Noel Jones wrote:
Jesse Kretschmer wrote:
# postconf -n
delay_warning_time = 10m
Quite short, but won't break anything.
maximal_queue_lifetime = 2d
recommended minimum is 3 days, default is 5 days. If you have lots of
undeliverable mail in your queue, address the source of the
undeliverable mail instead of covering up the symptoms.
Sorbs listed our ISPs block of ip addresses as dynamic even with a valid
PTR. I was trying to highlight the problem so that are users were aware
of messages that were not being delivered. I'll take your advice and
lengthen it. Sorbs has finally added an exception for our domain though
only after a lot of grief.
mydestination = $myhostname, localhost.$mydomain, localhost
relay_domains = $mydestination
this should be set empty unless you really have relay domains (ie.
subdomains of domains listed in mydestination that are accepted but
delivered elsewhere).
smtpd_helo_restrictions = permit_mynetworks
reject_invalid_hostname permit
I see you have reject_invalid_hostname duplicated in
smtpd_recipient_restrictions. Just remove all the above.
That makes sense. I'm still getting my bearings with postfix.
Jesse,
You may find it helpful to add
-o syslog_name=postfix-smtps
to the above options to differentiate logging from the smtps service.
-- Noel Jones
Great tip. That will help a lot.
Ralf Hildebrandt wrote:
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
THIS could be the problem.
This would cause the reject as you see it in the log :)
I've been reading the docs. I am not sure what the correct solution is,
but I see a directive: permit_tls_clientcerts. I suspect that I should
be adding this to the master.cf to allow these tls connections. I'll
report back if I find a working solution.
Noel and Ralf, thanks for the help. I never expected such a thorough
review of my problem.
Cheers!
jesse
