postfix拒收百度邮件查询

发表于 作者 admin

公司的邮件系统一直正常运行了很长一段时间。前两天突然不能收百度发来的邮件了,其他正常。现将当天具体查询解决方法做下总结。

一、查日志

通过查看maillog发现如下信息: 

maillog.1:Dec  6 11:55:20 mail postfix/smtpd[21731]: NOQUEUE: reject: RCPT from unknown[220.181.5.196]: 450 4.1.8 : Sender address rejected:
 Domain not found; from= to= proto=ESMTP helo=
maillog.1:Dec  6 12:02:28 mail postfix/smtpd[22433]: NOQUEUE: reject: RCPT from unknown[220.181.27.29]: 450 4.1.8 : Sender address rejected: Dom
ain not found; from= to= proto=ESMTP helo=
maillog.1:Dec  6 13:22:19 mail postfix/qmgr[27445]: 1593E248D23: from=, size=6612, nrcpt=1 (queue active)
maillog.1:Dec  6 13:22:20 mail postfix/cleanup[28336]: 80334248D30: message-id=<401a65c053a18a25e579d8008ecbbb7c@mtj.baidu.com>
maillog.1:Dec  6 13:22:20 mail postfix/qmgr[27445]: 80334248D30: from=, size=7412, nrcpt=1 (queue active)
maillog.1:Dec  6 13:22:20 mail amavis[28694]: (28694-15) Passed CLEAN, LOCAL [220.181.5.196] [220.181.5.196]  -> 
<br />

可以看出其中有报错NOQUEUE: reject: RCPT from unknown ,而from地址显示的是work@cq01-hmma-web00.cq01.baidu.com,问题很明显了,百度那边的邮件系统做了变更,小细节上出了问题 ,来源地址显示的不能识别,导致postfix拒收了。为了便于做下对比,再将之前正常的baidu发来的邮件做个对比: 

maillog.4:Nov 16 20:55:52 mail postfix/cleanup[1589]: AC9AC2478AC: message-id=<1744315685.55631.1384606553020.JavaMail.work@tc-un-dataio00.tc.baidu.com>
maillog.4:Nov 16 20:55:52 mail postfix/qmgr[29728]: AC9AC2478AC: from=, size=4492, nrcpt=1 (queue active)
maillog.4:Nov 16 20:56:06 mail postfix/cleanup[1589]: BABDD2484FA: message-id=<1744315685.55631.1384606553020.JavaMail.work@tc-un-dataio00.tc.baidu.com>
maillog.4:Nov 16 20:56:06 mail postfix/qmgr[29728]: BABDD2484FA: from=, size=4931, nrcpt=1 (queue active)
<br />

正常的邮件from地址是union_serveice@baidu.com这样的地址。

二、解决问题

即然发现问题不在于自己,不过谁让百度是大BOSS呢,虽然它错了,但咱也不能拒收它的邮件。没办法,改postfix规则。打开/etc/postfix/main.cf文件,找到: 

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, chec
k_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check
_policy_service inet:127.0.0.1:10031

去掉第一句reject_unknown_sender_domain,重启postfix服务。联系百度重发,又可以正常的接收了,去掉该规则只不过垃圾邮件会多一些而已。并将百度的问题反馈给百度,解决后再加上该规则。

PS:2013-12-09后记

在后来将配置恢复后,发现百度他老人家 “故伎重演”,无奈在不去掉reject_unknown_sender_domain的同时,使用新的解决方法。从上面的smtpd_recipient_restrictions里的规则是这样的:permit代表允许规则、reject代表的是拒绝规则。我们可以调整下permit_mynetworks规则到第一位,并将百度的mail ip加到这个段里即可,例如: 

mynetworks = 127.0.0.0/8, 220.181.50.0/24, 220.181.18.241, 61.208.132.13, 220.181.27.29, 202.108.22.171, 220.181.5.0/24, 123.125.66.0/24, 61.135.168.0/24, 115.239.212.0/24, 58.217.202.0/24, 61.135.162.0/23, 63.217.158.61
<br />

而main.cf的规则改过: 

smtpd_recipient_restrictions = permit_mynetworks,reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
<br />

baidu mail对应的IP可以这样查询: 

C:Documents and SettingsAdministrator>nslookup
Default Server:  hzdns47.zjhzptt.net.cn
Address:  202.101.172.47
> set q=mx
> baidu.com
Server:  hzdns47.zjhzptt.net.cn
Address:  202.101.172.47
Non-authoritative answer:
baidu.com       MX preference = 20, mail exchanger = mx1.baidu.com
baidu.com       MX preference = 20, mail exchanger = jpmx.baidu.com
baidu.com       MX preference = 20, mail exchanger = mx50.baidu.com
baidu.com       MX preference = 10, mail exchanger = mx.mailcdn.baidu.com
baidu.com       nameserver = dns.baidu.com
baidu.com       nameserver = ns2.baidu.com
baidu.com       nameserver = ns7.baidu.com
baidu.com       nameserver = ns3.baidu.com
baidu.com       nameserver = ns4.baidu.com
mx1.baidu.com   internet address = 61.135.163.61
jpmx.baidu.com  internet address = 61.208.132.13
mx50.baidu.com  internet address = 220.181.50.208
dns.baidu.com   internet address = 202.108.22.220
ns2.baidu.com   internet address = 61.135.165.235
ns3.baidu.com   internet address = 220.181.37.10
ns4.baidu.com   internet address = 220.181.38.10
ns7.baidu.com   internet address = 119.75.219.82
<br />

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注