On Sun, Jun 01, 2014 at 07:56:17PM -0600, Glenn English wrote:
> debug_peer_level = 5
Drop this down to 2, so you'll actually be able to see useful
logging, rather than low-level noise.
> debug_peer_list = bouldermedicaladvocate.com aerco.net
> mydestination =
> localhost, localdomain, localhost.localdomain,
> $mydomain, $dmzdomain, $netdomain,
> $orgdomain, $landomain, $dmzdomain, a204.$mydomain, mail.$mydomain,
> smtp.$mydomain, server.$mydomain, localhost.$mydomain, mail.$dmzdomain,
> log.$dmzdomain, localhost.$dmzdomain, mail.$landomain, sbox.$landomain,
> lanserver.$landomain, pblinux.$landomain, slsware.wif, pblinux.slsware.wif,
> gmail.com
You sure don't seem to want to be able to send email to gmail.com.
> mynetworks =
> 127.0.0.0/8, 192.168.0.0/22,
> $mydestination richeyrentals.com
> 76.96.30.0/24
Mynetworks needs to contain CIDR blocks, not domain names. Thus
$mydestination and richeyrentals.com are pointless here.
> smtpd_delay_reject = no
A really bad idea. Try "yes".
> smtpd_recipient_restrictions =
> permit_mynetworks
> reject_unauth_destination
> reject_unauth_pipelining
> check_recipient_access hash:/etc/postfix/role_recipient_exceptions
> reject_invalid_helo_hostname
> reject_unlisted_recipient
> reject_multi_recipient_bounce
> check_client_access hash:/etc/postfix/client_checks
> check_helo_access hash:/etc/postfix/helo_checks
> check_sender_access hash:/etc/postfix/sender_checks
> permit
Only clients in mynetworks can relay. SASL authenticated users don't have
relay rights (unless they're using port 587 with overrides in master.cf).
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_authenticated_header = yes
> > smtpd_sasl_path = private/auth
> > smtpd_sasl_type = dovecot
Which makes these rather pointless (modulo port 587 submission).
> These are a little bent from my trying to deal with the problem...
No logs? No psychics on this list. You need to look at log messages
showing rejected/failed attempts to send mail that should have been
accepted/processed correctly.
--
Viktor.
