主题: 邮件无法发送

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.2
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):openLDAP
- 使用的 Linux/BSD 发行版名称及版本号:12.04
- 与您的问题相关的日志信息:
====
我在outlook发给内网邮件时提示如下错误:(前几天是可以发送内外网都正常,我差了IP也没有进入黑名单)


邮件没有到达某些或全部的预定收件人。

      主题:    555
      发送时间:    2013-09-11 14:35

无法到达以下收件人:

      'test@yiweilong.com',时间为 2013-09-11 14:35
            554 5.7.1 Service unavailable; Sender address [test@yiweilong.com] blocked using dsn.rfc-ignorant.org

回复: 邮件无法发送

james_tu 写道:

554 5.7.1 Service unavailable; Sender address [test@yiweilong.com] blocked using dsn.rfc-ignorant.org

之前没听说过 rfc-ignorant.org,现在似乎也已经无法访问了。
搜索了一下,似乎 rfc-ignorant.org 自己建立了某种黑名单机制,不遵守 RFC 规定的邮件服务器会被列入黑名单,主要是没有 postmaster@, abuse@ 等帐号(这些帐号是 RFC 里规定要有的)。而 dsn.rfc-ignorant.org 则是针对不接受来自 null sender(<>)的情况。原文描述的是:

If the publicly listed MX record for domain refuses to accept mail with a originator given as <>, then the domain will be considered a viable candidate for inclusion in the zone.

参考:

http://en.wikipedia.org/wiki/User:Jeff_ … norant.Org
http://www.rfc-ignorant.de/
http://web.archive.org/web/201210200531 … cy-dsn.php
https://issues.apache.org/SpamAssassin/ … gi?id=6526

从这个问题来看,iRedMail 在建立新的邮件域时做得不够好,没有自动添加 postmaster@, abuse@ 等帐号。由于极少公共黑名单会检查这些帐号是否存在,所以 iRedMail 和 iRedAdmin-Pro 暂时不准备在建立新邮件域时自动为管理员添加这些帐号。

回复: 邮件无法发送

ZhangHuangbin 写道:
james_tu 写道:

554 5.7.1 Service unavailable; Sender address [test@yiweilong.com] blocked using dsn.rfc-ignorant.org

之前没听说过 rfc-ignorant.org,现在似乎也已经无法访问了。
搜索了一下,似乎 rfc-ignorant.org 自己建立了某种黑名单机制,不遵守 RFC 规定的邮件服务器会被列入黑名单,主要是没有 postmaster@, abuse@ 等帐号(这些帐号是 RFC 里规定要有的)。而 dsn.rfc-ignorant.org 则是针对不接受来自 null sender(<>)的情况。原文描述的是:

If the publicly listed MX record for domain refuses to accept mail with a originator given as <>, then the domain will be considered a viable candidate for inclusion in the zone.

参考:

http://en.wikipedia.org/wiki/User:Jeff_ … norant.Org
http://www.rfc-ignorant.de/
http://web.archive.org/web/201210200531 … cy-dsn.php
https://issues.apache.org/SpamAssassin/ … gi?id=6526

从这个问题来看,iRedMail 在建立新的邮件域时做得不够好,没有自动添加 postmaster@, abuse@ 等帐号。由于极少公共黑名单会检查这些帐号是否存在,所以 iRedMail 和 iRedAdmin-Pro 暂时不准备在建立新邮件域时自动为管理员添加这些帐号。


我按你的操作新增了那两个邮箱用户,但现在还是无法发送,详细信息参考附件截图

Post's attachments

send Error.jpg 205.56 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

回复: 邮件无法发送

想办法联系你的收件人,看看他们是否可以禁用这个限制。
这样的限制太严格了,而且 rfc-ignorant.org 这个站早都关闭了。

5 最后由 james_tu (2013-09-13 23:17:16) 编辑

回复: 邮件无法发送

ZhangHuangbin 写道:

想办法联系你的收件人,看看他们是否可以禁用这个限制。
这样的限制太严格了,而且 rfc-ignorant.org 这个站早都关闭了。

我现在是自己发给自己都报这个错误,外部的更不行,我不知道为什么会发生这样的错误,难道这么多人都没遇到这种情况,要找到根源才能彻底解决,我想应该还是在服务端入手,但不知道如何做(是否跟iredmail版本有关系,我的版本是0.9.2)

