relay access denied - die 25.ste

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

relay access denied - die 25.ste

sebastian@debianfan.de
Guten Abend,

ich spiele grade etwas mit einem Mailserver - debian buster als Grundsystem.

Postfix, Dovecot, die User kommen aus einer Mysql-Datenbank.

mail.zielserver.de ist der Hostname der Zielmaschine
mail.absenderserver.de der Hostname meines Mailservers

ich versuche von [hidden email] an [hidden email]
etwas zu senden

Irgendeine restriction scheint zuzuschlagen - ich finde den Fehler aber
nicht - für Hinweise bin ich dankbar :-)



main.cf:

mynetworks = 127.0.0.0/8
inet_interfaces = all
myhostname = mail.zielserver.de


maximal_queue_lifetime = 1h
bounce_queue_lifetime = 1h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m


tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA

### Ausgehende SMTP-Verbindungen (Postfix als Sender)

smtp_tls_security_level = dane
smtp_dns_support_level = dnssec
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt


### Eingehende SMTP-Verbindungen

smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = high
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.zielserver.de/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.zielserver.de/privkey.pem


##
## Lokale Mailzustellung an Dovecot
##

virtual_transport = lmtp:unix:private/dovecot-lmtp



postscreen_access_list =        permit_mynetworks
                                 cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop


# Verbindungen beenden, wenn der fremde Server es zu eilig hat
postscreen_greet_action = drop


### DNS blocklists
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites =    ix.dnsbl.manitu.net*2
                             zen.spamhaus.org*2
postscreen_dnsbl_action = drop


##
## MySQL Abfragen
##

virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
local_recipient_maps = $virtual_mailbox_maps


### Maximale Größe der gesamten Mailbox (soll von Dovecot festgelegt
werden, 0 = unbegrenzt)
mailbox_size_limit = 0

### Maximale Größe eingehender E-Mails in Bytes (50 MB)
message_size_limit = 52428800

### Keine System-Benachrichtigung für Benutzer bei neuer E-Mail
biff = no

### Nutzer müssen immer volle E-Mail Adresse angeben - nicht nur Hostname
append_dot_mydomain = no

### Trenn-Zeichen für "Address Tagging"
recipient_delimiter = +


smtpd_relay_restrictions =      reject_non_fqdn_recipient
                                 reject_unknown_recipient_domain
                                 reject_unauth_destination
                                 permit_mynetworks


### Bedingungen, damit Postfix ankommende E-Mails als Empfängerserver
entgegennimmt (zusätzlich zu relay-Bedingungen)
### check_recipient_access prüft, ob ein account sendonly ist
smtpd_recipient_restrictions = check_recipient_access
mysql:/etc/postfix/sql/recipient-access.cf,


### Bedingungen, die SMTP-Clients erfüllen müssen (sendende Server)
smtpd_client_restrictions =     permit_mynetworks
                                 check_client_access
hash:/etc/postfix/without_ptr
                                 reject_unknown_client_hostname


### Wenn fremde Server eine Verbindung herstellen, müssen sie einen
gültigen Hostnamen im HELO haben.
smtpd_helo_required = yes
smtpd_helo_restrictions =   permit_mynetworks
                             reject_invalid_helo_hostname
                             reject_non_fqdn_helo_hostname
                             reject_unknown_helo_hostname

# Clients blockieren, wenn sie versuchen zu früh zu senden
# smtpd_data_restrictions = reject_unauth_pipelining


##
## Restrictions für MUAs (Mail user agents)
##

mua_relay_restrictions =
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
mua_sender_restrictions =
permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject



master.cf:

smtp      inet  n       -       y       -       1       postscreen
     -o smtpd_sasl_auth_enable=no

smtpd     pass  -       -       y       -       -       smtpd -v

dnsblog   unix  -       -       y       -       0       dnsblog

tlsproxy  unix  -       -       y       -       0       tlsproxy

submission inet n       -       y       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_sasl_type=dovecot
     -o smtpd_sasl_path=private/auth
     -o smtpd_sasl_security_options=noanonymous
     -o smtpd_client_restrictions=$mua_client_restrictions
     -o smtpd_sender_restrictions=$mua_sender_restrictions
     -o smtpd_relay_restrictions=$mua_relay_restrictions
     -o milter_macro_daemon_name=ORIGINATING
     -o smtpd_sender_login_maps=mysql:/etc/postfix/sql/sender-login-maps.cf
     -o smtpd_helo_required=no
     -o smtpd_helo_restrictions=
     -o cleanup_service_name=submission-header-cleanup

pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache


submission-header-cleanup unix n - n    -       0       cleanup
     -o header_checks=regexp:/etc/postfix/submission_header_cleanup







