Service currently unavailable

siefke_lis...@web.de Wed, 05 Jul 2017 06:45:41 -0700

Hello, 

i have the problem that all mails hang by postscreen. I think I be not
sure. I can not find a mistake in configuration. But local and from
outside hang all mails in postscreen and goes not through.


[root@de-fra ~]# cat /var/log/mail.log | grep "74.125.82.44"
Jul  5 15:21:25 de-fra.silviosiefke.com postfix/postscreen[3244]: CONNECT from 
[74.125.82.44]:37019 to [178.254.26.48]:25
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/tlsproxy[3251]: CONNECT from 
[74.125.82.44]:37019
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/tlsproxy[3251]: Anonymous TLS 
connection established from [74.125.82.44]:37019: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: NOQUEUE: 
reject: RCPT from [74.125.82.44]:37019: 450 4.3.2 Service currently 
unavailable; from=<siefkesil...@gmail.com>, to=<webmas...@silviosiefke.de>, 
proto=ESMTP, helo=<mail-wm0-f44.google.com>
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: HANGUP after 
0.14 from [74.125.82.44]:37019 in tests after SMTP handshake
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/tlsproxy[3251]: DISCONNECT 
[74.125.82.44]:37019
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: PASS NEW 
[74.125.82.44]:37019
Jul  5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: DISCONNECT 
[74.125.82.44]:37019

I use fuglu as "amavisd-new". The emails self now after 20 minuts is not in 
box. 

Thank you for help. 

Silvio 


[root@de-fra ~]# postconf -n
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/tables/aliases
anvil_rate_time_unit = 60s
bounce_size_limit = 8192
command_directory = /usr/bin
compatibility_level = 2
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/tables/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 127.0.0.1, 178.254.26.48
inet_protocols = ipv4
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 20480000
meta_directory = /etc/postfix
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = silviosiefke.com
myhostname = de-fra.silviosiefke.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = inet:127.0.0.1:12345
postscreen_access_list = permit_mynetworks 
cidr:/etc/postfix/tables/postscreen_access.cidr
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*2, bl.mailspike.net, bl.spamcop.net, 
b.barracudacentral.org, swl.spamhaus.org*-2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /etc/postfix
sendmail_path = /usr/bin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_tls_cert_file = /etc/letsencrypt/live/de-fra.silviosiefke.com/fullchain.pem
smtp_tls_ciphers = high
smtp_tls_key_file = /etc/letsencrypt/live/de-fra.silviosiefke.com/privkey.pem
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 20
smtpd_client_message_rate_limit = 50
smtpd_client_recipient_rate_limit = 50
smtpd_client_restrictions = permit_mynetworks, reject_invalid_hostname, 
reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, 
reject_unknown_client, check_client_access 
regexp:/etc/postfix/tables/client_restrictions permit
smtpd_data_restrictions = reject_unauth_pipelining, 
reject_multi_recipient_bounce, permit
smtpd_delay_reject = yes
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access 
hash:/etc/postfix/tables/helo_access, reject_unauth_pipelining, 
reject_non_fqdn_hostname, reject_invalid_hostname, warn_if_reject 
reject_unknown_hostname, permit
smtpd_milters = inet:127.0.0.1:12345
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10030, 
check_policy_service inet:127.0.0.1:12525, check_client_access 
hash:/etc/postfix/tables/blacklist, check_sender_access 
hash:/etc/postfix/tables/senderaccess, reject_non_fqdn_sender, 
reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_invalid_hostname, 
permit_mynetworks, reject_unauth_pipelining, reject_unknown_sender_domain, 
reject_unknown_recipient_domain, reject_unauth_destination, 
reject_unknown_client, permit
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, 
reject_unknown_sender_domain, reject_unknown_address
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = 
/etc/letsencrypt/live/de-fra.silviosiefke.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = ${config_directory}/dh/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh/dh512.pem
smtpd_tls_key_file = /etc/letsencrypt/live/de-fra.silviosiefke.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
soft_bounce = no
tls_export_cipherlist = 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ALL:!aNULL:!ADH:!3DES:!EXP:!RC4:!kKRB5:!aDSS:!DES:!aPSK:!kECDH:!RC2:!IDEA:!SEED:!CAMELLIA:!AES128-SHA
tls_preempt_cipherlist = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/tables/virtual
virtual_mailbox_base = /
virtual_mailbox_domains = $mydomain, silviosiefke.de, silviosiefke.fr

< master.cf >

smtp      inet  n       -       n       -       1       postscreen
  -o smtpd_proxy_filter=localhost:10025
  -o smtpd_client_connection_count_limit=10
  -o smtpd_proxy_options=speed_adjust

# fuglu include
127.0.0.1:10026 inet n  -       n       -        -      smtpd
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o receive_override_options=no_unknown_recipient_checks

smtpd     pass  -       -       n       -       -       smtpd
  -o smtpd_proxy_filter=localhost:10025
  -o smtpd_sasl_auth_enable=no

dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o 
smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
  -o smtpd_tls_dh1024_param_file=/etc/postfix/dh/dh2048.pem

pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

Service currently unavailable

Reply via email to