Re[4]: [Dbmail] Reprise: POP-Before-SMTP and Postfix

Tue, 18 Feb 2003 17:55:42 +0100 (CET) 

Hello Jan,

JP> I try it for two days later... Can you help me what's wrong?

JP> mynetworks = 127.0.0.1, mysql:/etc/postfix/pbsp.cf smtpd_sender_restrictions
JP> = permit_mynetworks, permit_tls_all_clientcerts

OK, the next step is to find out WHY Postfix is refusing to relay.
This is best done with either the log, or (my preference) telling
postfix to send a message to postmaster for policy violations. I use
the following in main.cf:

# what to tell postmaster about
notify_classes= resource
                software
                policy
                protocol
                2bounce
                bounce

The policy and protocol parameters will generate a message similar to
this when relaying is denied:

---
From: Mail Delivery System <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] (Postmaster)
Date: Tuesday, February 18, 2003, 8:30:40 AM
Subject: Postfix SMTP server: errors from unknown[218.49.187.136]

===8<==============Original message text===============
Transcript of session follows.

 Out: 220 gateway.wmhlawonline.com ESMTP Postfix (Postfix-19991231)
     (Linux-Mandrake)
 In:  helo sting259
 Out: 250 gateway.wmhlawonline.com
 In:  mail from: [EMAIL PROTECTED]
 Out: 250 Ok
 In:  rcpt to: [EMAIL PROTECTED]
 Out: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access
     denied

Session aborted, reason: lost connection

===8<===========End of original message text===========

---

The important thing in this is what IP Postfix saw when the message
was presented to it. If it is 127.0.0.1, then stunnel is working, but
Postfix is not obeying $mynetworks.

If, however, it's coming from the "real" IP of the customer, then
they're not sending using stunnel, so the pbsp table is not correct.
In this case, they should either make sure their client is using
stunnel for both send and receive, OR switch to non-stunnel
connections for POP3/IMAP4 (probably not a desirable thing!).

-- 
Jeff Brenton
President,
Engineered Software Products, Inc
http://espi.com
Questionable web page: http://dididahdahdidit.com

Liberalism grants you the freedom to advocate any idea*.
 * Please see http://www.dididahdahdidit.com/except.php for a
   current list of exceptions

Reply via email to