Am 27.02.2011 09:37, schrieb Patrick Ben Koetter:

• Patrick Ben Koetter p@state-of-mind.de:

...

• Uwe Soemer uwe@soemer.org:

...

ich habe ein Problem mit meinem neu aufgesetzten Postfix-Server. Auf dem Server beherberge ich Benutzer, die über ein Relay die Emails versenden müssen - das funktioniert einwandfrei. Das Problem trat erst auf, als ich

Welches Problem?

Um es mal anders zu sagen: Was ist das Ziel? Bitte beschreibe das mal und sende dazu die Ausgabe von "postconf -n".

p@rick

Konfiguration mit smtp_sender_dependent_authentication in Funktion aktiv:

postfix

alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no canonical_maps = hash:/etc/postfix/canonical_maps config_directory = /etc/postfix default_transport = smtp html_directory = /usr/share/doc/postfix/html inet_interfaces = all local_recipient_maps = hash:/etc/postfix/local_recipient_maps $alias_maps local_transport = zarafa mailbox_command = /usr/bin/zarafa-dagent $USER@$DOMAIN mailbox_transport = zarafa mydestination = s01.soe.priv, localhost, localhost.soe.priv, soe.priv mydomain = s01.soe.priv myhostname = s01.soe.priv mynetworks = soe.priv 192.168.0.0/16 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = /usr/share/doc/postfix recipient_bcc_maps = hash:/etc/postfix/recipient_bcc recipient_canonical_maps = hash:/etc/postfix/recipient_canonical_maps recipient_delimiter = + sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost_maps smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = hash:/etc/postfix/smtp_mechs smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = hash:/etc/postfix/smtp_tls_policy_maps smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_delay_reject = no smtpd_reject_unlisted_recipient = no smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_cert_file = /etc/ssl/certs/cert.pem smtpd_tls_key_file = /etc/ssl/private/key.pem smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_prng_update_period = 3600s tls_random_source = dev:/dev/urandom

in dieser Konfiguration werden lokale Emails an externe Relay gesendet. Problem: Zeitverlust, Emails unterliegen der Spam-Kontrolle des Providers.

Konfiguration aktiver lokaler Zustellung hier funktioniert smtp_sender_dependent_authentication nicht.

postfix

alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no canonical_maps = hash:/etc/postfix/canonical_maps config_directory = /etc/postfix default_transport = smtp html_directory = /usr/share/doc/postfix/html inet_interfaces = all local_recipient_maps = hash:/etc/postfix/local_recipient_maps $alias_maps local_transport = zarafa mailbox_command = /usr/bin/zarafa-dagent $USER@$DOMAIN mailbox_size_limit = 0 mailbox_transport = zarafa mydestination = s01.soe.priv, localhost, localhost.soe.priv, soe.priv mydomain = s01.soe.priv myhostname = s01.soe.priv mynetworks = soe.priv 192.168.0.0/16 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = /usr/share/doc/postfix recipient_bcc_maps = hash:/etc/postfix/recipient_bcc recipient_canonical_maps = hash:/etc/postfix/recipient_canonical_maps recipient_delimiter = + sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost_maps smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = hash:/etc/postfix/smtp_mechs smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = hash:/etc/postfix/smtp_tls_policy_maps smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_delay_reject = no smtpd_reject_unlisted_recipient = no smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_cert_file = /etc/ssl/certs/cert.pem smtpd_tls_key_file = /etc/ssl/private/key.pem smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_prng_update_period = 3600s tls_random_source = dev:/dev/urandom /transport_maps = hash:/etc/postfix/virtual_transport virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = hash:/etc/postfix/virtual_domains virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_transport = smtp// virtual_uid_maps = static:5000 /

in dieser Konfiguration werden lokale Email direkt zugestellt, aber externe Emails werden via MX-Record der Zieldomäne zugestellt. Problem: Versenden externer Emails nicht möglich.

Als Lösung würde helfen wenn ich die Domänen meiner Benutzer als Lokal eintrage und dem Mail-Server mitteile das dies nonauthoritative passiert, denn ich kann ja schlecht gmx und t-online als meine Domänen eintragen, denn dann kann ich diesen Domänen gar keine Emails mehr senden, da Postfix die anderen Benutzer nicht kennt und die Emails ablehnt (authoritative) - ist ja auch vollkommen korreckt. In einer nonauthoritative Einstellung würde Postfix unbekannte Zielbenutzer über das entsprechende Absender-Relay weitersenden.

Uwe