CONNECT from [139.18.1.9]:37268 to [139.18.1.8]:25
PASS OLD [139.18.1.9]:37268
name_mask: all
inet_addr_local: configured 2 IPv4 addresses
inet_addr_local: configured 3 IPv6 addresses
process generation: 21 (21)
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? debug_peer_list
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? fast_flush_domains
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? mynetworks
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? permit_mx_backup_networks
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? qmqpd_authorized_clients
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? relay_domains
match_string: parent_domain_matches_subdomains:
smtpd_client_event_limit_exceptions ~? smtpd_access_maps
match_list_match: smtpd_client_event_limit_exceptions: no match
match_string: parent_domain_matches_subdomains: mynetworks ~?
debug_peer_list
match_string: parent_domain_matches_subdomains: mynetworks ~?
fast_flush_domains
match_string: parent_domain_matches_subdomains: mynetworks ~? mynetworks
name_mask: host
been_here: 127.0.0.1/32: 0
been_here: 139.18.1.8/32: 0
been_here: [::1]/128: 0
been_here: [2001:1af8:1244:eabd:e83d:3dff:fea8:70df]/128: 0
been_here: [ea80::a12b:3dff:fea8:70df]/128: 0
mynetworks_core: 127.0.0.1/32 139.18.1.8/32 [::1]/128
[2001:1af8:1244:eabd:e83d:3dff:fea8:70df]/128
[ea80::a12b:3dff:fea8:70df]/128
match_string: parent_domain_matches_subdomains: mynetworks ~?
debug_peer_list
match_string: parent_domain_matches_subdomains: mynetworks ~?
fast_flush_domains
match_string: parent_domain_matches_subdomains: mynetworks ~? mynetworks
match_string: parent_domain_matches_subdomains: relay_domains ~?
debug_peer_list
match_string: parent_domain_matches_subdomains: relay_domains ~?
fast_flush_domains
match_string: parent_domain_matches_subdomains: relay_domains ~? mynetworks
match_string: parent_domain_matches_subdomains: relay_domains ~?
permit_mx_backup_networks
match_string: parent_domain_matches_subdomains: relay_domains ~?
qmqpd_authorized_clients
match_string: parent_domain_matches_subdomains: relay_domains ~?
relay_domains
match_string: parent_domain_matches_subdomains:
permit_mx_backup_networks ~? debug_peer_list
match_string: parent_domain_matches_subdomains:
permit_mx_backup_networks ~? fast_flush_domains
match_string: parent_domain_matches_subdomains:
permit_mx_backup_networks ~? mynetworks
match_string: parent_domain_matches_subdomains:
permit_mx_backup_networks ~? permit_mx_backup_networks
cfg_get_str: /etc/postfix/sql/accounts.cf: user = vmail
cfg_get_str: /etc/postfix/sql/accounts.cf: password = mailpasswort
cfg_get_str: /etc/postfix/sql/accounts.cf: dbname = vmail
cfg_get_str: /etc/postfix/sql/accounts.cf: result_format = %s
cfg_get_str: /etc/postfix/sql/accounts.cf: option_file = <NULL>
cfg_get_str: /etc/postfix/sql/accounts.cf: option_group = client
cfg_get_str: /etc/postfix/sql/accounts.cf: tls_key_file = <NULL>
cfg_get_str: /etc/postfix/sql/accounts.cf: tls_cert_file = <NULL>
cfg_get_str: /etc/postfix/sql/accounts.cf: tls_CAfile = <NULL>
cfg_get_str: /etc/postfix/sql/accounts.cf: tls_CApath = <NULL>
cfg_get_str: /etc/postfix/sql/accounts.cf: tls_ciphers = <NULL>
cfg_get_bool: /etc/postfix/sql/accounts.cf: tls_verify_cert = on
cfg_get_bool: /etc/postfix/sql/accounts.cf: require_result_set = on
cfg_get_int: /etc/postfix/sql/accounts.cf: expansion_limit = 0
cfg_get_str: /etc/postfix/sql/accounts.cf: query = select 1 as found
from accounts where username = '%u' and domain = '%d' and enabled = true
LIMIT 1;
cfg_get_str: /etc/postfix/sql/accounts.cf: domain =
cfg_get_str: /etc/postfix/sql/accounts.cf: hosts = 127.0.0.1
