Jim McIver wrote:
I have postfix 2.1.5 on Freebsd 4.10 and am passing info through vams
virus scanner.
Far as I can tell everything is working ok(has been for couple of
years) with the exception of email from the Washington State
Police's(wsp) new listserv. WSP is using Lsoft on Windows 2003 and
the guy sayes we are the only one not receiving the messages from his
listserv????.
WSP adds the [EMAIL PROTECTED] to his listserv, he sayes message
gets rejected and Lsoft automatically unsubscribes the email address.
The odd part is that I get a message from his listserv saying we have
been unsubscribed, but don't get messages submitted on his end to the
listserv for outgoing email. Not sure why I get the unsubscribe
message and not the real message and the guy doesn't seem to
interested in helping fix the problem.
When I get the unsubscribe message, here is a snipet from the
maillog.
"Aug 26 00:00:05 mail postfix/smtpd[94745]: 178F8585:
client=wspvmolylist1.wsp.wa.gov[167.72.2.45]
Aug 26 00:00:05 mail postfix/cleanup[95166]: warning: unknown command
in header_checks map: 550 Sender-specified
routing rejected
Aug 26 00:00:05 mail postfix/cleanup[95166]: 178F8585: message-
id=<[EMAIL PROTECTED]
WA.GOV>
Aug 26 00:00:05 mail postfix/cleanup[95166]: warning: unknown command
in header_checks map: 550 Sender-specified
routing rejected
Aug 26 00:00:05 mail postfix/qmgr[176]: 178F8585: from=<owner-D4-ALL-
[EMAIL PROTECTED]>, size=2671, nrcpt
=1 (queue active)
Aug 26 00:00:05 mail postfix/smtp[95279]: 178F8585:
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1], delay=1,
status=sent (250 A07447D2511 queued for delivery)
Aug 26 00:00:05 mail postfix/qmgr[176]: 178F8585: removed
Aug 26 00:00:05 mail postfix/smtpd[94745]: disconnect from
wspvmolylist1.wsp.wa.gov[167.72.2.45]"
I don't have a message of anything sent from listserv other than
unsubscribe message. I've asked for a test message, but because it's
offical and goes to others he doesn't want to send one so I can track
it in the maillog.
Me and guy can email back and forth, but it comes from
"wspapolymailb.wsp.wa.gov" and not "wspvmolylist1.wsp.wa.gov"
My header_checks file contains:
# Disallow sender-specified routing. This is a must if you relay mail
#for other domains.
/[EMAIL PROTECTED]@]/ 550 Sender-specified routing rejected
# Postmaster is OK, that way they can talk to us about how
# to fix their problem.
/^postmaster@/ OK
# Protect your outgoing majordomo exploders
# /^(.*)-outgoing@(.*)$/!/^owner-.*/ 550 Use [EMAIL PROTECTED] instead
Where did the above crap come from? Looks like a
check_sender_access map that someone stuck in header_checks.
"550 ..." is not valid for header_checks, but is OK for
check_sender_access. All the above checks will cause lots of
false positives in header_checks, but are probably OK for a
check_sender_access table.
I suggest remove them all.
#Restrictions
/approved/ REJECT approved
/debt/ REJECT debt
etc....
Single word rejects are (almost)? always a mistake.
Will you even get this reply?
You should remove them all.
Do I have the correct syntax in my header_checks, or is this causing
the problem? I do relay for two domains, so I think I want to leave
the command intact.
I think you should completely remove your header_checks file
and start over again.
postconf -n output:
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
html_directory = no
mail_name = TPC Holdings, We report spam
This is usually "Postfix". Maybe you really wanted to add this
text to smtpd_banner?
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 5000000
mydestination = lt.lmtribune.com mail.lmtribune.com
mydomain = lmtribune.com
myhostname = mail.lmtribune.com
mynetworks = 1xx.xx.xxx.0/24 192.168.0.0/16 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = lmtribune.com dnews.com
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = check_client_access
hash:/usr/local/etc/postfix/client_access permit
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination reject_invalid_hostname
warn_if_reject reject_unknown_hostname reject_unauth_pipelining
reject_non_fqdn_sender reject_unknown_sender_domain
reject_non_fqdn_recipient
There won't ever be any non-fqdn recipients after
permit_mynetworks and reject_unauth_destination.
remove this.
reject_unknown_recipient_domain
The only possible unknown recipient domain after
reject_unauth_destination is your own, in case your DNS
hiccups. remove this.
warn_if_reject reject_unknown_client reject_non_fqdn_hostname
check_client_access hash:/usr/local/etc/postfix/access_client
check_helo_access hash:/usr/local/etc/postfix/helo_access
check_sender_access hash:/usr/local/etc/postfix/sender_access
check_recipient_access hash:/usr/local/etc/postfix/recipient_access
smtpd_restriction_classes = restrictive, permissive
smtpd_sender_restrictions = check_sender_access
hash:/usr/local/etc/postfix/sender_access
smtpd_soft_error_limit = 10
strict_rfc821_envelopes = yes
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
From what I can tell, there A records and mx records for wsp seem to
be ok. I can telnet to the box port 25, but can't get past the mail
from: for oblivious reasons.
Any ideas on how I can futher test?
Resubscribe and then watch your logs carefully. My assumption
is that one of your header_checks is rejecting the mail.
thx,
-Jim McIver
--
Noel Jones
