Vraag Postfix hard bounced e-mails worden niet afgewezen


UPDATE: Dit probleem kan worden gereproduceerd door Postfix in docker-containers te installeren.

Ik probeerde opnieuw te compileren van de meest recente postfix-versies source 2.x en 3.x, maar loste het probleem niet op.

Ik heb Postfix geconfigureerd om e-mails te verzenden en te ontvangen, maar er is een probleem met HARD bounced e-mails - ze worden niet geweigerd en Postfix herhaalt ze elke x minuten te verzenden en de gebruiker ontvangt "Undelivered Mail Returned to Sender" meerdere keren.

In mail.log zie ik: [..] delay=5.2, delays=0.11/0.01/0.07/5, dsn=4.3.0, status=deferred (bounce or trace service failure)

ik voegde toe -v om te kaatsen, qmgr daemons in master.cf, maar toch kan ik niet achterhalen wat er mis is.

En hier is mijn config:

# postconf -nf:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 0
message_size_limit = 134217728
milter_default_action = accept
mydestination = localhost
myhostname = box.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = $smtpd_milters
notify_classes = bounce, delay, resource, software
readme_directory = no
recipient_delimiter = +
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 2
smtp_tls_security_level = dane
smtpd_banner = ESMTP $mail_name
smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:8893
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
    reject_rbl_client zen.spamhaus.org, reject_unlisted_recipient,
    check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions =
    permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql/sender-login-maps.cf
smtpd_sender_restrictions = reject_non_fqdn_sender,
    reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch,
    reject_rhsbl_sender dbl.spamhaus.org
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/nginx/ssl/example.crt
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = /etc/nginx/ssl/dh2048.pem
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /etc/nginx/ssl/example.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_domains_maps.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_transport = lmtp:[127.0.0.1]:10026
virtual_uid_maps = static:5000


# postconf -Mf
smtp       inet  n       -       -       -       -       smtpd
submission inet  n       -       -       -       -       smtpd
    -o content_filter=
    -o syslog_name=postfix/submission
    -o smtpd_milters=inet:127.0.0.1:8891
    -o smtpd_tls_security_level=encrypt
    -o smtpd_tls_ciphers=high
    -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4
    -o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
    -o cleanup_service_name=authclean
authclean  unix  n       -       -       -       0       cleanup
    -o header_checks=regexp:/etc/postfix/header_checks
pickup     unix  n       -       -       60      1       pickup
    -o content_filter=
    -o receive_override_options=no_header_body_checks
cleanup    unix  n       -       -       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       -       1000?   1       tlsmgr
rewrite    unix  -       -       -       -       -       trivial-rewrite
bounce     unix  -       -       -       -       0       bounce
defer      unix  -       -       -       -       0       bounce
trace      unix  -       -       -       -       0       bounce
verify     unix  -       -       -       -       1       verify
flush      unix  n       -       -       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       -       -       -       smtp
relay      unix  -       -       -       -       -       smtp
showq      unix  n       -       -       -       -       showq
error      unix  -       -       -       -       -       error
retry      unix  -       -       -       -       -       error
discard    unix  -       -       -       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       -       -       -       lmtp
anvil      unix  -       -       -       -       1       anvil
scache     unix  -       -       -       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R
    user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
    ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR
    user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
    ${user}
smtp-amavis unix -       -       -       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
127.0.0.1:10025 inet n   -       -       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

en mijn mail.log:

Jul 31 08:19:49 b1037ca901c1 postfix/submission/smtpd[22107]: connect from localhost[127.0.0.1]
Jul 31 08:19:49 b1037ca901c1 postfix/submission/smtpd[22107]: CCAF8D80222: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=test@fromexample.com
Jul 31 08:19:49 b1037ca901c1 postfix/cleanup[22109]: CCAF8D80222: replace: header Received: from box.example.com (localhost [127.0.0.1])??(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))??(No client certificate requested)??by box.example.com (Postfix) with ESMTPSA id CCAF8D802 from localhost[127.0.0.1]; from=<test@fromexample.com> to=<nondeliverableemail@toexample.com> proto=ESMTP helo=<box.example.com>: Received: from authenticated-user (unknown [127.0.0.1])??(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))??(No client certificate requested)??by box.example.com (Postfix) with ESMTPSA id CCAF8D80222??for <nondeliverableemail@toexample.com>; Fri, 31 Jul 2015 08:19:49 +0000 (UTC)
Jul 31 08:19:49 b1037ca901c1 postfix/cleanup[22109]: CCAF8D80222: message-id=<bc058d139ee5208cbc312163e6a0fe58@fromexample.com>
Jul 31 08:19:49 b1037ca901c1 postfix/qmgr[20607]: CCAF8D80222: from=<test@fromexample.com>, size=646, nrcpt=1 (queue active)
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: setting up TLS connection to smtp1.toexample.com[23.75.25.14]:25
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:before/connect initialization
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:unknown state
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server hello A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: depth=0 verify=0 subject=/C=LV/O=EXample/OU=ITC/CN=smtp1.toexample.com
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: depth=0 verify=0 subject=/C=LV/O=EXample/OU=ITC/CN=smtp1.toexample.com
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server certificate A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server certificate request A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read server done A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write client certificate A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write client key exchange A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write change cipher spec A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 write finished A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 flush data
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: SSL_connect:SSLv3 read finished A
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: smtp1.toexample.com[23.75.25.14]:25: subject_CN=smtp1.toexample.com, issuer_CN=smtp1.toexample.com, fingerprint=F1:6E:B7:64:96:D3:DB:5C:F6:7D:37:89:BE:5D:E8:74, pkey_fingerprint=A8:F4:72:BA:D8:16:26:11:67:F5:10:4F:96:C3:CF:29
Jul 31 08:19:49 b1037ca901c1 postfix/smtp[22110]: Untrusted TLS connection established to smtp1.toexample.com[23.75.25.14]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
Jul 31 08:19:50 b1037ca901c1 postfix/submission/smtpd[22107]: disconnect from localhost[127.0.0.1]
Jul 31 08:19:55 b1037ca901c1 postfix/smtp[22110]: CCAF8D80222: to=<nondeliverableemail@toexample.com>, relay=smtp1.toexample.com[23.75.25.14]:25, delay=5.2, delays=0.08/0/0.07/5, dsn=4.3.0, status=deferred (bounce or trace service failure)

