search

foxcpp / maddy

✉️ Composable all-in-one mail server.
https://maddy.email
GNU General Public License v3.0
5k stars 240 forks source link

Send Email Error: reject directive used #517

Closed xdkaka closed 2 years ago

xdkaka commented 2 years ago

Describe the bug

What do you think is wrong? Send Email Error error: reject directive used

client_loop: send disconnect: Broken pipe

Steps to reproduce

Log files

smtp: listening on tcp://0.0.0.0:25 submission: listening on tls://0.0.0.0:465 submission: listening on tcp://0.0.0.0:587 smtp: Mail {"from":"addmin@mail.com"} smtp: Rcpt {"to":"xxx@gmail.com"} smtp: incoming message {"msg_id":"5462730f","sender":"admin@mail.com","src_host":"localhost","src_ip":"111.63.8.21:50855"} [debug] smtp/pipeline: sender admin@mail.com matched by domain rule 'xxx@gmail.com' {"msg_id":"5462730f"} [debug] smtp/pipeline: global rcpt modifiers: xxx@gmail.com => [xxx@gmail.com] {"msg_id":"5462730f"} [debug] smtp/pipeline: per-source rcpt modifiers: xxx@gmail.com => [xxx@gmail.com] {"msg_id":"5462730f"} [debug] smtp/pipeline: recipient xxx@gmail.com matched by default rule (clean = xxx@gmail.com) {"msg_id":"5462730f"} smtp: RCPT error {"effective_rcpt":"xxx@gmail.com","msg_id":"5462730f","reason":"reject directive used","smtp_code":501,"smtp_enchcode":"5.1.8","smtp_msg":"Use Submission for outgoing SMTP","to":"xxx@gmail.com"} smtp: Rcpt {"msg_id":"5462730f","to":"xxx@gmail.com"} smtp: aborted {"msg_id":"5462730f"}

Use a service like hastebin.com or attach a file if it is big

Configuration file

$(hostname) = mail.com
$(primary_domain) = dev.mail.com
$(local_domains) = $(primary_domain) mail.com

tls file /madddy/mail_smtp/conf/certs/mail.pem /madddy/mail_smtp/conf/certs/mail.key

# ----------------------------------------------------------------------------
# Local storage & authentication

# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.

auth.pass_table local_authdb {
    table sql_table {
        driver sqlite3
        dsn credentials.db
        table_name passwords
    }
}

# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddyctl utility.

storage.imapsql local_mailboxes {
    driver sqlite3
    dsn imapsql.db
}

# ----------------------------------------------------------------------------
# SMTP endpoints + message routing

hostname $(hostname)

table.chain local_rewrites {
    optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
    optional_step static {
        entry postmaster postmaster@$(primary_domain)
    }
    optional_step file /etc/maddy/aliases
}

msgpipeline local_routing {
    # Insert handling for special-purpose local domains here.
    # e.g.
    # destination lists.example.org {
    #     deliver_to lmtp tcp://127.0.0.1:8024
    # }

    destination postmaster $(local_domains) {
        modify {
            replace_rcpt &local_rewrites
        }

        deliver_to &local_mailboxes
    }

    default_destination {
        reject 550 5.1.1 "User doesn't exist"
    }
}

smtp tcp://0.0.0.0:25 {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections.
        all rate 20 1s
        all concurrency 10
    }

    dmarc yes
    check {
        require_mx_record
        dkim
        spf
    }

    source $(local_domains) {
        reject 501 5.1.8 "Use Submission for outgoing SMTP"
    }
    default_source {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.1.1 "User doesn't exist"
        }
    }
}

submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
    limits {
        # Up to 50 msgs/sec across any amount of SMTP connections.
        all rate 50 1s
    }

    auth &local_authdb

    source $(local_domains) {
        check {
            authorize_sender {
                prepare_email &local_rewrites
                user_to_email identity
            }
        }

        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            modify {
                dkim $(primary_domain) $(local_domains) default
            }
            deliver_to &remote_queue
        }
    }
    default_source {
        reject 501 5.1.8 "Non-local sender domain"
    }
}

target.remote outbound_delivery {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections
        # for each recipient domain.
        destination rate 20 1s
        destination concurrency 10
    }
    mx_auth {
        dane
        mtasts {
            cache fs
            fs_dir mtasts_cache/
        }
        local_policy {
            min_tls_level encrypted
            min_mx_level none
        }
    }
}

target.queue remote_queue {
    target &outbound_delivery

    autogenerated_msg_domain $(primary_domain)
    bounce {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
        }
    }
}

# ----------------------------------------------------------------------------
# IMAP endpoints

imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
    auth &local_authdb
    storage &local_mailboxes
}

Located in /etc/maddy/maddy.conf by default, don't forget to remove DB passwords and other security-related stuff.

Environment information

go 1.8.13

foxcpp commented 2 years ago

Use Submission for outgoing SMTP

Outbound messages from local domains should be sent via Submission endpoint - port 465 with implicit TLS or port 587 with STARTTLS.

xdkaka commented 2 years ago

Use Submission for outgoing SMTP

Outbound messages from local domains should be sent via Submission endpoint - port 465 with implicit TLS or port 587 with STARTTLS.

Yes, I had try 587, It say:

Please authenticate first

And I have find the resaon, I had change go-smtp pachage because I use haproxy for proxy to verify spf

go-smtp server.go

// old:
s.listeners = append(s.listeners, l)

// new
proxyListener := &proxyproto.Listener{Listener: l}
defer proxyListener.Close()
s.listeners = append(s.listeners, proxyListener)

go-smtp server.go

// old:
c, err := l.Accept()

// new
c, err := proxyListener.Accept()
foxcpp commented 2 years ago

Not sure how sending outbound messages is related to SPF. Could you provide more details about your setup and what you are trying to do?

xdkaka commented 2 years ago

SPF

Sending emails has nothing to do with spf. The changed proxy is because of the receipt, I use haproxy transparent forwarding email, This change affects the sending.