dict_open: mysql:/etc/postfix/sql/accounts.cf
cfg_get_str: /etc/postfix/sql/aliases.cf: user = vmail
cfg_get_str: /etc/postfix/sql/aliases.cf: password = mailpasswort
cfg_get_str: /etc/postfix/sql/aliases.cf: dbname = vmail
cfg_get_str: /etc/postfix/sql/aliases.cf: result_format = %s
cfg_get_str: /etc/postfix/sql/aliases.cf: option_file = <NULL>
cfg_get_str: /etc/postfix/sql/aliases.cf: option_group = client
cfg_get_str: /etc/postfix/sql/aliases.cf: tls_key_file = <NULL>
cfg_get_str: /etc/postfix/sql/aliases.cf: tls_cert_file = <NULL>
cfg_get_str: /etc/postfix/sql/aliases.cf: tls_CAfile = <NULL>
cfg_get_str: /etc/postfix/sql/aliases.cf: tls_CApath = <NULL>
cfg_get_str: /etc/postfix/sql/aliases.cf: tls_ciphers = <NULL>
cfg_get_bool: /etc/postfix/sql/aliases.cf: tls_verify_cert = on
cfg_get_bool: /etc/postfix/sql/aliases.cf: require_result_set = on
cfg_get_int: /etc/postfix/sql/aliases.cf: expansion_limit = 0
cfg_get_str: /etc/postfix/sql/aliases.cf: query = select
concat(destination_username, '@', destination_domain) as destinations
from aliases where source_username = '%u' and source_domain = '%d' and
enabled = true;
cfg_get_str: /etc/postfix/sql/aliases.cf: domain =
cfg_get_str: /etc/postfix/sql/aliases.cf: hosts = 127.0.0.1
dict_open: mysql:/etc/postfix/sql/aliases.cf
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
debug_peer_list
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
fast_flush_domains
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
mynetworks
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
permit_mx_backup_networks
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
qmqpd_authorized_clients
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
relay_domains
match_string: parent_domain_matches_subdomains: smtpd_access_maps ~?
smtpd_access_maps
Compiled against Berkeley DB: 5.3.28?
Run-time linked against Berkeley DB: 5.3.28?
dict_open: hash:/etc/postfix/without_ptr
cfg_get_str: /etc/postfix/sql/recipient-access.cf: user = vmail
cfg_get_str: /etc/postfix/sql/recipient-access.cf: password = mailpasswort
cfg_get_str: /etc/postfix/sql/recipient-access.cf: dbname = vmail
cfg_get_str: /etc/postfix/sql/recipient-access.cf: result_format = %s
cfg_get_str: /etc/postfix/sql/recipient-access.cf: option_file = <NULL>
cfg_get_str: /etc/postfix/sql/recipient-access.cf: option_group = client
cfg_get_str: /etc/postfix/sql/recipient-access.cf: tls_key_file = <NULL>
cfg_get_str: /etc/postfix/sql/recipient-access.cf: tls_cert_file = <NULL>
cfg_get_str: /etc/postfix/sql/recipient-access.cf: tls_CAfile = <NULL>
cfg_get_str: /etc/postfix/sql/recipient-access.cf: tls_CApath = <NULL>
cfg_get_str: /etc/postfix/sql/recipient-access.cf: tls_ciphers = <NULL>
cfg_get_bool: /etc/postfix/sql/recipient-access.cf: tls_verify_cert = on
cfg_get_bool: /etc/postfix/sql/recipient-access.cf: require_result_set = on
cfg_get_int: /etc/postfix/sql/recipient-access.cf: expansion_limit = 0
cfg_get_str: /etc/postfix/sql/recipient-access.cf: query = select
if(sendonly = true, 'REJECT', 'OK') AS access from accounts where
username = '%u' and domain = '%d' and enabled = true LIMIT 1;
cfg_get_str: /etc/postfix/sql/recipient-access.cf: domain =
cfg_get_str: /etc/postfix/sql/recipient-access.cf: hosts = 127.0.0.1
dict_open: mysql:/etc/postfix/sql/recipient-access.cf
unknown_helo_hostname_tempfail_action = defer_if_permit
unknown_address_tempfail_action = defer_if_permit
unverified_recipient_tempfail_action = defer_if_permit
unverified_sender_tempfail_action = defer_if_permit
name_mask: 0
auto_clnt_create: transport=local endpoint=private/tlsmgr
auto_clnt_open: connected to private/tlsmgr
send attr request = seed
