Kein Empfang bei Postfix: Relay access denied

[haschi]

Moin!

Debian 3.1 Sarge, VHCS 2.4, Postfix 2.1.5

Ich bin jetzt schon den ganzen Tag dabei, den Mailserver wieder hinzubekommen, nachdem sich Postfix komplett zerlegt hatte.

Das versenden von Mails per SMTP ist möglich, jedoch der Empfang scheitert. Jede Mail wird mit "Relay access denied" zurückgeschickt.

Wo liegt jetzt der Fehler? Bei der Installation vom VHCS wurde auch SASL installiert. Liegt da der Fehler?

Hiermal einige Daten:

Header und Fehler einer Mail (marcohanisch.de liegt auf dem Server):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  haschi@marcohanisch.de
    SMTP error from remote mail server after RCPT TO:<haschi@marcohanisch.de>:
    host mail.marcohanisch.de [88.198.9.24]: 554 <haschi@marcohanisch.de>:
    Relay access denied

------ This is a copy of the message, including all the headers. ------

Return-path: <marcohanisch@freenet.de>
Received: from [194.97.50.136] (helo=mx3.freenet.de)
	by mout1.freenet.de with esmtpa (Exim 4.67)
	(envelope-from <marcohanisch@freenet.de>)
	id 1HPoeB-0002OR-39
	for haschi@marcohanisch.de; Sat, 10 Mar 2007 00:37:15 +0100
Received: from p548c1f4e.dip0.t-ipconnect.de ([84.140.31.78]:4641 helo=[127.0.0.1])
	by mx3.freenet.de with esmtpsa (ID marcohanisch1@freenet.de) (TLSv1:AES256-SHA:256) (port 25) (Exim 4.67 #1)
	id 1HPoeB-0005pQ-0E
	for haschi@marcohanisch.de; Sat, 10 Mar 2007 00:37:15 +0100
Message-ID: <45F1EFA8.10809@freenet.de>
Date: Sat, 10 Mar 2007 00:37:12 +0100
From: Marco Hanisch <marcohanisch@freenet.de>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: Haschi <haschi@marcohanisch.de>
Subject: Re: testmail
References: <45F01605.2010909@a4-freunde.com> <45F01806.5090904@freenet.de> <45F018C7.90706@a4-freunde.com> <45F018F7.1080908@freenet.de> <45F14D84.7000601@a4-freunde.com> <45F153CE.80804@freenet.de> <45F18C15.2090604@a4-freunde.com>
In-Reply-To: <45F18C15.2090604@a4-freunde.com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

main.cf:

#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces = all
mynetworks_style = host

myhostname = mail.freunde-server.de
mydomain = mail.freunde-server.de
myorigin = $mydomain

smtpd_banner = $myhostname VHCS2 {MTA_VERSION} Managed ESMTP {MTA_HOST_TYPE}
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination = $myhostname, $mydomain 
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
virtual_transport = virtual
transport_maps = hash:/etc/postfix/vhcs2/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/aliases

local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base = /var/mail/virtual	
virtual_mailbox_limit = 0

virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes

virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases

virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:8

#
# SASL paramters;
#

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = 

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   reject_unauth_destination

master.cf:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n      -       -       -       -       smtpd
#	-o smtpd_etrn_restrictions=reject
#	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps    inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n      -       -       -       -       smtpd
#  -o smtpd_etrn_restrictions=reject
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
	-o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache	  unix	-	-	-	-	1	scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       -       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

#
# vhcs delivery agent.
#

vhcs2-arpl unix  -      n       n       -       -       pipe flags=O user=vmail argv=/var/www/vhcs2/engine/messager/vhcs2-arpl-msgr

mail.log:

postfix/smtpd[7719]: connect from mout1.freenet.de[194.97.50.132]
postfix/smtpd[7719]: NOQUEUE: reject: RCPT from mout1.freenet.de[194.97.50.132]: 554 <haschi@marcohanisch.de>: Relay access denied; from=<marcohanisch@freenet.de> to=<haschi@marcohanisch.de> proto=ESMTP helo=<mout1.freenet.de>
postfix/smtpd[7719]: disconnect from mout1.freenet.de[194.97.50.132]
postfix/smtpd[7719]: connect from freunde-server.local[127.0.0.1]
postfix/smtpd[7719]: warning: SASL authentication problem: unknown password verifier 
postfix/smtpd[7719]: warning: freunde-server.local[127.0.0.1]: SASL LOGIN authentication failed
postfix/smtpd[7719]: lost connection after AUTH from freunde-server.local[127.0.0.1]
postfix/smtpd[7719]: disconnect from freunde-server.local[127.0.0.1]

Fehlt noch was?

Ich hoffe ihr könnt mir helfen, ich verzweifel schon....

DANKE!!!!

Gruß
Marco

 

[elias5000]

Jede Mail wird mit "Relay access denied"

Der Server fühlt sich nicht für die Domain verantwortlich. Weder für's Empfangen, noch für's Relayen.
Da ist VHCS nicht kenne, vermute ich mal nur, dass VHCS das alles per Virtual Mappings erledigt, was uns gleich zum nächsten Punkt bringt...

