Hi,
>>>> or is it still related to the unresolvable
>>>> appl...@tank.sub1.domain.com host as I initially thought?
>
> You said it was still rejected, but didn't show the new log entry
> demonstrating the new problem. Without the new log entry, we can't
> tell what happened.
I'm sorry, I misunderstood. I meant that it's now working because I
added the IP to mynetworks. I'm otherwise still having the problem.
You had said that I likely have another reject_unknown_sender_domain
somewhere else in my config, and indeed, I do. It's under
smtpd_sender_restrictions:
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
If I remove it here, does it affect sasl users?
You've also suggested that check_client_access and check_sender_access
must be AFTER reject_unauth_destination, and BEFORE
reject_unknown_sender_domain, if I understood correctly. I've now
deleted those "special" files I had, and moved my main access files
between those two restrictions. Is this necessary because the
destination must first be validated before the sender is validated?
I've made these changes and included my new postconf below. Should I
have reject instead of permit at the end of
smtpd_recipient_restrictions?
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-u...@example.com
biff = no
body_checks = regexp:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_process_limit = 140
delay_warning_time = 10d
disable_vrfy_command = yes
fallback_relay =
header_checks = pcre:/etc/postfix/header_checks.pcre
pcre:/etc/postfix/header_checks-jimsun.pcre
html_directory = no
inet_protocols = ipv4
initial_destination_concurrency = 20
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 200000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 10d
message_size_limit = 13312000
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain
mydomain = guardiandigital.com
myhostname = nocmon.guardiandigital.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24,
68.111.222.40/29, 64.111.222.0/27
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*2 b.barracudacentral.org*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix-2.9.5/README_FILES
relay_domains = $mydestination, $transport_maps
sample_directory = /usr/share/doc/postfix-2.9.5/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_CAfile = /etc/pki/tls/cacert.pem
smtp_use_tls = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_unlisted_recipient,
permit_mynetworks, reject_unauth_destination,
check_client_access hash:/etc/postfix/client_checks,
check_sender_access hash:/etc/postfix/sender_checks,
reject_unknown_recipient_domain,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
reject_invalid_helo_hostname,
check_recipient_access pcre:/etc/postfix/relay_recips_segtravel,
check_recipient_access pcre:/etc/postfix/relay_recips_access,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname, nocmon.example.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual-segtravel
Thanks,
Alex