send attr size = 32
private/tlsmgr: wanted attribute: status
input attribute name: status
input attribute value: 0
private/tlsmgr: wanted attribute: seed
input attribute name: seed
input attribute value: F09GxSrWzA0Ujwp4uBHi8Xhhc+iRRssc9ntjt4rXnuw=
private/tlsmgr: wanted attribute: (list terminator)
input attribute name: (end)
send attr request = policy
send attr cache_type = smtpd
private/tlsmgr: wanted attribute: status
input attribute name: status
input attribute value: 0
private/tlsmgr: wanted attribute: cachable
input attribute name: cachable
input attribute value: 1
private/tlsmgr: wanted attribute: timeout
input attribute name: timeout
input attribute value: 3600
private/tlsmgr: wanted attribute: (list terminator)
input attribute name: (end)
name_mask: NO_COMPRESSION
match_string: parent_domain_matches_subdomains: fast_flush_domains ~?
debug_peer_list
match_string: parent_domain_matches_subdomains: fast_flush_domains ~?
fast_flush_domains
auto_clnt_create: transport=local endpoint=private/anvil
unknown_stream: wanted attribute: (any attribute name or list terminator)
input attribute name: client_address
input attribute value: 139.18.1.9
unknown_stream: wanted attribute: (any attribute name or list terminator)
input attribute name: client_port
input attribute value: 37268
unknown_stream: wanted attribute: (any attribute name or list terminator)
input attribute name: server_address
input attribute value: 139.18.1.8
unknown_stream: wanted attribute: (any attribute name or list terminator)
input attribute name: server_port
input attribute value: 25
unknown_stream: wanted attribute: (any attribute name or list terminator)
input attribute name: (end)
connection established
master_notify: status 0
name_mask: resource
name_mask: software
connect from absendermailserver.de[139.18.1.9]
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
smtp_stream_setup: maxtime=300 enable_deadline=0
match_hostname: smtpd_client_event_limit_exceptions:
absendermailserver.de ~? 127.0.0.0/8
match_hostaddr: smtpd_client_event_limit_exceptions: 139.18.1.9 ~?
127.0.0.0/8
match_hostname: smtpd_client_event_limit_exceptions:
absendermailserver.de ~? [::ffff:127.0.0.0]/104
match_hostaddr: smtpd_client_event_limit_exceptions: 139.18.1.9 ~?
[::ffff:127.0.0.0]/104
match_hostname: smtpd_client_event_limit_exceptions:
absendermailserver.de ~? [::1]/128
match_hostaddr: smtpd_client_event_limit_exceptions: 139.18.1.9 ~? [::1]/128
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
auto_clnt_open: connected to private/anvil
send attr request = connect
send attr ident = smtpd:139.18.1.9
private/anvil: wanted attribute: status
input attribute name: status
input attribute value: 0
private/anvil: wanted attribute: count
input attribute name: count
input attribute value: 1
private/anvil: wanted attribute: rate
input attribute name: rate
input attribute value: 1
private/anvil: wanted attribute: (list terminator)
input attribute name: (end)
 > absendermailserver.de[139.18.1.9]: 220 mail.zieldomain.de ESMTP Postfix
< absendermailserver.de[139.18.1.9]: EHLO absendermailserver.de
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
 > absendermailserver.de[139.18.1.9]: 250-mail.zieldomain.de
 > absendermailserver.de[139.18.1.9]: 250-PIPELINING
 > absendermailserver.de[139.18.1.9]: 250-SIZE 52428800
 > absendermailserver.de[139.18.1.9]: 250-VRFY
 > absendermailserver.de[139.18.1.9]: 250-ETRN
 > absendermailserver.de[139.18.1.9]: 250-STARTTLS
 > absendermailserver.de[139.18.1.9]: 250-ENHANCEDSTATUSCODES
 > absendermailserver.de[139.18.1.9]: 250-8BITMIME
 > absendermailserver.de[139.18.1.9]: 250-DSN
 > absendermailserver.de[139.18.1.9]: 250 CHUNKING