Fehlt noch was?

Die Mailbox- und Alias-Tables von VHCS.

 

[haschi]

Die Mailbox- und Alias-Tables von VHCS.

Moin!

Danke für die Antwort!

Sind das nicht diese hier?

virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes

 

[haschi]

Soo.. Hab es mittlerweile geschafft das der Sender nicht geblockt wird. Mail-Weiterleitungen funktionieren.

Send ich jetzt eine Mail an ein Postfach, kommt ne Mail zurück mit:

Reporting-MTA: dns; freunde-server.de
X-Postfix-Queue-ID: D76ECD7C13A
X-Postfix-Sender: rfc822; marcohanisch@freenet.de
Arrival-Date: Sat, 10 Mar 2007 19:33:30 +0100 (CET)

Final-Recipient: rfc822; haschi@marcohanisch.de
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; unknown user: "haschi"

D.h., er weiß nicht von haschi@marcohanisch.de.

Hab meine main.cf mittlerweile so:

#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces = all
mynetworks_style = host
mynetworks = 127.0.0.1/8
myhostname = freunde-server.de
mydomain = $myhostname
myorigin = $myhostname

smtpd_banner = $myhostname VHCS2 
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination = /etc/postfix/vhcs2/domains 
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
virtual_transport = virtual
transport_maps = hash:/etc/postfix/vhcs2/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/postfix/vhcs2/aliases
alias_maps = hash:/etc/postfix/vhcs2/aliases 
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base = /var/mail/virtual	
virtual_mailbox_limit = 0

virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes

virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases

virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:8
smtpd_client_restrictions = check_client_access hash:/etc/postfix/vhcs2/sender-access
#
# SASL paramters;
#

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = 

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   reject_unauth_destination

Wo liegt jetzt noch der Fehler.....?

DANKE!

 

[elias5000]

Soo.. Hab es mittlerweile geschafft das der Sender nicht geblockt wird. Mail-Weiterleitungen funktionieren.

Was hast du gemacht?

Wo liegt jetzt noch der Fehler.....?

Keine Ahnung. Du hast die Virtual-Tables nicht gezeigt und auch keine Logs für den neuen Fehler. Da ist nichts außer Raten drin.

 

[haschi]

Hab ansich nichts gemacht, nur hier und da etwas ander main.cf geändert. Aber was jetzt alles, so ausm Kopf, nicht mehr möglich..

Achso, log, sorry..

mail.info:

Mar 10 19:42:58 freunde-server postfix/cleanup[2112]: 643EBD7C13C: message-id=<20070310184258.643EBD7C13C@freunde-server.de>
Mar 10 19:45:21 freunde-server postfix/local[2582]: 5256BD7C138: to=<haschi@marcohanisch.de>, relay=local, delay=0, status=bounced (unknown user: "haschi")

/etc/postfix/vhcs2/ailiases

#
# MTA Managment Virtual Aliases List;
#
# Please do NOT edit it manually;
#

haschi@marcohanisch.de	haschi@marcohanisch.de

 

[elias5000]

Ich vermute mal, dass der Postfix versucht, die Mail an haschi@marcohanisch.de lokal zuzustellen, weil er seine Domain in der Domain-Table von VHCS gefunden hat.
Jetzt braucht er die Gewissheit, dass er den User haschi kennt. Dazu sollte der in den local_recipients_maps stehen. Dort gibt man üblicherweise die Alias-Tables und eine Table mit den Mailbox-Namen ein.

Da in deinen Aliases nur die Mail-Adresse auftaucht, aber nicht der Username einzeln, bleibt ihm nur der Systemuser aus Passwd (local_recipient_maps = unixasswd.byname $alias_database). Daraus schließe ich, dass es keinen lokalen Unix-User namens haschi gibt.

Lösung ist jetzt, entweder diesen anzulegen oder in die Recipient-Maps einzutragen.

 

[haschi]

Moin!

Hmm.. Hab's jetzt. zumindest werden wieder Mails empfangen. Ob es richtig ist weiß ich nichts wo wirklich.

Hab jetzt

local_transport = local

in

local_transport = virtual

geändert.

Somit sieht die main.cf jetzt so aus:

#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces = all
mynetworks_style = host
mynetworks = 127.0.0.1/8
myhostname = server1.freunde-server.de
mydomain = freunde-server.de
myorigin = $myhostname

smtpd_banner = $myhostname VHCS2 
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination = /etc/postfix/vhcs2/domains 
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = virtual
virtual_transport = virtual
transport_maps = hash:/etc/postfix/vhcs2/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/postfix/vhcs2/aliases
alias_maps = hash:/etc/postfix/vhcs2/aliases 
local_destination_recipient_limit = 1
local_recipient_maps = $virtual_alias_maps
#local_recipient_maps = unix:passwd.byname $alias_database

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base = /var/mail/virtual	
virtual_mailbox_limit = 0

virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes

virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases

virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:8
smtpd_client_restrictions = check_client_access hash:/etc/postfix/vhcs2/sender-access
#
# SASL paramters;
#

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = 

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   reject_unauth_destination

Ich will hoffen das dort nu nicht irgendwas falsch läuft..