On Tue, 10 Sep 2024 12:17:11 -0400
Bill Cole via Postfix-users <postfix-users@postfix.org> wrote:
> On 2024-09-10 at 04:51:13 UTC-0400 (Tue, 10 Sep 2024 10:51:13 +0200)
> Enrico Morelli via Postfix-users <more...@cerm.unifi.it>
> is rumored to have said:
>
> > On Tue, 10 Sep 2024 10:43:25 +0200
> > Enrico Morelli via Postfix-users <postfix-users@postfix.org> wrote:
> >
> >> Dear all,
> >>
> >> I'd installed rspamd as antispam in my postfix mail server.
> >> Everything seems to work fine except for some users who report a
> >> problem when trying to send e-mails from an external network. The
> >> error is: An error occurred while sending mail. The mail server
> >> responded: Try again later. Please check the message and try again.
> >>
> >> I configured rspamd to disable greylist for email address coming
> >> from our domain.
> >>
> >> Where can I investigate to solve the problem?
> >>
> >
> > I tried from my phone using 4G network and I see that in postfix
> > log file:
> >
> >
> > Sep 10 10:45:21 genio postfix/smtpd[2066845]: 7C1CB83872A:
> > client=mobiledyn-62-240-135-13.mrsn.it[62.240.135.13],
> > sasl_method=PLAIN, sasl_username=more...@cerm.unifi.it
> > Sep 10 10:45:22 genio postfix/cleanup[2066259]: 7C1CB83872A:
> > message-id=<191db1bb1d8.282c.a953f059503a376e0563cf9126e3a...@cerm.unifi.it>
> > Sep 10 10:45:22 genio postfix/postscreen[625953]: CONNECT from
> > [178.77.121.166]:38082 to [150.217.146.39]:25
> > Sep 10 10:45:22 genio postfix/cleanup[2066259]: 7C1CB83872A:
> > milter-reject: END-OF-MESSAGE from
> > mobiledyn-62-240-135-13.mrsn.it[62.240.135.13]: 4.7.1 Try again
> > later; from=<more...@cerm.unifi.it> to=<x...@gmail.com> proto=ESMTP
> > helo=<[100.75.128.253]>
> > Sep 10 10:45:22 genio postfix/smtpd[2066845]: disconnect from
> > mobiledyn-62-240-135-13.mrsn.it[62.240.135.13] ehlo=2 starttls=1
> > auth=1
> > mail=1 rcpt=1 data=0/1 quit=1 commands=7/8
> >
>
> Without your actual configuration ("postconf -nf" output ) it is only
> possible to *guess* at the source of the problem.
>
> The above log lines seem to show a connection on the main (port 25)
> SMTP daemon, based on the fact that it goes through postscreen. It
> is the modern best practice to NOT use port 25 for anything but
> incoming Internet mail and NOT enable authentication there. Instead,
> you should run submission daemons on ports 587 (with STARTTLS
> enabled) and 465 (in TLS wrapper mode.) How this is done is all
> described in the documentation.
>
>
This is my postconf. Usually I set clients to use 587 port with STARTTLS. I'll
check the documentation for your suggestion.
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias,forward
allow_mail_to_files = alias,forward
append_dot_mydomain = yes
biff = no
canonical_maps = hash:/etc/postfix/canonical
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 32720000
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination = $myhostname $myhostname localhost.$mydomain localhost
mydomain = cerm.unifi.it
myhostname = genio.cerm.unifi.it
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 150.217.145.0/24
150.217.146.0/24 150.217.163.128/26
myorigin = $mydomain
parent_domain_matches_subdomains =
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*2 sbl.spamhaus.org*2 bl.spamcop.net*1
sbl.spamcop.net*1 cbl.spamcop.net*1 cbl.abuseat.org*1
b.barracudacentral.org*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
readme_directory = no
receive_override_options = no_address_mappings
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_canonical_maps = tcp:localhost:10002
recipient_delimiter = +
relayhost =
sender_canonical_classes = envelope_sender
sender_canonical_maps = tcp:localhost:10001
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_command_filter = pcre:/etc/postfix/command_filter
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_helo_access pcre:/etc/postfix/helo_checks.pcre check_client_access
hash:/etc/postfix/client_access, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, permit
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_pipelining, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination,
check_policy_service inet:localhost:12340, check_sender_access
hash:/etc/postfix/sender_access, check_recipient_access
regexp:/etc/postfix/whitelist_recipient, check_client_access
hash:/etc/postfix/rbl_override, reject_rbl_client zen.spamhaus.org,
reject_rbl_client sbl.spamhaus.org, reject_rhsbl_reverse_client
dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org reject_rbl_client bl.spamcop.net, reject_rbl_client
cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unknown_sender_domain, reject_non_fqdn_sender,
reject_unknown_reverse_client_hostname, permit
smtpd_soft_error_limit = 10
smtpd_tls_cert_file = /etc/ssl/certs/genio_cerm_unifi_it_newfullchain.cer
smtpd_tls_key_file = /etc/ssl/private/genio_cerm_unifi_it_key.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtputf8_enable = yes
virtual_alias_maps = hash:/etc/postfix/virtual_aliases
virtual_mailbox_domains = $mydomain
virtual_transport = lmtp:unix:private/dovecot-lmtp
--
-----------------------------------------------------------
Enrico Morelli
System Administrator | Programmer | Web Developer
CERM - Polo Scientifico
via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