< absendermailserver.de[139.18.1.9]: STARTTLS
 > absendermailserver.de[139.18.1.9]: 220 2.0.0 Ready to start TLS
send attr request = seed
send attr size = 32
private/tlsmgr: wanted attribute: status
input attribute name: status
input attribute value: 0
private/tlsmgr: wanted attribute: seed
input attribute name: seed
input attribute value: rleoJ4yGveVpDGfMaSUnpjd9zBXuzp8hvf4UDvgDLZY=
private/tlsmgr: wanted attribute: (list terminator)
input attribute name: (end)
send attr request = update
send attr cache_type = smtpd
send attr cache_id =
1A668740F8E241DDD1A1726ADE096C6FA6D4EA0F4E0FE379E831CB64BA7E8452&s=smtpd&l=269488207
send attr session = [data 127 bytes]
private/tlsmgr: wanted attribute: status
input attribute name: status
input attribute value: 0
private/tlsmgr: wanted attribute: (list terminator)
input attribute name: (end)
< absendermailserver.de[139.18.1.9]: EHLO absendermailserver.de
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
 > absendermailserver.de[139.18.1.9]: 250-mail.zieldomain.de
 > absendermailserver.de[139.18.1.9]: 250-PIPELINING
 > absendermailserver.de[139.18.1.9]: 250-SIZE 52428800
 > absendermailserver.de[139.18.1.9]: 250-VRFY
 > absendermailserver.de[139.18.1.9]: 250-ETRN
 > absendermailserver.de[139.18.1.9]: 250-ENHANCEDSTATUSCODES
 > absendermailserver.de[139.18.1.9]: 250-8BITMIME
 > absendermailserver.de[139.18.1.9]: 250-DSN
 > absendermailserver.de[139.18.1.9]: 250 CHUNKING
< absendermailserver.de[139.18.1.9]: MAIL
FROM:<[hidden email]> SIZE=891 BODY=8BITMIME
extract_addr: input: <[hidden email]>
smtpd_check_addr: addr=[hidden email]
connect to subsystem private/rewrite
send attr request = rewrite
send attr rule = local
send attr address = ""
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: ""
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: "" -> ""
send attr request = rewrite
send attr rule = local
send attr address = [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: [hidden email]
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: [hidden email] ->
[hidden email]
send attr request = resolve
send attr sender =
send attr address = [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: transport
input attribute name: transport
input attribute value: smtp
private/rewrite socket: wanted attribute: nexthop
input attribute name: nexthop
input attribute value: absenderdomain.de
private/rewrite socket: wanted attribute: recipient
input attribute name: recipient
input attribute value: [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 4096
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
resolve_clnt: `' -> `[hidden email]' -> transp=`smtp'
host=`absenderdomain.de' rcpt=`[hidden email]' flags=
class=default
ctable_locate: install entry key ?[hidden email]
extract_addr: in: <[hidden email]>, result:
[hidden email]
send attr request = rewrite
send attr rule = local
send attr address = double-bounce
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: [hidden email]
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: double-bounce -> [hidden email]
smtpd_check_rewrite: trying: permit_inet_interfaces
permit_inet_interfaces: absendermailserver.de 139.18.1.9
fsspace: .: block size 4096, blocks free 4167952
smtpd_check_queue: blocks 4096 avail 4167952 min_free 0 msg_size_limit
52428800
 > absendermailserver.de[139.18.1.9]: 250 2.1.0 Ok
< absendermailserver.de[139.18.1.9]: RCPT TO:<[hidden email]>
ORCPT=rfc822;[hidden email]
extract_addr: input: <[hidden email]>
smtpd_check_addr: addr=[hidden email]
send attr request = rewrite
send attr rule = local
send attr address = [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: [hidden email]
