Hello.
My MTA (Debian Lenny with postfix+amavisd-new+spamassassin+clamav) rejected an
SMTP connection from Yahoo:
Jun 13 17:04:01 av7 postfix/smtpd[25250]: NOQUEUE: reject: RCPT from
sonic317-25.consmr.mail.ir2.yahoo.com[87.248.110.215]: 554 5.7.1
<sonic317-25.consmr.mail.ir2.yahoo.com[87.248.110.215]>: Client host rejected:
Access denied; from=<x...@yahoo.it> to=<y...@example.com> proto=ESMTP
helo=<sonic317-25.consmr.mail.ir2.yahoo.com>
I can't figure out why. Here my postfix config:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
append_dot_mydomain = no
biff = no
bounce_size_limit = 1
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024 header_checks =
regexp:/etc/postfix/header_checks inet_interfaces = all mailbox_size_limit = 0
message_size_limit = 31457280 mydestination = xxx.example.com,
localhost.example.com, , localhost myhostname = xxx.example.com mynetworks =
127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname
proxy_read_maps = proxy:mysql:/etc/postfix/mysql-relay-recipients.cf
proxy:mysql:/etc/postfix/mysql-relay-domains.cf
proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
proxy:mysql:/etc/postfix/mysql-check-client-access.cf proxy:unix:passwd.byname
proxy:mysql:/etc/postfix/mysql-virtual-transports.cf
readme_directory = no
receive_override_options = no_address_mappings recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/mysql-relay-domains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-relay-recipients.cf
relayhost =
smtp_host_lookup = native
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 20 smtpd_client_connection_rate_limit =
40 smtpd_client_message_rate_limit = 50 smtpd_client_recipient_rate_limit = 250
smtpd_error_sleep_time = 0s smtpd_hard_error_limit = 10 smtpd_recipient_limit =
100 smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031
permit_sasl_authenticated check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-access.cf permit_mynetworks
reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unlisted_sender reject_unlisted_recipient reject_unknown_sender_domain
reject_invalid_hostname reject_rbl_client psbl.surriel.com, reject_rhsbl_sender
dsn.rfc-ignorant.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client
truncate.gbudb.net, reject_rbl_client zen.spamhaus.org, check_policy_service
inet:127.0.0.1:2501 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options =
noanonymous smtpd_sender_restrictions = check_sender_access
proxy:mysql:/etc/postfix/mysql-check-sender-access.cf check_recipient_access
proxy:mysql:/etc/postfix/mysql-check-sender-access.cf check_recipient_access
proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
smtpd_soft_error_limit = 5
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual-transports.cf
As you can see ' smtpd_client_restrictions' is not used.
Could someone explain the reason of the rejection?
Regards,
RS
