Quoting Noel Jones <njo...@megan.vbhcs.org>:
On 4/21/2010 10:15 PM, David Cottle wrote:
Sent from my iPhone
On 22/04/2010, at 12:00, Noel Jones <njo...@megan.vbhcs.org> wrote:
On 4/21/2010 6:35 PM, David Cottle wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am having some issues with my server blocking ISP IP addresses.
I know a recent update to plesk-9.5.1 changed my postfix main.cf and
master.cf (the timestamps changed). I managed to fix main.cf as on
the smtpd_client_restrictions, they put the RBLs first.
Can anyone see what is wrong in the master.cf?
I just want submission on 587 able to bypass RBL checks:
you must have missed the answer yesterday.
#
# Postfix master process configuration file. For details on the format
==========================================================================
[...]
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_sasl_authenticated,reject -o
smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025
add here:
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-- Noel Jones
Hi Noel,
Okay I did miss this! I will add your smtpd_helo_restrictions as above.
What exactly does that do as to not having it?
The suggested config above prevents settings in main.cf from
interfering with settings on the submission port.
I have to get my client to try sending email again and dig out the logs.
What I can't understand is he has 3 OS on his PC.
Fedora 11 and Windows XP using thunderbird, exactly same settings and
both can RX but not send mail.
Windows 7, using thunderbird it RX and Sends.
Same details, ports, it's got the server certificate same on all 3 but
only W7 works.
That's very important information. That makes this sound very much
like a client configuration issue, not postfix.
If you still think it's postfix, show your current "postconf -n" and
master.cf, and show logs demonstrating that the client authenticates
yet is rejected.
But according to the config you posted earlier, if the client does
authenticate they will bypass RBL checks. So you need to show proof
the client authenticated and was rejected.
Next nail, same client can submit mail using a different
configuration on the same hardware with the same IP. Sounds as if
they are able to authenticate with at least one config.
Without further evidence, this isn't a postfix issue. Fix the client.
-- Noel Jones
Hi Noel,
Sorry its got all truncated. Where exactly do I need to add that in
here? (I added a extra line between each)
plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser
argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p
/var/qmail/mailnames
mailman unix - n n - - pipe flags=R user=mailman:mailman
argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
127.0.0.1:10025 inet n n n - - spawn user=mhandlers-user
argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
127.0.0.1:10026 inet n - - - - smtpd -o smtpd_client_restrictions=
-o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o
smtpd_data_restrictions= -o
receive_override_options=no_unknown_recipient_checks
127.0.0.1:10027 inet n n n - - spawn user=mhandlers-user
argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6
dbpath=/plesk/passwd.db
smtps inet n - - - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o
smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_sasl_authenticated,reject -o
smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025
END