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: [hidden email] ->
[hidden email]
send attr request = rewrite
send attr rule = local
send attr address = [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: [hidden email]
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: [hidden email] -> [hidden email]
send attr request = resolve
send attr sender = [hidden email]
send attr address = [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: transport
input attribute name: transport
input attribute value: smtp
private/rewrite socket: wanted attribute: nexthop
input attribute name: nexthop
input attribute value: zieldomain.de
private/rewrite socket: wanted attribute: recipient
input attribute name: recipient
input attribute value: [hidden email]
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 4096
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
resolve_clnt: `[hidden email]' -> `[hidden email]'
-> transp=`smtp' host=`zieldomain.de' rcpt=`[hidden email]'
flags= class=default
ctable_locate: install entry key
[hidden email]?[hidden email]
extract_addr: in: <[hidden email]>, result: [hidden email]
 >>> START Client host RESTRICTIONS <<<
generic_checks: name=permit_mynetworks
permit_mynetworks: absendermailserver.de 139.18.1.9
match_hostname: mynetworks: absendermailserver.de ~? 127.0.0.0/8
match_hostaddr: mynetworks: 139.18.1.9 ~? 127.0.0.0/8
match_hostname: mynetworks: absendermailserver.de ~? [::ffff:127.0.0.0]/104
match_hostaddr: mynetworks: 139.18.1.9 ~? [::ffff:127.0.0.0]/104
match_hostname: mynetworks: absendermailserver.de ~? [::1]/128
match_hostaddr: mynetworks: 139.18.1.9 ~? [::1]/128
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
generic_checks: name=permit_mynetworks status=0
generic_checks: name=check_client_access
check_namadr_access: name absendermailserver.de addr 139.18.1.9
check_domain_access: absendermailserver.de
maps_find: hash:/etc/postfix/without_ptr: absendermailserver.de: not found
maps_find: hash:/etc/postfix/without_ptr: xn--deiner-dta.de: not found
maps_find: hash:/etc/postfix/without_ptr: de: not found
check_addr_access: 139.18.1.9
maps_find: hash:/etc/postfix/without_ptr: 139.18.1.9: not found
maps_find: hash:/etc/postfix/without_ptr: 139.18.1: not found
maps_find: hash:/etc/postfix/without_ptr: 83.149: not found
maps_find: hash:/etc/postfix/without_ptr: 83: not found
generic_checks: name=check_client_access status=0
generic_checks: name=reject_unknown_client_hostname
reject_unknown_client: absendermailserver.de 139.18.1.9
generic_checks: name=reject_unknown_client_hostname status=0
 >>> END Client host RESTRICTIONS <<<
 >>> START Helo command RESTRICTIONS <<<
generic_checks: name=permit_mynetworks
permit_mynetworks: absendermailserver.de 139.18.1.9
match_hostname: mynetworks: absendermailserver.de ~? 127.0.0.0/8
match_hostaddr: mynetworks: 139.18.1.9 ~? 127.0.0.0/8
match_hostname: mynetworks: absendermailserver.de ~? [::ffff:127.0.0.0]/104
match_hostaddr: mynetworks: 139.18.1.9 ~? [::ffff:127.0.0.0]/104
match_hostname: mynetworks: absendermailserver.de ~? [::1]/128
match_hostaddr: mynetworks: 139.18.1.9 ~? [::1]/128
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
generic_checks: name=permit_mynetworks status=0
generic_checks: name=reject_invalid_helo_hostname
reject_invalid_hostname: absendermailserver.de
generic_checks: name=reject_invalid_helo_hostname status=0
generic_checks: name=reject_non_fqdn_helo_hostname
reject_non_fqdn_hostname: absendermailserver.de
generic_checks: name=reject_non_fqdn_helo_hostname status=0
generic_checks: name=reject_unknown_helo_hostname
reject_unknown_hostname: absendermailserver.de
lookup absendermailserver.de type A flags
