On Tue, May 24, 2011 at 04:08:36PM -0400, Ryan Buffa wrote:
> mydestination = $myhostname, localhost.$mydomain, localhost, mail2.4nova.net,
> $mydomain
So 4nova.net is your domain.
> mynetworks = 74.84.205.0/24, 74.95.99.16/28, 65.254.210.137, 74.84.205.84
And these are your trusted client networks.
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> check_sender_access hash:/etc/postfix/sender_access,
> reject_unauth_destination
> permit
This is broken. DO NOT use "check_sender_access" *above*
reject_unauth_destination. This can create an open-relay with
forged sender addresses. Move the "check_sender_access" below
"reject_unauth_destination" and make sure it only contains "REJECT"
rules (contains no OK rules).
> May 24 15:59:08 mail2 postfix/smtpd[20542]: AA561359557D:
> client=localhost[127.0.0.1]
Wrong queue-id, instead find the logs for "610E03595566:"
which is the upstream for "AA561359557D".
> May 24 15:59:08 mail2 postfix/smtp[20897]: 610E03595566: to=<jyfr...@163.com>,
> relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=2.4/0/0.01/0.11,
> dsn=2.0.0, status=sent (250 2.0.0 Ok, id=21180-02, from
> MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA561359557D)
--
Viktor.
