Постфикс — Не отправляет и не получает и почты!

Вчера я установил почтовый сервер Mododoa на свой Linux-компьютер Ubuntu, который размещен в Интернете.

Источник установки:

https://github.com/modoboa/modoboa-установщик

DNS должен работать корректно. То, что было сказано на https://mxtoolbox.com/

Когда я подключаю свой ноутбук через iamp и stmp, он показывает, что он подключен. Но я не могу получать и отправлять письма.

Следующая ошибка из журнала постфикса:

connect from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]
Oct 20 12:09:18 mail postfix/submission/smtpd[25138]: Anonymous TLS connection established from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 20 12:09:18 mail postfix/submission/smtpd[25138]: warning: connect to 127.0.0.1:9999: Connection refused
Oct 20 12:09:18 mail postfix/submission/smtpd[25138]: warning: problem talking to server 127.0.0.1:9999: Connection refused
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: warning: connect to 127.0.0.1:9999: Connection refused
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: warning: problem talking to server 127.0.0.1:9999: Connection refused
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: NOQUEUE: reject: RCPT from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]: 451 4.3.5 <myMail@gmx.de>: Recipient address rejected: Server configuration problem; from=<myMail@example.com> to=<myMail@gmx.de> proto=ESMTP helo=<smtpclient.apple>
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: disconnect from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7
Oct 20 12:09:22 mail postfix/submission/smtpd[25138]: connect from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]
Oct 20 12:09:22 mail postfix/submission/smtpd[25138]: Anonymous TLS connection established from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

мой домен — example.com, а почтовый домен — mail.example.com

следующие конфигурации:

# This file was automatically installed on 2022-10-19T17:34:22.359534
inet_interfaces = all
inet_protocols = all
myhostname = mail.example.com
myorigin = $myhostname
mydestination = $myhostname
mynetworks = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP
biff = no
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

mailbox_size_limit = 0
message_size_limit = 11534336
recipient_delimiter = +

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

## Proxy maps
proxy_read_maps =
        proxy:unix:passwd.byname
        proxy:pgsql:/etc/postfix/sql-domains.cf
        proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
        proxy:pgsql:/etc/postfix/sql-aliases.cf
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
        proxy:pgsql:/etc/postfix/sql-maintain.cf
        proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf
        proxy:pgsql:/etc/postfix/sql-transport.cf
recipient_delimiter = +

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

## Proxy maps
proxy_read_maps =
        proxy:unix:passwd.byname
        proxy:pgsql:/etc/postfix/sql-domains.cf
        proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
        proxy:pgsql:/etc/postfix/sql-aliases.cf
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
        proxy:pgsql:/etc/postfix/sql-maintain.cf
        proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf
        proxy:pgsql:/etc/postfix/sql-transport.cf

## TLS settings
#
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.de/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes

# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

#
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes

# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = strong

# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_exclude_ciphers = EXPORT, LOW

## Virtual transport settings
#
virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql-domains.cf
virtual_alias_domains = proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
virtual_alias_maps =
        proxy:pgsql:/etc/postfix/sql-aliases.cf

# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = strong

# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_exclude_ciphers = EXPORT, LOW

## Virtual transport settings
#
virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql-domains.cf
virtual_alias_domains = proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
virtual_alias_maps =
        proxy:pgsql:/etc/postfix/sql-aliases.cf

## Relay domains
#
relay_domains =
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
transport_maps =
        proxy:pgsql:/etc/postfix/sql-transport.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf

## SASL authentication through Dovecot
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

## SMTP session policies
#
#
relay_domains =
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
transport_maps =
        proxy:pgsql:/etc/postfix/sql-transport.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf

## SASL authentication through Dovecot
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

## SMTP session policies
#

# We require HELO to check it later
smtpd_helo_required = yes

# We do not let others find out which recipients are valid
disable_vrfy_command = yes

# MTA to MTA communication on Port 25. We expect (!) the other party to
# specify messages as required by RFC 821.
strict_rfc821_envelopes = yes

# Verify cache setup
address_verify_map = proxy:btree:$data_directory/verify_cache

proxy_write_maps =
    $smtp_sasl_auth_cache_name
    $lmtp_sasl_auth_cache_name
    $address_verify_map

smtpd_helo_required = yes

# We do not let others find out which recipients are valid
disable_vrfy_command = yes

# MTA to MTA communication on Port 25. We expect (!) the other party to
# specify messages as required by RFC 821.
strict_rfc821_envelopes = yes

# Verify cache setup
address_verify_map = proxy:btree:$data_directory/verify_cache

proxy_write_maps =
    $smtp_sasl_auth_cache_name
    $lmtp_sasl_auth_cache_name
    $address_verify_map