EN hier worden e-mails verzonden (één voor gebruiker, één voor postmaster)

Jul 31 08:20:05 b1037ca901c1 postfix/cleanup[22139]: 068B1D80225: message-id=<20150731082005.068B1D80225@box.example.com>
Jul 31 08:20:05 b1037ca901c1 postfix/bounce[22138]: CCAF8D80222: sender non-delivery notification: 068B1D80225
Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 068B1D80225: from=<>, size=2934, nrcpt=1 (queue active)
Jul 31 08:20:05 b1037ca901c1 postfix/cleanup[22139]: 090D2D80226: message-id=<20150731082005.090D2D80226@box.example.com>
Jul 31 08:20:05 b1037ca901c1 postfix/bounce[22138]: CCAF8D80222: postmaster non-delivery notification: 090D2D80226
Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 090D2D80226: from=<double-bounce@box.example.com>, size=2536, nrcpt=1 (queue active)
Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: CCAF8D80222: status=deferred (bounce failed)
Jul 31 08:20:05 b1037ca901c1 postfix/lmtp[22140]: 068B1D80225: to=<test@fromexample.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <test@fromexample.com> kdV1ArUvu1V+VgAADqs49A Saved)
Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 068B1D80225: removed
Jul 31 08:20:05 b1037ca901c1 postfix/lmtp[22141]: 090D2D80226: to=<postmaster@fromexample.com>, orig_to=<postmaster>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <postmaster@fromexample.com> 4tOQArUvu1V/VgAADqs49A Saved)
Jul 31 08:20:05 b1037ca901c1 postfix/qmgr[20607]: 090D2D80226: removed

Hier is een volledig uitgebreid logboek: http://pastebin.com/bsFDsFB9 (het bewerken van de vraag maakt de vraag te lang - MadHatter).

Kan er een probleem zijn met mijn config of is er een fout in Postfix 2.11.0?


5
2017-07-30 16:54


oorsprong


Ik ben dit probleem nog steeds aan het onderzoeken, maar het probleem zit in het uitvoeren van postfix in docker-container. En het probleem zit ook in de vers geïnstalleerde postfix (geen aanpassingen aan standaard configuratiebestanden). - Agris Ameriks
Overweeg om dit probleem te plaatsen in de postfix-officiële mailinglijst postfix-users@postfix.org - masegaloeh


antwoorden:


Dit probleem heeft te maken met docker + postfix + Ubuntu 14.04.3 LTS met kernel 3.16 host (ik heb niet getest met 3.13).

Probleem kan zonder enige configuratiewijziging worden gereproduceerd als postfix in docker-container is geïnstalleerd.

Ik heb geprobeerd de postfix vanaf bron (2.x en 3.x) opnieuw samen te stellen, maar daarmee is het probleem niet opgelost.

Om het probleem op te lossen moest ik de nieuwste kernelversie installeren die beschikbaar is voor Ubuntu LTS - 3.19. apt-get installeer linux-generic-lts-levendig


4
2017-08-10 04:26





Ik heb een vergelijkbaar probleem met LXC. In mijn geval loste het upgraden van de kernel naar de nieuwste beschikbare versie 3.19.0-39 het niet op.

Ik heb een bugrapport gevonden met betrekking tot dit probleem: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1446906

Docker gebruikt LXC-containers, daarom is dit verwant. In pure LXC kan het tijdelijk worden opgelost door het apparmor-profiel uit te schakelen met (lxc.aa_profile = unconfined). In docker is het mogelijk om LXC-opties door te geven met --lxc-conf opdrachttoets.


1
2017-12-08 16:03