Greetings again,
first of all, my apologies for not following up earlier on my
initial request, pasted below for your convenience.
Truth is, for a lot of reasons not relevant for the list, further
experiments on this issues were partly not possible, partly not
necessary until this week.
Back to the issue, Noel (and Wietse, with other words) had said:
This indicates a check_client_access table that lists either the
hostname or IP with REJECT.
I don't see any check_client_access tables below. Are you sure
you're looking at the correct postfix configuration? Are there
some overrides listed in master.cf?
I checked and as far as I understand, there were overrides MISSING
from master.cf. smtpd_client_restrictions in the submission section did
NOT include permit_my_networks, only permit_sasl_authenticated,reject:
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
permit_mynetworks,permit_sasl_authenticated,reject
when I put back permit_mynetworks to that setting, email from the ip
listed in $my_networks restarted to be accepted and relayed to
destination. What else should I check/change, if anything?
Thanks,
Marco
On 2015-01-16 10:26, M. Fioretti wrote:
Greetings,
I have just "inherited" a postfix 2.6.6 server running on a Centos 6
server, whose postconf -n output is pasted below.
Everything seems fine to me (but of course any pointer to security
holes, or possibilities for improvement is welcome!) except one thing.
This server must relay email from only two sources:
a) messages sent through the local webmail interface
b) messages coming from another server some.server.com with a fixed ip
address,xxx.yyy.www.zzz : these are all notification messages from
cron jobs/shell scripts, for several people
a) is working perfectly, b) isn't. every message from some.server.com
is rejected as follows:
Jan 16 10:04:41 server postfix/smtpd[11561]: NOQUEUE: reject: RCPT
from some.server.com[xxx.yyy.www.zzz]: 554 5.7.1
<some.server.com[212.110.184.219]>: Client host rejected: Access
denied; from=<apa...@some.server.com> to=<mfiore...@nexaima.net>
proto=ESMTP helo=<some.server.com>
Yes, I **know** it is surely something trivial, but right now I am
obviously unable to see it. I have done several postfix configurations
in the past, but this time I seem back to square one...
What am I missing?
Thanks in advance,
Marco
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost
mydomain = $myhostname
myhostname = a.mx.example.com
mynetworks = 127.0.0.0/8, xxx.yyy.www.zzz
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
relay_domains =
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_helo_access hash:/etc/postfix/reject_own_helo
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/myssl/mycert.pem
smtpd_tls_key_file = /etc/myssl/mycert.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/mymail_storage
virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
virtual_transport = procmail
virtual_uid_maps = static:5000
--
http://mfioretti.com
