CAMELLIA256-SHA
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtpd_tls_protocols = !SSLv2,!SSLv3
> smtpd_tls_received_header = yes

> smtpd_tls_security_level = may
> smtpd_use_tls = yes

Hier ebenso. Entferne smtpd_use_tls

> tls_preempt_cipherlist = yes
> tls_random_bytes = 128
> transport_maps = btree:/etc/postfix/transport, $relay_domains
> unknown_local_recipient_reject_code = 550
> unverified_recipient_reject_code = 577
> virtual_alias_maps = btree:/etc/postfix/virtual_alias
>
> für jede Hilfe dankbar,
>

Reply | Threaded
Open this post in threaded view
|

Re: postfix / postscreen Problem

Andreas Schulze
Am 19.11.2017 um 14:53 schrieb Alexander Dalloz:
> Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said:
> 451 4.3.0 <[hidden email]> Internal error occurred. Refer to server log for
> more information.

das wäre auch einen Blick wert ...

--
A. Schulze
DATEV eG