回复: 邮件无法发送

贴一下 postconf -n 命令的输出。iRedMail 默认没有启用 RBL 以及 rfc-ignorant.org 的服务,所以不应该自己发给自己也会报这个错误。

回复: 邮件无法发送

ZhangHuangbin 写道:

贴一下 postconf -n 命令的输出。iRedMail 默认没有启用 RBL 以及 rfc-ignorant.org 的服务,所以不应该自己发给自己也会报这个错误。


james@mail:~$ sudo postconf -n
[sudo] password for james:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhost
name
mydomain = yiweilong.com
myhostname = mail.yiweilong.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = mail.yiweilong.com
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $myde
stination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domai
ns $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps
$smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_doma
ins $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_se
nder_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf, pr
oxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf, proxy:ld
ap:/etc/postfix/ldap/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_n
on_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc
/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_reci
pient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted
_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:
127.0.0.1:10031,reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client dnsb
l.njabl.org, reject_rbl_client dnsblahbl.org, reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org, permit_mynetworks, permit_sasl_authenticated
, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, per
mit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap
:/etc/postfix/ldap/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:l
dap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/virtua
l_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/raronemail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.c
f
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000
james@mail:~$

回复: 邮件无法发送

james_tu 写道:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_reci
pient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted
_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:
127.0.0.1:10031,reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client dnsb
l.njabl.org, reject_rbl_client dnsblahbl.org, reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org, permit_mynetworks, permit_sasl_authenticated
, reject_unauth_destination

你自己直接启用了这个 RBL 服务...

回复: 邮件无法发送

iRedMail 默认没有启用任何 RBL 服务,主要是因为偶尔有些正常的邮件服务器会被误杀,会造成一定的麻烦。所以交给系统管理员自行决定是否添加、以及添加哪些 RBL 服务。

看你添加了那么多,不确定你是否真的明白这几个 RBL 服务的可靠性,也许只是从网上的文章里抄来的?

10 最后由 james_tu (2013-09-21 16:22:44) 编辑

回复: 邮件无法发送

ZhangHuangbin 写道:

iRedMail 默认没有启用任何 RBL 服务,主要是因为偶尔有些正常的邮件服务器会被误杀,会造成一定的麻烦。所以交给系统管理员自行决定是否添加、以及添加哪些 RBL 服务。

看你添加了那么多,不确定你是否真的明白这几个 RBL 服务的可靠性,也许只是从网上的文章里抄来的?


我是从这个:http://wiki.ubuntu.org.cn/IRedMail的文章操作(完全跟这边的设置一样),不知道要注意哪些问题(没有配置SMTP的相关内容,是不是安装系统自动加载的?),张工能否给一个正确的配置文件或者文档给我?谢谢

回复: 邮件无法发送

ZhangHuangbin 写道:
james_tu 写道:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_reci
pient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted
_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:
127.0.0.1:10031,reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client dnsb
l.njabl.org, reject_rbl_client dnsblahbl.org, reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org, permit_mynetworks, permit_sasl_authenticated
, reject_unauth_destination

你自己直接启用了这个 RBL 服务...


这个配置文件在哪里设置,如何取消这个服务???

回复: 邮件无法发送

在 /etc/postfix/main.cf 里找到它,删除它并重启 Postfix 服务。

回复: 邮件无法发送

ZhangHuangbin 写道:

在 /etc/postfix/main.cf 里找到它,删除它并重启 Postfix 服务。

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_
recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_
unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_s
ervice inet:127.0.0.1:10031,reject_rhsbl_sender dsn.rfc-ignorant.org, reject
_rbl_client dnsbl.njabl.org, reject_rbl_client dnsblahbl.org, reject_rbl_cli
ent bl.spamcop.net, reject_rbl_client zen.spamhaus.org,
  permit_mynetworks, p
ermit_sasl_authenticated, reject_unauth_destination

我把红色字体删除后能接收邮件,但发邮件对方都收不到(发送提示成功)

回复: 邮件无法发送

检查一下你的服务器上的相关日志文件,主要是 Postfix 的日志文件 /var/log/maillog。可能是 Amavisd 或 ClamAV 服务没有启动。

回复: 邮件无法发送

ZhangHuangbin 写道:

