On Jun 24, 2009, at 2:23 PM, Jesse Kretschmer <je...@psyop.tv> wrote:
Howdy,
I've seen error "Client host rejected: Access denied" in many other
postings, but more than a day of reading has not led me to a solution.
A client is having issues sending mail to our server. I
investigated and found that postfix was rejecting the sending server
with:
NOQUEUE: reject: RCPT from bb02d1.eurorscg.com[69.74.116.40]: 554
5.7.1 <bb02d1.eurorscg.com[69.74.116.40]>: Client host rejected:
Access denied;
I assume (possibly incorrectly) that error 554 is only raised due to
the smtpd_recipient_restrictions. Looking at my settings I did not
see anything that would deny the host
bb02d1.eurorscg.com[69.74.116.40], but as a good measure I added a
whitelist.
This is my whitelist:
69.74.116.40 OK
I ran postmap on the whitelist to create whitelist.db
These are now my current settings from main.cf
Can you please show output of 'postconf -n'?
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_client_access hash:/usr/local/etc/postfix/whitelist
reject_rbl_client sbl.spamhaus.org
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit
After postfix reload and 12 hours of waiting I noticed the problem
is still here.
Reloading unnecessary if Postfix was already querying the whitelist.
These are the relevant lines from maillog:
Jun 24 09:30:50 mail postfix/smtpd[44853]: connect from
bb02d1.eurorscg.com[69.74.116.40]
Jun 24 09:30:50 mail postfix/smtpd[44853]: setting up TLS connection
from bb02d1.eurorscg.com[69.74.116.40]
Jun 24 09:30:50 mail postfix/smtpd[44853]: Anonymous TLS connection
established from bb02d1.eurorscg.com[69.74.116.40]: SSLv3 with
cipher RC4-MD5 (128/128 bits)
Jun 24 09:30:50 mail postfix/smtpd[44853]: NOQUEUE: reject: RCPT
from bb02d1.eurorscg.com[69.74.116.40]: 554 5.7.1
<bb02d1.eurorscg.com[69.74.116.40]>: Client host rejected: Access
denied; from=<xremov...@eurorscg.com> to=<xremov...@psyop.tv>
proto=ESMTP helo=<bb02d1.eurorscg.com>
Jun 24 09:30:50 mail postfix/smtpd[44853]: disconnect from
bb02d1.eurorscg.com[69.74.116.40]
Inspecting the DNS records for the domain eurorscg.com I discovered
that bb02d1.eurorscg.com is not listed as an MX. I am not sure if
this is related.
eurorscg.com. 13 IN MX 10 eurorscg.com.
1.arsmtp.com.
eurorscg.com. 13 IN MX 20 eurorscg.com.
2.arsmtp.com.
Irrelevant. Many outgoing SMTP hosts are not public incoming MX
servers as published in DNS. See GMail as one example.
I don't know how troubleshoot this further. Where the "Access
denied" error is coming from? Any help would be appreciated.
Cheers,
jesse