dns_query: absendermailserver.de (A): OK
dns_get_answer: type A for absendermailserver.de
generic_checks: name=reject_unknown_helo_hostname status=0
 >>> END Helo command RESTRICTIONS <<<
 >>> START Recipient address RESTRICTIONS <<<
generic_checks: name=check_recipient_access
check_mail_access: [hidden email]
ctable_locate: leave existing entry key
[hidden email]?[hidden email]
dict_mysql_get_active: attempting to connect to host 127.0.0.1
dict_mysql: successful connection to host 127.0.0.1
mysql:/etc/postfix/sql/recipient-access.cf: successful query result from
host 127.0.0.1
dict_mysql_lookup: retrieved 1 rows
maps_find: mysql:/etc/postfix/sql/recipient-access.cf:
mysql:/etc/postfix/sql/recipient-access.cf(0,lock|fold_fix|utf8_request):
[hidden email] = OK
mail_addr_find: [hidden email] -> OK
check_table_result: mysql:/etc/postfix/sql/recipient-access.cf OK
[hidden email]
smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
match_list_match: OK: no match
smtpd_acl_permit: smtpd_log_access_permit_actions: no match
generic_checks: name=check_recipient_access status=1
 >>> END Recipient address RESTRICTIONS <<<
 >>> START Recipient address RESTRICTIONS <<<
generic_checks: name=reject_non_fqdn_recipient
reject_non_fqdn_address: [hidden email]
generic_checks: name=reject_non_fqdn_recipient status=0
generic_checks: name=reject_unknown_recipient_domain
reject_unknown_address: [hidden email]
ctable_locate: leave existing entry key
[hidden email]?[hidden email]
reject_unknown_mailhost: zieldomain.de
lookup zieldomain.de type MX flags
dns_query: zieldomain.de (MX): OK
dns_get_answer: type MX for zieldomain.de
generic_checks: name=reject_unknown_recipient_domain status=0
generic_checks: name=reject_unauth_destination
reject_unauth_destination: [hidden email]
permit_auth_destination: [hidden email]
ctable_locate: leave existing entry key
[hidden email]?[hidden email]
NOQUEUE: reject: RCPT from absendermailserver.de[139.18.1.9]: 554 5.7.1
<[hidden email]>: Relay access denied;
from=<[hidden email]> to=<[hidden email]>
proto=ESMTP helo=<absendermailserver.de>
generic_checks: name=reject_unauth_destination status=2
 >>> END Recipient address RESTRICTIONS <<<
 > absendermailserver.de[139.18.1.9]: 554 5.7.1
<[hidden email]>: Relay access denied
< absendermailserver.de[139.18.1.9]: DATA
 > absendermailserver.de[139.18.1.9]: 554 5.5.1 Error: no valid recipients
< absendermailserver.de[139.18.1.9]: RSET
 > absendermailserver.de[139.18.1.9]: 250 2.0.0 Ok
< absendermailserver.de[139.18.1.9]: QUIT
 > absendermailserver.de[139.18.1.9]: 221 2.0.0 Bye
match_hostname: smtpd_client_event_limit_exceptions:
absendermailserver.de ~? 127.0.0.0/8
match_hostaddr: smtpd_client_event_limit_exceptions: 139.18.1.9 ~?
127.0.0.0/8
match_hostname: smtpd_client_event_limit_exceptions:
absendermailserver.de ~? [::ffff:127.0.0.0]/104
match_hostaddr: smtpd_client_event_limit_exceptions: 139.18.1.9 ~?
[::ffff:127.0.0.0]/104
match_hostname: smtpd_client_event_limit_exceptions:
absendermailserver.de ~? [::1]/128
match_hostaddr: smtpd_client_event_limit_exceptions: 139.18.1.9 ~? [::1]/128
match_list_match: absendermailserver.de: no match
match_list_match: 139.18.1.9: no match
send attr request = disconnect
send attr ident = smtpd:139.18.1.9
private/anvil: wanted attribute: status
input attribute name: status
input attribute value: 0
private/anvil: wanted attribute: (list terminator)
input attribute name: (end)
disconnect from absendermailserver.de[139.18.1.9] ehlo=2 starttls=1
mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
master_notify: status 1
connection closed
Reply | Threaded
Open this post in threaded view
|