# OpenDKIM setup
smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s

# List of authorized senders
smtpd_sender_login_maps =
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf

# Recipient restriction rules
smtpd_recipient_restrictions =
      check_policy_service inet:127.0.0.1:9999
      permit_mynetworks
      permit_sasl_authenticated
      check_recipient_access
          proxy:pgsql:/etc/postfix/sql-maintain.cf
          proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
      reject_unverified_recipient
      reject_unauth_destination

non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s

# List of authorized senders
smtpd_sender_login_maps =
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf

# Recipient restriction rules
smtpd_recipient_restrictions =
      check_policy_service inet:127.0.0.1:9999
      permit_mynetworks
      permit_sasl_authenticated
      check_recipient_access
          proxy:pgsql:/etc/postfix/sql-maintain.cf
          proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
      reject_unverified_recipient
      reject_unauth_destination
      reject_non_fqdn_sender
      reject_non_fqdn_recipient
      reject_non_fqdn_helo_hostname

## Postcreen settings
#
postscreen_access_list =
       permit_mynetworks
       cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = enforce

# Use some DNSBL
postscreen_dnsbl_sites =
        zen.spamhaus.org=127.0.0.[2..11]*3
        bl.spameatingmonkey.net=127.0.0.2*2
        bl.spamcop.net=127.0.0.2
        dnsbl.sorbs.net=127.0.0.[2..15]
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_action = enforce

postscreen_greet_banner = Welcome, please wait...
postscreen_greet_action = enforce

#postscreen_pipelining_enable = yes
#postscreen_pipelining_action = enforce

#postscreen_non_smtp_command_enable = yes
#postscreen_non_smtp_command_action = enforce

#postscreen_bare_newline_enable = yes
#postscreen_bare_newline_action = enforce

Изменить: Ниже приведен журнал /var/log/supervisor/supervisord.log:

2022-10-20 12:09:09,989 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:10,992 INFO spawned: 'policyd' with pid 24193
2022-10-20 12:09:11,993 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:12,766 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:13,768 INFO spawned: 'policyd' with pid 25067
2022-10-20 12:09:14,770 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:15,452 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:16,454 INFO spawned: 'policyd' with pid 25102
2022-10-20 12:09:17,456 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:17,999 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:19,002 INFO spawned: 'policyd' with pid 25149
2022-10-20 12:09:20,003 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:20,708 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:21,710 INFO spawned: 'policyd' with pid 25188
2022-10-20 12:09:22,711 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:23,296 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:24,298 INFO spawned: 'policyd' with pid 25258
2022-10-20 12:09:25,299 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:25,769 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:26,771 INFO spawned: 'policyd' with pid 25300
2022-10-20 12:09:27,772 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:28,367 INFO exited: policyd (exit status 1; not expected)

и ниже приведен журнал ошибок /var/log/supervisor/policyd-stdout—supervisor-RuM9yD.log, который постоянно повторяется:

/srv/modoboa/env/lib/python3.6/site-packages/redis/utils.py:12: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
  import cryptography  # noqa
/srv/modoboa/env/lib/python3.6/site-packages/requests/__init__.py:104: RequestsDependencyWarning: urllib3 (1.26.12) or chardet (5.0.0)/charset_normalizer (2.0.12) doesn't match a supported version!
  RequestsDependencyWarning)
Traceback (most recent call last):
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1062, in create_server
    sock.bind(sa)
OSError: [Errno 99] Cannot assign requested address

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/srv/modoboa/instance/manage.py", line 21, in <module>
    main()
  File "/srv/modoboa/instance/manage.py", line 17, in main
    execute_from_command_line(sys.argv)
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
    utility.execute()
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/base.py", line 364, in execute
    output = self.handle(*args, **options)
  File "/srv/modoboa/env/lib/python3.6/site-packages/modoboa/policyd/management/commands/policy_daemon.py", line 39, in handle
    server = loop.run_until_complete(coro)
  File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
    return future.result()
  File "/usr/lib/python3.6/asyncio/streams.py", line 119, in start_server
    return (yield from loop.create_server(factory, host, port, **kwds))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1066, in create_server
    % (sa, err.strerror.lower()))
OSError: [Errno 99] error while attempting to bind on address ('::1', 9999, 0, 0): cannot assign requested address

Я надеюсь, что кто-то может помочь мне здесь. Заранее спасибо.

Эль-Салатини

1 ответ
1

Я мог решить это. Проблема была в том, что я должен был добавить --host 127.0.0.1 на следующую строку:

command=/srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py policy_daemon --host 127.0.0.1

в файле:

/etc/supervisor/conf.d/policyd.conf command=/srv/modoboa/env/bin/python 

а затем перезагрузите систему.

после этого я мог нормально получать электронные письма. Однако я не мог отправлять электронные письма через STMP, потому что он был ограничен только локальными сетями. у меня всегда была следующая ошибка:

NOQUEUE: reject: RCPT from p2e50c2a6.dip0.t-ipconnect.de[00.00.00.00]: 451 4.3.5 <email@domain.com>: Recipient address rejected: Server configuration problem;

это можно решить, раскомментировав следующую строку в main.cf постфикса:

smtpd_recipient_restrictions =
      #check_policy_service inet:127.0.0.1:9999
      permit_mynetworks

Я надеюсь, что это может быть полезно для кого-то!

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *