On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...]
Sending of the message failed.
An error occurred while sending mail. The mail server responded:
<jh...@noach.com>: Sender address rejected: Email blocked by
security policy.
Please check the message recipient "postfix-users@postfix.org" and
try again.
What does the log say about that attempt?
I believe that specific text indicates a problem in
smtpd_sender_restrictions.
May 28 19:02:04 proteus.noach.com opendmarc[504352]: ignoring
connection from gibson.noach.com
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
discarding EHLO keywords: CHUNKING
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
Anonymous TLS connection established from
gibson.noach.com[192.168.200.253]: TLSv1.3 with cipher TLS_AES_128_GC
M_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS
(2048 bits) server-digest SHA256
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
discarding EHLO keywords: CHUNKING
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
NOQUEUE: reject: RCPT from gibson.noach.com[192.168.200.253]: 554
5.7.1 <jh...@noach.com>: Sender address rejec
ted: Email blocked by security policy; from=<jh...@noach.com>
to=<postfix-users@postfix.org> proto=ESMTP helo=<[192.168.200.253]>
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
too many errors after RCPT from gibson.noach.com[192.168.200.253]
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
disconnect from gibson.noach.com[192.168.200.253] ehlo=2 starttls=1
auth=1 mail=1 rcpt=0/1 commands=5/6
It's not something in smtpd_sender_restrictions, but this is as the log
says, a *Sender* stage failure. I don't see an XBL hit (which makes
sense, given the private client address) or anything indicating a
failure at the EHLO or client phases. I see from earlier in the thread
that you have smtpd_sender_login_maps set and "Email blocked by security
policy" seems like something you might get from that lookup failing. The
session summary shows that you did authenticate but I see no indication
of what your SASL login was. I suspect that if you perform a query on
your database for the sender 'jh...@noach.com' it will not return
whatever login you authenticated as.
I also thought for a moment that the problem was due to having
'permit_my_networks' before 'permit_sasl_authenticated' in 2 restriction
lists and you hence never needing to authenticate, but the session
summary says otherwise. Note that if all of your submission clients use
authentication, permit_my_networks is unnecessary.
I do not have a solution handy for you, but you have at least gotten
beyond the XBL issue. It seems possible that you only need to harmonize
the login used for authentication in Thunderbird with that in your
sender login map database.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
