postfix拒收百度邮件查询
公司的邮件系统一直正常运行了很长一段时间。前两天突然不能收百度发来的邮件了,其他正常。现将当天具体查询解决方法做下总结。
一、查日志
通过查看maillog发现如下信息:
1maillog.1:Dec 6 11:55:20 mail postfix/smtpd[21731]: NOQUEUE: reject: RCPT from unknown[220.181.5.196]: 450 4.1.8 <work>: Sender address rejected:
2 Domain not found; from=<work> to=<admin> proto=ESMTP helo=<jx-sysip-mailrelay4.jx.baidu.com>
3maillog.1:Dec 6 12:02:28 mail postfix/smtpd[22433]: NOQUEUE: reject: RCPT from unknown[220.181.27.29]: 450 4.1.8 <work>: Sender address rejected: Dom
4ain not found; from=<work> to=<admin> proto=ESMTP helo=<jx-sysip-mailrelay2.jx.baidu.com>
5maillog.1:Dec 6 13:22:19 mail postfix/qmgr[27445]: 1593E248D23: from=<work>, size=6612, nrcpt=1 (queue active)
6maillog.1:Dec 6 13:22:20 mail postfix/cleanup[28336]: 80334248D30: message-id=
7maillog.1:Dec 6 13:22:20 mail postfix/qmgr[27445]: 80334248D30: from=<work>, size=7412, nrcpt=1 (queue active)
8maillog.1:Dec 6 13:22:20 mail amavis[28694]: (28694-15) Passed CLEAN, LOCAL [220.181.5.196] [220.181.5.196] <work> -> </work></work></work></jx-sysip-mailrelay2.jx.baidu.com></admin></work></work></jx-sysip-mailrelay4.jx.baidu.com></admin></work></work>
可以看出其中有报错NOQUEUE: reject: RCPT from unknown ,而from地址显示的是[email protected],问题很明显了,百度那边的邮件系统做了变更,小细节上出了问题 ,来源地址显示的不能识别,导致postfix拒收了。为了便于做下对比,再将之前正常的baidu发来的邮件做个对比:
1maillog.4:Nov 16 20:55:52 mail postfix/cleanup[1589]: AC9AC2478AC: message-id=
2maillog.4:Nov 16 20:55:52 mail postfix/qmgr[29728]: AC9AC2478AC: from=<union_service>, size=4492, nrcpt=1 (queue active)
3maillog.4:Nov 16 20:56:06 mail postfix/cleanup[1589]: BABDD2484FA: message-id=
4maillog.4:Nov 16 20:56:06 mail postfix/qmgr[29728]: BABDD2484FA: from=<union_service>, size=4931, nrcpt=1 (queue active)</union_service></union_service>
正常的邮件from地址是[email protected]这样的地址。
二、解决问题
即然发现问题不在于自己,不过谁让百度是大BOSS呢,虽然它错了,但咱也不能拒收它的邮件。没办法,改postfix规则。打开/etc/postfix/main.cf文件,找到:
1smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, chec
2k_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check
3_policy_service inet:127.0.0.1:10031
去掉第一句reject_unknown_sender_domain,重启postfix服务。联系百度重发,又可以正常的接收了,去掉该规则只不过垃圾邮件会多一些而已。并将百度的问题反馈给百度,解决后再加上该规则。
PS:2013-12-09后记
在后来将配置恢复后,发现百度他老人家 “故伎重演”,无奈在不去掉reject_unknown_sender_domain的同时,使用新的解决方法。从上面的smtpd_recipient_restrictions里的规则是这样的:permit代表允许规则、reject代表的是拒绝规则。我们可以调整下permit_mynetworks规则到第一位,并将百度的mail ip加到这个段里即可,例如:
1mynetworks = 127.0.0.0/8, 220.181.50.0/24, 220.181.18.241, 61.208.132.13, 220.181.27.29, 202.108.22.171, 220.181.5.0/24, 123.125.66.0/24, 61.135.168.0/24, 115.239.212.0/24, 58.217.202.0/24, 61.135.162.0/23, 63.217.158.61
而main.cf的规则改过:
1smtpd_recipient_restrictions = permit_mynetworks,reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
baidu mail对应的IP可以这样查询:
1C:Documents and SettingsAdministrator>nslookup
2Default Server: hzdns47.zjhzptt.net.cn
3Address: 202.101.172.47
4> set q=mx
5> baidu.com
6Server: hzdns47.zjhzptt.net.cn
7Address: 202.101.172.47
8Non-authoritative answer:
9baidu.com MX preference = 20, mail exchanger = mx1.baidu.com
10baidu.com MX preference = 20, mail exchanger = jpmx.baidu.com
11baidu.com MX preference = 20, mail exchanger = mx50.baidu.com
12baidu.com MX preference = 10, mail exchanger = mx.mailcdn.baidu.com
13baidu.com nameserver = dns.baidu.com
14baidu.com nameserver = ns2.baidu.com
15baidu.com nameserver = ns7.baidu.com
16baidu.com nameserver = ns3.baidu.com
17baidu.com nameserver = ns4.baidu.com
18mx1.baidu.com internet address = 61.135.163.61
19jpmx.baidu.com internet address = 61.208.132.13
20mx50.baidu.com internet address = 220.181.50.208
21dns.baidu.com internet address = 202.108.22.220
22ns2.baidu.com internet address = 61.135.165.235
23ns3.baidu.com internet address = 220.181.37.10
24ns4.baidu.com internet address = 220.181.38.10
25ns7.baidu.com internet address = 119.75.219.82
捐赠本站(Donate)
如您感觉文章有用,可扫码捐赠本站!(If the article useful, you can scan the QR code to donate))
- Author: shisekong
- Link: https://blog.361way.com/baidu-rcpt-from-unknown/2877.html
- License: This work is under a 知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议. Kindly fulfill the requirements of the aforementioned License when adapting or creating a derivative of this work.