On 5/7/2018 3:01 PM, bstaggs wrote: > Greetings, > > I am attempting to allow mail relay from a specific IP address but can't > seem to make it work correctly. I am running Postfix 2.10.1 and with > "debug_peer_level = 2" and "debug_peer_list = xx.yyy.99.9", I get the > following error: >
Turn off debug logging. It it unlikely to help solve this issue, and the real problem is likely to be lost in a flood of irrelevant information. Your two examples connect to the submission and smtps services rather than regular port 25 smtp. It's common for those ports to have overrides in master.cf to permit only sasl authenticated clients. If you need more help, see http://www.postfix.org/DEBUG_README.html and especially http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones > > May 7 14:47:19 fender postfix/submission/smtpd[23487]: NOQUEUE: reject: > RCPT from host01.domain.net[xx.yyy.99.9]: 554 5.7.1 > <xxxxxx1...@mms.att.net>: Relay access denied; from=<u...@domain.net> > to=<xxxxxx1...@mms.att.net> proto=SMTP helo=<host01.domain.net> > May 7 14:09:32 fender postfix/submission/smtpd[23487]: generic_checks: > name=reject_unauth_destination status=2 > > ... > > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: >>> START Client host > RESTRICTIONS <<< > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: generic_checks: > name=permit_mynetworks > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: permit_mynetworks: > host01.domain.net xx.yyy.99.9 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_hostname: > host01.domain.net ~? 127.0.0.0/8 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_hostaddr: > xx.yyy.99.9 ~? 127.0.0.0/8 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_hostname: > host01.domain.net ~? 69.8.3.64/28 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_hostaddr: > xx.yyy.99.9 ~? xx.x.3.64/28 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_hostname: > host01.staggs.net ~? xx.yyy.99.9 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_hostaddr: > xx.yyy.99.9 ~? xx.yyy.99.9 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_list_match: > permit_mynetworks: no match > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: generic_checks: > name=permit_mynetworks status=1 > > > I assume "generic_checks: name=permit_mynetworks status=1" means the client > IP is listed in "mynetwork" based on googling similar errors. > > I see the same "status=1" on >>> START Sender address RESTRICTIONS <<< and >>>> START Recipient address RESTRICTIONS <<< > > > Oddly there seem to be a second section of ">>> START Recipient address > RESTRICTIONS <<<" > > > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: >>> START Recipient > address RESTRICTIONS <<< > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: generic_checks: > name=permit_sasl_authenticated > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: match_list_match: > permit_sasl_authenticated: no match > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: generic_checks: > name=permit_sasl_authenticated status=1 > May 7 14:47:19 fender postfix/smtps/smtpd[23826]: >>> END Recipient address > RESTRICTIONS <<< > > > > > I have these settings in my main.cf: > > mynetworks = 127.0.0.0/8, 69.8.x.xx/28, xx.yyy.99.9 > > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination > > smtpd_client_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > check_client_access hash:/etc/postfix/access > > smtpd_sender_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > check_sender_access hash:/etc/postfix/access > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_invalid_hostname, > reject_unknown_recipient_domain, > reject_unauth_pipelining, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net, > reject_rbl_client dnsbl.sorbs.net, > reject_rbl_client cbl.abuseat.org, > permit > > Any advice on how to debug further would be appreciated. > > Thank you, > > -- > bstaggs > > > > > > > > > > > > > > > > > > > > > > -- > Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html >
