On 11/13/2012 1:30 AM, Pierre-Gilles RAYNAUD wrote: > Hi Everyone, > > The submission port is setup like this > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_sasl_security_options=noanonymous > -o > smtpd_sender_restrictions=reject_unknown_sender_domain,reject_non_fqdn_sender
OK so far. > -o > smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject > -o milter_macro_daemon_name=ORIGINATING This isn't the cause of your rejections, but the reject_non_fqdn_recipient above is useless. If mail is in mynetworks or authenticated, it will pass anyway. Otherwise it is rejected anyway. If you want to enforce non fqdn recipient, move it to the front of the list. > > and when the client application is outside the mynetwork definition, > i.e.: domaingprs.tld (see below) > we get this error, > > Nov 11 14:16:31 serv001 postfix/smtpd[30545]: connect from > wn1nat29.domaingprs.tld[xxx.yyy.zzz.29] > Nov 11 14:16:42 serv001 postfix/smtpd[30545]: NOQUEUE: reject: RCPT > from wn1nat29.domaingprs.tld[xxx.yyy.zzz..29]: 454 4.7.1 > <wn1nat29.domaingprs.tld[xxx.yyy.zzz.29]>: Client host rejected: Access > denied; from=<u...@ourdomain.tld> to=<some...@gmail.com > <mailto:some...@gmail.com>> proto=ESMTP > helo=<[10.224.148.220]> > Nov 11 14:16:48 serv001 postfix/smtpd[30545]: disconnect from > wn1nat29.domaingprs.tld[xxx.yyy.zzz.29] > > but when the client application is inside our network definition, the > mail is correctly sent. Your settings in main.cf are interfering with your submission port. Add to your submission entry: -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject You might want to add permit_mynetworks to the above also, but that's not usually used on the submission port. -- Noel Jones
