On Mon, Nov 05, 2012 at 09:57:58AM -0500, James Chase wrote: > Could someone help me figure out which rule exactly is blocking > this e-mail?
It would have been easier if you had disclosed the contents of the various maps you are using, but I can surely narrow it down. > We are trying to migrate a domain to another e-mail service and in > the meantime the new service is sending mail from a domain that > postfix accepts mail for. Whenever that migrating domain sends mail > to a domain hosted on the old/current mail system, I get this > message. I'm guessing that has something to do with the access > denied error anyways but maybe not. > > 2012-11-02T16:36:51.995398-04:00 mx1 postfix/smtpd[19150]: NOQUEUE: > reject: RCPT from > tx2ehsobe001.messaging.microsoft.com[65.55.88.11]: 554 5.7.1 > <jch...@migrating-domain.com>: Sender address rejected: Access > denied; from=<jch...@migrating-domain.com> > to=<ja...@hosted-domain.net> proto=ESMTP > helo=<tx2outboundpool.messaging.microsoft.com> You have a check_sender_access lookup which is returning a REJECT (with no further reason specified) for that sender address. > Here is postconf -n > smtpd_recipient_restrictions = permit_mynetworks, check_sender_access > hash:/etc/postfix/EMAIL_ADDRESS_CHECKS/mywhitelist.map, there's one > check_recipient_access > hash:/etc/postfix/EMAIL_ADDRESS_CHECKS/mywhitelist_recipients.map, > check_sender_access hash:/etc/postfix/EMAIL_ADDRESS_CHECKS/myspamlist.map, > reject_unauth_destination, check_sender_access > hash:/etc/postfix/NETWORK_CHECKS/disallow_my_domain.map, there are two more > reject_non_fqdn_sender, reject_non_fqdn_recipient, > reject_unknown_reverse_client_hostname, reject_unverified_recipient, > reject_unknown_sender_domain, check_sender_access > pcre:/etc/postfix/MISC_CHECKS/ascii.pcre, and another > check_recipient_access > pcre:/etc/postfix/MISC_CHECKS/ascii.pcre, check_sender_mx_access > cidr:/etc/postfix/NETWORK_CHECKS/drop.cidr, check_policy_service > inet:127.0.0.1:10023, check_helo_access > pcre:/etc/postfix/NETWORK_CHECKS/helo_hostnames.pcre, > pcre:/etc/postfix/EMAIL_ADDRESS_CHECKS/to_recipients_bw.regexp > reject_non_fqdn_helo_hostname reject_invalid_helo_hostname See "man postmap" and the -q option to query your maps: postmap -q unmunged@sender.address maptype:mapname See also "man 5 access", "EMAIL ADDRESS PATTERNS", for the various different lookups you might need to try. One of those is returning a REJECT result. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
