On 4/30/2011 5:36 PM, Des Dougan wrote:
On April 2011, at 3:11 PM, Noel Jones wrote:
On 4/30/2011 4:26 PM, Des Dougan wrote:
Hi,
I'm fairly new to postfix and have recently set up an instance on a site with a
newly-allocated static IP address. Mail was generally flowing in and out after I
configured the postfix and dovecot; however, some messages were not being sent, showing
"Client host rejected: Access denied" messages in the logs.
As I analyzed this, it seemed to be caused by the static IP not having a good reputation
with some sites' RBL policies. I therefore set the system up to relay via the ISP's mail
servers, which is working OK. That said, I'm still seeing sending attempts (in
/var/log/maillog) by what appear to be previous messages that didn't go out. These are
not going via the relay; neither, though, do they show in the mail queue (via
"postqueue -p").
Is there a way to re-inject these messages via the updated configuration so
that they go out via the ISP as new messages are doing? I've done a fair bit of
Googling but can't see how this might be achieved.
Thanks,
Des
To requeue mail, use "postsuper -r QUEUEID" or "postsuper -r ALL"
http://www.postfix.org/postsuper.1.html
but if the mail doesn't show up in "postqueue -p" then the mail isn't in
postfix. Maybe you still have sendmail installed?
If you need more help, please provide more evidence.
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
Noel,
Thanks for your reply. From this log example, it does seem to be a
postfix-related message (and there are no sendmail daemons active):
Apr 30 15:14:55 enterprise postfix/smtpd[29644]: NOQUEUE: reject: RCPT from
AAA-AA-AAA.AAAAAAAA.AAAAA.AAA[DDD.DDD.DDD.DDD]: 554
5.7.1<AAA-AA-AAA.AAAAAAAA.AAAAA.AAA[DDD.DDD.DDD.DDD]>: Client host rejected: Access denied;
from=<a...@aaaa.ca> to=<aaaaa...@aaaaa.com> proto=ESMTP helo=<[DD.DDD.DDD.DDD]>
I notice that the above is from a remote location. The client settings have
been configured to authenticate (or were, at any rate). If they had been reset,
is this the message that would show in authentication was not in place?
This is mail trying to enter postfix, and postfix doesn't
accept it.
Is this you or your authorized client? If they successfully
AUTH postfix would log a line containing
... sasl_method=METHOD, sasl_username=userid, ...
or if they tried to AUTH and were unsuccessful, postfix would log
... authentication failed ...
The ACCESS DENIED message is from a REJECT command, and the
"Client host rejected" means the reject was either a bare
reject in smtpd_client_restrictions, or the result of a
check_client_access map lookup.
I don't see either of those anywhere in your config. Maybe
the client is connecting to another port, ie. submission or
smtps, with custom master.cf settings.
At any rate, if there is no message about either successful or
failed AUTH, then the client didn't attempt AUTH and was
correctly rejected.
-- Noel Jones
postconf -n is as follows:
[root@enterprise ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relayhost = [AAAA.AAAAA.net]
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.iprc.ca.cert
smtpd_tls_key_file = /etc/pki/tls/private/mail.iprc.ca.key
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Regards,
Des
--
Des Dougan
Principal
Dougan Consulting Group Inc.
http://www.DouganConsulting.tel<-- Get all my contact information here.
http://www.DouganConsulting.com
Peace of Mind, One Computer at a Time.
---
Imagine anyone on the planet being able to find and then contact you with a
single click. YourName.tel is all you will give anyone ever again. Want in?
http://registertel.tel/
