On 13/11/12 19:08, Noel Jones wrote: > On 11/13/2012 1:30 AM, Pierre-Gilles RAYNAUD wrote: >> Hi Everyone, >> >> The submission port is setup like this >> submission inet n - n - - smtpd >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_sasl_security_options=noanonymous >> -o >> smtpd_sender_restrictions=reject_unknown_sender_domain,reject_non_fqdn_sender > OK so far. > >> -o >> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject >> -o milter_macro_daemon_name=ORIGINATING > This isn't the cause of your rejections, but the > reject_non_fqdn_recipient above is useless. If mail is in > mynetworks or authenticated, it will pass anyway. Otherwise it is > rejected anyway. If you want to enforce non fqdn recipient, move it > to the front of the list. > Thank you for the advice. I have updated accordingly. I used an example as model. >> and when the client application is outside the mynetwork definition, >> i.e.: domaingprs.tld (see below) >> we get this error, >> >> Nov 11 14:16:31 serv001 postfix/smtpd[30545]: connect from >> wn1nat29.domaingprs.tld[xxx.yyy.zzz.29] >> Nov 11 14:16:42 serv001 postfix/smtpd[30545]: NOQUEUE: reject: RCPT >> from wn1nat29.domaingprs.tld[xxx.yyy.zzz..29]: 454 4.7.1 >> <wn1nat29.domaingprs.tld[xxx.yyy.zzz.29]>: Client host rejected: Access >> denied; from=<u...@ourdomain.tld> to=<some...@gmail.com >> <mailto:some...@gmail.com>> proto=ESMTP >> helo=<[10.224.148.220]> >> Nov 11 14:16:48 serv001 postfix/smtpd[30545]: disconnect from >> wn1nat29.domaingprs.tld[xxx.yyy.zzz.29] >> >> but when the client application is inside our network definition, the >> mail is correctly sent. > Your settings in main.cf are interfering with your submission port. > Add to your submission entry: > -o smtpd_helo_restrictions= > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > > You might want to add permit_mynetworks to the above also, but > that's not usually used on the submission port. > > > -- Noel Jones I did. But the issue was elsewehre .... and solved Thank you for your time and advice.
PGR