检查一下你的服务器上的相关日志文件,主要是 Postfix 的日志文件 /var/log/maillog。可能是 Amavisd 或 ClamAV 服务没有启动。


现在,postmaster@yiweilong.com邮箱收到退信信息如下:

Undelivered Mail Returned to Sender
发件人     MAILER-DAEMON@mail.yiweilong.comAdd contact     日期     今天 02:46
<- <<- ->   []

    Delivery report
    Undelivered Message

This is the mail system at host mail.yiweilong.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<xxb@rarone.com>: connect to smx198.cn4e.com[124.202.154.198]:25: Connection
    timed out

Reporting-MTA: dns; mail.yiweilong.com
X-Postfix-Queue-ID: 8B834266006B
X-Postfix-Sender: rfc822; postmaster@yiweilong.com
Arrival-Date: Sun, 22 Sep 2013 21:59:17 +0800 (CST)

Final-Recipient: rfc822; xxb@rarone.com
Original-Recipient: rfc822;xxb@rarone.com
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; connect to smx198.cn4e.com[124.202.154.198]:25:
    Connection timed out

主题     rarone
发件人     postmaster@yiweilong.com
收件人     xxb@rarone.com
日期     星期日 21:59

rarone e-mail


/var/log/mail.log的日志如下:

Sep 23 09:59:05 mail fetchmail[2043]: Connection errors for this poll:#012n
ame 0: connection to pop3.qq.com:pop3 [220.250.64.24/110] failed: Connectio
n timed out.
Sep 23 09:59:05 mail fetchmail[2043]: POP3 connection to pop3.qq.com failed
: Connection timed out
Sep 23 09:59:05 mail fetchmail[2043]: Query status=2 (SOCKET)
Sep 23 10:05:08 mail fetchmail[2043]: Connection errors for this poll:#012n
ame 0: connection to pop3.qq.com:pop3 [220.250.64.24/110] failed: Connectio
n timed out.
Sep 23 10:05:08 mail fetchmail[2043]: POP3 connection to pop3.qq.com failed
: Connection timed out
Sep 23 10:05:08 mail fetchmail[2043]: Query status=2 (SOCKET)
Sep 23 10:11:12 mail fetchmail[2043]: Connection errors for this poll:#012n
ame 0: connection to pop3.qq.com:pop3 [220.250.64.24/110] failed: Connectio
n timed out.
Sep 23 10:11:12 mail fetchmail[2043]: POP3 connection to pop3.qq.com failed
: Connection timed out
Sep 23 10:11:12 mail fetchmail[2043]: Query status=2 (SOCKET)
Sep 23 10:17:15 mail fetchmail[2043]: Connection errors for this poll:#012n
ame 0: connection to pop3.qq.com:pop3 [220.250.64.24/110] failed: Connectio
n timed out.
Sep 23 10:17:15 mail fetchmail[2043]: POP3 connection to pop3.qq.com failed
: Connection timed out
Sep 23 10:17:15 mail fetchmail[2043]: Query status=2 (SOCKET)

回复: 邮件无法发送

连接超时(124.202.154.198)。
我这里尝试 telnet 这个 IP 的 25 端口,能正确返回 SMTP 信息。在你的服务器上试试吧。

17 最后由 james_tu (2013-09-23 21:39:20) 编辑

回复: 邮件无法发送

ZhangHuangbin 写道:

连接超时(124.202.154.198)。
我这里尝试 telnet 这个 IP 的 25 端口,能正确返回 SMTP 信息。在你的服务器上试试吧。

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_
recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_
unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_s
ervice inet:127.0.0.1:10031,reject_rhsbl_sender dsn.rfc-ignorant.org, reject
_rbl_client dnsbl.njabl.org, reject_rbl_client dnsblahbl.org, reject_rbl_cli
ent bl.spamcop.net, reject_rbl_client zen.spamhaus.org,

permit_mynetworks, p
ermit_sasl_authenticated, reject_unauth_destination

我把红色字体删除后能接收邮件,但发邮件对方都收不到(发送提示成功),是不是有哪些不能删除的?

能否提供一个正确mian.cf配置文件给我参考?

回复: 邮件无法发送

*) RBL 都能删除。
*) iRedMail 安装好后的默认配置已经很好了,不需要额外添加 RBL 服务。建议你自行在虚拟机里安装一个 iRedMail,然后参考对比一下 main.cf。