On April 2011, at 3:52 PM, Noel Jones wrote: > On 4/30/2011 5:36 PM, Des Dougan wrote: >> >> On April 2011, at 3:11 PM, Noel Jones wrote: >> >>> On 4/30/2011 4:26 PM, Des Dougan wrote: >>>> Hi, >>>> >>>> I'm fairly new to postfix and have recently set up an instance on a site >>>> with a newly-allocated static IP address. Mail was generally flowing in >>>> and out after I configured the postfix and dovecot; however, some messages >>>> were not being sent, showing "Client host rejected: Access denied" >>>> messages in the logs. >>>> >>>> As I analyzed this, it seemed to be caused by the static IP not having a >>>> good reputation with some sites' RBL policies. I therefore set the system >>>> up to relay via the ISP's mail servers, which is working OK. That said, >>>> I'm still seeing sending attempts (in /var/log/maillog) by what appear to >>>> be previous messages that didn't go out. These are not going via the >>>> relay; neither, though, do they show in the mail queue (via "postqueue >>>> -p"). >>>> >>>> Is there a way to re-inject these messages via the updated configuration >>>> so that they go out via the ISP as new messages are doing? I've done a >>>> fair bit of Googling but can't see how this might be achieved. >>>> >>>> Thanks, >>>> >>>> Des >>> >>> >>> To requeue mail, use "postsuper -r QUEUEID" or "postsuper -r ALL" >>> http://www.postfix.org/postsuper.1.html >>> >>> but if the mail doesn't show up in "postqueue -p" then the mail isn't in >>> postfix. Maybe you still have sendmail installed? >>> >>> If you need more help, please provide more evidence. >>> http://www.postfix.org/DEBUG_README.html#mail >>> >>> >>> >>> -- Noel Jones >> >> Noel, >> >> Thanks for your reply. From this log example, it does seem to be a >> postfix-related message (and there are no sendmail daemons active): >> >> Apr 30 15:14:55 enterprise postfix/smtpd[29644]: NOQUEUE: reject: RCPT from >> AAA-AA-AAA.AAAAAAAA.AAAAA.AAA[DDD.DDD.DDD.DDD]: 554 >> 5.7.1<AAA-AA-AAA.AAAAAAAA.AAAAA.AAA[DDD.DDD.DDD.DDD]>: Client host rejected: >> Access denied; from=<a...@aaaa.ca> to=<aaaaa...@aaaaa.com> proto=ESMTP >> helo=<[DD.DDD.DDD.DDD]> >> >> I notice that the above is from a remote location. The client settings have >> been configured to authenticate (or were, at any rate). If they had been >> reset, is this the message that would show in authentication was not in >> place? > > This is mail trying to enter postfix, and postfix doesn't accept it. > > Is this you or your authorized client? If they successfully AUTH postfix > would log a line containing > ... sasl_method=METHOD, sasl_username=userid, ... > > or if they tried to AUTH and were unsuccessful, postfix would log > ... authentication failed ... > > The ACCESS DENIED message is from a REJECT command, and the "Client host > rejected" means the reject was either a bare reject in > smtpd_client_restrictions, or the result of a check_client_access map lookup. > > I don't see either of those anywhere in your config. Maybe the client is > connecting to another port, ie. submission or smtps, with custom master.cf > settings. > > At any rate, if there is no message about either successful or failed AUTH, > then the client didn't attempt AUTH and was correctly rejected. > > > -- Noel Jones
Noel, Thanks for this. I'll follow-up with the client to ensure they're correctly set up. Regards, Des -- Des Dougan Principal Dougan Consulting Group Inc. http://www.DouganConsulting.tel <-- Get all my contact information here. http://www.DouganConsulting.com Peace of Mind, One Computer at a Time. --- Imagine anyone on the planet being able to find and then contact you with a single click. YourName.tel is all you will give anyone ever again. Want in? http://registertel.tel/
