Re: Rejecting mails from one server

Fri, 24 May 2019 09:39:27 -0700 

On Fri, May 24, 2019 at 10:38:29AM +0300, Andrey Repin wrote:

> May 24 08:07:39 mxs postfix/smtp/smtpd[1938]: NOQUEUE: reject: RCPT from 
> mail.regionspb.net[84.204.28.35]: 450 4.7.0 <[email protected]>: Recipient 
> address rejected: defer_if_reject requested; from=<[email protected]> 
> to=<[email protected]> proto=ESMTP helo=<mail.regionspb.net>
> May 24 10:13:22 mxs postfix/smtp/smtpd[2615]: NOQUEUE: reject: RCPT from 
> mail.regionspb.net[84.204.28.35]: 450 4.7.0 <[email protected]>: Recipient 
> address rejected: defer_if_reject requested; from=<> to=<[email protected]> 
> proto=ESMTP helo=<mail.regionspb.net>

> smtp       inet  n       -       y       -       -       smtpd
>  -o syslog_name=postfix/smtp
>  -o smtpd_helo_restrictions=reject_invalid_helo_hostname
>  -o {smtpd_sender_restrictions=
>        reject_non_fqdn_sender
>        reject_unknown_sender_domain}
>  -o {smtpd_relay_restrictions=
>        defer_if_reject
>        reject_unauth_destination}
>  -o {smtpd_recipient_restrictions=
>       reject_non_fqdn_recipient
>       reject_unknown_recipient_domain
>       reject_unauth_destination
>       check_recipient_access hash:$config_directory/maps/mydestination
>       check_policy_service unix:private/policy-spf}
>  -o smtpd_data_restrictions=reject_unauth_pipelining
>  -o smtpd_milters=unix:spamass/spamass.sock

Is this reaally necessary?  Moving the settings to main.cf would
be wiser.  As to the matter at hand, remove the "defer_if_reject"
from "smtpd_relay_restrictions" and you'll see the real reason the
mail is being rejected (by some later restriction).  If you want
soft_failure, try "-o soft_fail=yes"

> smtpd_recipient_restrictions = reject_non_fqdn_recipient 
> reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated 
> defer_if_reject reject_unauth_destination
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
> defer_unauth_destination
> smtpd_sender_restrictions = reject_non_fqdn_sender 
> reject_unknown_sender_domain reject_unlisted_sender check_sender_access 
> hash:$config_directory/maps/mydestination permit_mynetworks 
> permit_sasl_authenticated defer

Also in main.cf, avoid spurious "defer_if_reject".

-- 
        Viktor.

Reply via email to