On Wed, Jun 10, 2015 at 11:01:09AM -0700, PGNd wrote:
> Sending a test message via the local server, log at the smarthost shows
> message reject "Recipient address rejected: Access denied",
>
> Jun 10 08:14:52 remote016 postfix/smarthost/smtpd[20272]: Trusted
> TLS connection established from
> internal.local010.DDDD.com[10.128.1.10]: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> Jun 10 08:14:52 remote016 postfix/smarthost/smtpd[20272]: NOQUEUE:
> reject: RCPT from internal.local010.DDDD.com[10.128.1.10]: 554
> 5.7.1 <check-a...@verifier.port25.com>: Recipient address rejected:
> Access denied; from=<ad...@dddd.com>
> to=<check-a...@verifier.port25.com> proto=ESMTP helo=<mail.DDDD.com>
>
> The smarhost config
> ...
> [internal.remote016.DDDD.com]:587 inet n - n - - smtpd
> -o permit_tls_clientcerts=yes
No such parameter.
> -o relay_clientcerts=lmdb:/etc/postfix/smarthost_clientcerts
Check the content with "postmap -q <fingerprint> lmdb:..."
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=
> -o smtpd_relay_restrictions=permit_tls_clientcerts,reject
> -o smtpd_data_restrictions=
> -o smtpd_end_of_data_restrictions=
This looks like "permit_tls_clientcerts" did not match.
> -o amavisdfeed:[127.0.0.1]:40001
This is surely not a valid "-o" option. Did you "postfix reload"
after changing master.cf? That setting should trigger a fatal
error, and no messages coming in at all via the service in question.
Is the client connecting to this or some other service?
--
Viktor.