Re: relay access denied - die 25.ste

Winfried Neessen
Hi,

On 30. Jan 2020, at 22:08, [hidden email] wrote:

> Irgendeine restriction scheint zuzuschlagen - ich finde den Fehler aber nicht - für Hinweise bin ich dankbar :-)
>
Die Fehlermeldung waere noch hilfreich bei der Fehlersuche ;)


Winni

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: relay access denied - die 25.ste

sebastian@debianfan.de
This is the mail system at host mail.absenderserver.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<[hidden email]>: host mail.zielserevr.de[139.18.1.8]
     said: 554 5.7.1 <[hidden email]>: Relay access denied (in
     reply to RCPT TO command)


Am 30.01.2020 um 22:15 schrieb Winfried Neessen:

> Hi,
>
> On 30. Jan 2020, at 22:08, [hidden email] wrote:
>
>> Irgendeine restriction scheint zuzuschlagen - ich finde den Fehler aber nicht - für Hinweise bin ich dankbar :-)
>>
> Die Fehlermeldung waere noch hilfreich bei der Fehlersuche ;)
>
>
> Winni
>
Reply | Threaded
Open this post in threaded view
|

Re: relay access denied - die 25.ste

Winfried Neessen
In reply to this post by Winfried Neessen
Hi nochmal,

On 30. Jan 2020, at 22:15, Winfried Neessen <[hidden email]> wrote:

Irgendeine restriction scheint zuzuschlagen - ich finde den Fehler aber nicht - für Hinweise bin ich dankbar :-)

Die Fehlermeldung waere noch hilfreich bei der Fehlersuche ;)

Nevermind. Ich hab' gerade verstanden, dass der Haufen Text unten drunter auch das Log war ;)
Aus irgendeinem Grund, werden zwar die accounts.cf und aliases.cf MySQL configs gelesen, die
domains.cf aber nicht. Was dazu fuehrt, dass die virtuelle Domain fuer Postfix nicht sichtbar ist und
somit keine "ich bin dafuer zustaendig"-Domain ist- was dann natuerlich zu "Relay access denied"
fuehrt.

Versuch mal bitte local_recipient_maps leer zu lassen. Also statt:

local_recipient_maps = $virtual_mailbox_maps

einfach

local_recipient_maps =

setzen.

Vielleicht hilft das schon.


Winni

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: relay access denied - die 25.ste

sebastian@debianfan.de
keine Verbesserung

Am 30.01.2020 um 22:49 schrieb Winfried Neessen:

> Hi nochmal,
>
> On 30. Jan 2020, at 22:15, Winfried Neessen <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>>> Irgendeine restriction scheint zuzuschlagen - ich finde den Fehler
>>> aber nicht - für Hinweise bin ich dankbar :-)
>>>
>> Die Fehlermeldung waere noch hilfreich bei der Fehlersuche ;)
>
> Nevermind. Ich hab' gerade verstanden, dass der Haufen Text unten
> drunter auch das Log war ;)
> Aus irgendeinem Grund, werden zwar die accounts.cf und aliases.cf MySQL
> configs gelesen, die
> domains.cf aber nicht. Was dazu fuehrt, dass die virtuelle Domain fuer
> Postfix nicht sichtbar ist und
> somit keine "ich bin dafuer zustaendig"-Domain ist- was dann natuerlich
> zu "Relay access denied"
> fuehrt.
>
> Versuch mal bitte local_recipient_maps leer zu lassen. Also statt:
>
> /local_recipient_maps = $virtual_mailbox_maps/
>
> einfach
>
> /local_recipient_maps =/
>
> setzen.
>
> Vielleicht hilft das schon.
>
>
> Winni
Reply | Threaded
Open this post in threaded view
|

Re: relay access denied - die 25.ste

Winfried Neessen
Hi,

On 31. Jan 2020, at 00:24, [hidden email] wrote:

keine Verbesserung

Ich seh gerade, es fehlt noch der transport_maps Parameter. Setz den auch mal auf:

transport_maps = mysql:/etc/postfix/sql/domains.cf


Winni

PS: Fuer Datenbankzugriffe empfehle ich proxymaps: http://www.postfix.org/proxymap.8.html

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: relay access denied - die 25.ste

sebastian@debianfan.de
ich hab den Fehler selbst gefunden - Du hast mich drauf gebracht - ich
hatte in der domain-sql-Datei ein falsches Statement drin...

Copy & Paste - ich geh ins Bett - das war selbst gebautes Unglück

Am 31.01.2020 um 00:32 schrieb Winfried Neessen:

> Hi,
>
> On 31. Jan 2020, at 00:24, [hidden email]
> <mailto:[hidden email]> wrote:
>
>> keine Verbesserung
>>
> Ich seh gerade, es fehlt noch der transport_maps Parameter. Setz den
> auch mal auf:
>
> /transport_maps = mysql:/etc/postfix/sql/domains.cf/
>
>
> Winni
>
> PS: Fuer Datenbankzugriffe empfehle ich proxymaps:
> http://www.postfix.org/proxymap.8.html