Hi all,
I'm using postfix-2.10.3 on fedora20 and having trouble with outbound mail
getting rejected due restrictions in my body_checks. I thought I had the
ordering correct, but I apparently don't know how to allow mynetworks to be
excluded from the body restrictions.
I've included my postconf output below, and hoped someone could help me
understand where my configuration error is.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-user
biff = no
body_checks = regexp:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_process_limit = 200
delay_warning_time = 4h
disable_vrfy_command = yes
fallback_relay =
header_checks = pcre:/etc/postfix/header_checks.pcre
pcre:/etc/postfix/header_checks-jimsun.pcre
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 24000000
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain
mydomain = example.com
myhostname = mail01.example.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24, 68.111.222.40/29
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:$config_directory/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*3 b.barracudacentral.org*2
list.dnswl.org=127.0.[2..14].[2..3]*-4
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
postscreen_whitelist_interfaces = static:all 68.111.222.40/29
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = $mydestination, $transport_maps, example.com, cs.example.com,
example.com
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client_access_blocklist
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
check_client_access hash:/etc/postfix/client_checks_special, #
client checks permitted before mynetworks
check_sender_access hash:/etc/postfix/sender_checks_special, #
sender checks permitted before mynetworks
reject_non_fqdn_sender, reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination, reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks,
reject_invalid_helo_hostname,
check_policy_service inet:127.0.0.1:2501, # sqlgrey
check_client_access hash:/etc/postfix/client_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_recipient_access pcre:/etc/postfix/relay_recips_seg,
check_recipient_access pcre:/etc/postfix/relay_recips_access,
check_recipient_access pcre:/etc/postfix/prop_recip_map,
check_recipient_access pcre:/etc/postfix/recipient_checks,
check_recipient_access pcre:/etc/postfix/relay_recip_checks,
check_recipient_access pcre:/etc/postfix/relay_recips_ecartis,
permit
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual,
hash:/etc/postfix/virtual-seg
Thanks so much,
Alex
