Asai:
> After investigating this issue further, it looks like there might be
> something I'm missing regarding postscreen. My reasoning for this is
> yesterday a client said she couldn't send email. I looked at her phone
> and the postfix logs and could see that her IP address was being
> rejected by postscreen:
Wietse:
> As documented ***DO NOT*** run postscreen on the server port
> that is used by mail client programs.
Asai:
> I'm wondering if I have something wrong in master.cf:
>
> 587 inet n - n - - smtpd
> smtp inet n - n - 1 postscreen
> smtpd pass - - n - - smtpd
> dnsblog unix - - n - 0 dnsblog
> tlsproxy unix - - n - 0 tlsproxy
> submission inet n - n - - smtpd
In that case one mistake is that the client connected to the wrong
service: they connected to service smtp(=port 25) instead of service
submission(=port 587). That's also why postscrfeen rejected the
client: the client came from a IP address dynamic pool.
Another mistake may be that you offer AUTH service on port 25.
An unrelated mistake is that you have two submission service entries
in master.cf: one called 587 and one called submission. Only the
last entry will be used, so it is a good idea to remove the first
one.
Wietse
