发送电子邮件时发生错误 - 554 5.7.1 - 拒绝中继访问

时间:2017-11-30 16:46:45

标签: email ssl postfix

我有一个使用Postfix(3.1.0)和Dovecot的新电子邮件服务器。我设法在客户端和服务器之间建立TLS连接,但我遇到了一个奇怪的问题。每当我尝试发送电子邮件时,都会收到此错误:554 5.7.1 - 拒绝中继访问。 我搜索了这个错误,我发现我需要设置smtpd_relay_restrictions,所以我试过了。但没有改变。然后我添加了smtpd_sender_restrictions,但没有改变。 我尝试将电子邮件发送到不同的域并在客户端设备上使用不同的网络。同样的错误。

这是我的main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = class

mailbox_size_limit = 0
home_mailbox = Maildir/

virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

recipient_delimiter = +

inet_interfaces = all
inet_protocols = ipv4

# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.ro/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.ro/privkey.pem
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext,noanonymous

smtpd_recipient_restrictions =
  permit_sasl_authenticated
  permit_mynetworks
  reject_unauth_destination

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_relay_restrictions = permit_mynetworks, 
  permit_sasl_authenticated,
  reject_unauth_destination

smtpd_sender_restrictions = permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination

什么可能产生此错误?

1 个答案:

答案 0 :(得分:0)

关于Postfix设置: 对我来说,它看起来像你的网络" mynetworks"设定:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

只允许通过IPv4 / IPv6为localhost上的客户端进行中继。

如果客户端位于LAN IP为192.168.0.100的同一LAN上,我相信您需要设置如下:

mynetworks = 127.0.0.0/8 192.168.0.100 [::ffff:127.0.0.0]/104 [::1]/128

如果客户在互联网上的IP为9.9.9.9,我相信您需要设置如下:

mynetworks = 127.0.0.0/8 9.9.9.9 [::ffff:127.0.0.0]/104 [::1]/128

这有帮助吗?

至于dovecot,维基上有一个有用的页面 - 如果你还没有,那么将dovecot配置为需要ssl / tls进行auth登录更安全: https://wiki.dovecot.org/SSL/DovecotConfiguration

相关问题
最新问题