Hi all.
I have a postfix instance which is top-priority MX for domain2.com
(domain2.com. 86400 IN MX 0 srv.domain.com.)
There also is an A record "mail.domain2.com" pointing at the postfix
server.
Today this happened:
Apr 14 06:37:20 srv postfix/smtpd[11880]: connect from
mail-ey0-f179.google.com[209.85.215.179]
Apr 14 06:37:21 srv postfix/smtpd[11880]: 3647717945E8:
client=mail-ey0-f179.google.com[209.85.215.179]
Apr 14 06:37:21 srv postfix/cleanup[7635]: 3647717945E8: message-id=<CAO
+p8-9qW8d1Tmg_cPQ+orK+Zvfm9a8wZSb=x-rsnvdxfrs...@mail.gmail.com>
Apr 14 06:37:21 srv postfix/qmgr[14006]: 3647717945E8:
from=<u...@gmail.com>, size=1532, nrcpt=1 (queue active)
Apr 14 06:37:21 srv postfix/smtpd[7644]: connect from
localhost[127.0.0.1]
Apr 14 06:37:21 srv postfix/smtpd[7644]: DC8AA17945E9:
client=localhost[127.0.0.1]
Apr 14 06:37:21 srv postfix/cleanup[7635]: DC8AA17945E9: message-id=<CAO
+p8-9qW8d1Tmg_cPQ+orK+Zvfm9a8wZSb=x-rsnvdxfrs...@mail.gmail.com>
Apr 14 06:37:21 srv postfix/qmgr[14006]: DC8AA17945E9:
from=<u...@gmail.com>, size=1989, nrcpt=1 (queue active)
Apr 14 06:37:21 srv postfix/smtpd[7644]: disconnect from
localhost[127.0.0.1]
Apr 14 06:37:21 srv amavis[5610]: (05610-06) Passed CLEAN,
[209.85.215.179] [209.85.215.179] <u...@gmail.com> ->
<localu...@mail.domain2.com>, Message-ID: <CAO+p8-9qW8d1Tmg_cPQ+orK
+Zvfm9a8wZSb=x-rsnvdxfrs...@mail.gmail.com>, mail_id: lNborMoObesQ,
Hits: 0.915, size: 1532, queued_as: DC8AA17945E9, dkim_id=@gmail.com,
428 ms
Apr 14 06:37:21 srv postfix/smtp[7636]: 3647717945E8:
to=<localu...@mail.domain2.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=1.1, delays=0.7/0/0/0.43, dsn=2.0.0, status=sent (250 2.0.0 Ok,
id=05610-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
DC8AA17945E9)
Apr 14 06:37:21 srv postfix/qmgr[14006]: 3647717945E8: removed
Apr 14 06:37:22 srv postfix/smtp[13618]: setting up TLS connection to
out.domain.com[10.0.90.12]:587
Apr 14 06:37:22 srv postfix/smtp[13618]: Untrusted TLS connection
established to out.domain.com[10.0.90.12]:587: TLSv1 with cipher
ADH-AES256-SHA (256/256 bits)
Apr 14 06:37:23 srv postfix/smtp[13618]: DC8AA17945E9:
to=<localu...@mail.domain2.com>, relay=out.domain.com[10.0.90.12]:587,
delay=1.5, delays=0.01/0/1.1/0.34, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as D42A8298052D)
Apr 14 06:37:23 srv postfix/qmgr[14006]: DC8AA17945E9: removed
Apr 14 06:37:24 srv postfix/smtpd[13623]: connect from
out.domain.com[10.0.90.12]
Apr 14 06:37:24 srv postfix/smtpd[13623]: NOQUEUE: reject: RCPT from
out.domain.com[10.0.90.12]: 554 5.7.1 <localu...@mail.domain2.com>:
Relay access denied; from=<u...@gmail.com>
to=<localu...@mail.domain2.com> proto=ESMTP helo=<out.domain.com>
Apr 14 06:37:25 srv postfix/smtpd[13623]: disconnect from
out.domain.com[10.0.90.12]
What I don't get is why was the message accepted for relay.
"virtual_mailbox_domains" only lists "domain2.com", definitely not
"mail.domain2.com". Also, "localu...@domain2.com" is valid but
"localu...@mail.domain2.com" isn't.
Any clues?
postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maximal_queue_lifetime = 14d
message_size_limit = 0
milter_default_action = accept
mydestination = mail.domain.com, dsrv.domain.com, localhost.domain.com,
localhost, srv.domain.com
myhostname = srv.domain.com
mynetworks = [::1]/128, 127.0.0.0/8, 172.16.0.0/24, 10.0.88.0/23
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_map
recipient_delimiter = +
relay_domains = lists.domain.com
relayhost = [out.domain.com]:587
sender_bcc_maps = hash:/etc/postfix/sender_bcc_map
sender_dependent_relayhost_maps = hash:/etc/postfix/relay_map
smtp_tls_loglevel = 1
smtp_tls_policy_maps = hash:/etc/postfix/tls-policy
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 150
smtpd_client_event_limit_exceptions
= .google.com, .stanford.edu, .nyu.edu
smtpd_client_restrictions = check_recipient_access
hash:/etc/postfix/classes, permit_mynetworks,
permit_sasl_authenticated,
check_client_access cidr:/etc/postfix/cidr_checks, check_client_access
cidr:/etc/postfix/cidr_asia, check_client_access
pcre:/etc/postfix/fqrdns.regexp, reject_rbl_client
bl.mailspike.net, reject_rbl_client bl.spamcop.net,
reject_rbl_client dyna.spamrats.com, reject_rbl_client
noptr.spamrats.com, reject_rbl_client spam.spamrats.com,
reject_rbl_client zen.spamhaus.org, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_client_access
cidr:/etc/postfix/cidr_checks, check_recipient_access
regexp:/etc/postfix/accounts_regex, check_recipient_access
mysql:/etc/postfix/mysql-virtual_blocked.cf, check_policy_service
inet:127.0.0.1:2501, reject_unauth_destination,
reject_unlisted_recipient, permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_restriction_classes = nodnsfilter
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql-virtual_sender_check.cf
smtpd_sender_restrictions = check_recipient_access
hash:/etc/postfix/classes, reject_authenticated_sender_login_mismatch,
check_sender_access hash:/etc/postfix/origin_access_checks,
check_client_access hash:/etc/postfix/mx_whitelist, permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
reject_non_fqdn_sender, reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender
dsn.rfc-ignorant.org, permit
smtpd_timeout = 60
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_exchange_name = ${data_directory}/prng_exch
transport_maps = mysql:/etc/postfix/mysql-virtual_transport.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
