我有一个新的电子邮件服务器,使用Postfix(3.1.0)和Dovecot。我已设法在客户端和服务器之间建立TLS连接,但我遇到了一个奇怪的问题。每当我尝试发送电子邮件时,都会收到此错误:554 5.7.1 - 拒绝中继访问。我搜索了这个错误,我发现我需要设置smtpd_relay_restrictions
,所以我试过了。但没有改变。然后我添加了smtpd_sender_restrictions
,但没有改变。我尝试将电子邮件发送到不同的域并在客户端设备上使用不同的网络。同样的错误。
这是我的main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = class
mailbox_size_limit = 0
home_mailbox = Maildir/
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.ro/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.ro/privkey.pem
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext,noanonymous
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
什么可能产生这个错误?
关于Postfix设置:对我而言,它看起来像你的“mynetworks”设置:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
只允许通过IPv4 / IPv6在localhost上为客户端进行中继。
如果客户端位于LAN IP为192.168.0.100的同一LAN上,我相信您需要设置如下:
mynetworks = 127.0.0.0/8 192.168.0.100 [::ffff:127.0.0.0]/104 [::1]/128
如果客户端在互联网上的IP为9.9.9.9,我相信您需要设置如下:
mynetworks = 127.0.0.0/8 9.9.9.9 [::ffff:127.0.0.0]/104 [::1]/128
这有帮助吗?
至于dovecot,在wiki上有一个有用的页面 - 如果你还没有,那么配置dovecot以获取auth登录需要ssl / tls更安全:https://wiki.dovecot.org/SSL/DovecotConfiguration