Relay access denied issue

2011-08-12 Thread Marco van Kammen 
Dear List,

Very basic relaying setup.
Mail coming in from specific range of servers is allowed and forwarded to their 
final destinations.

Postfix 2.3.3

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

/etc/postfix/access
/etc/postfix/access.db

10.35.0.0/16OK

Most servers within the 10.35.0.0/16 range are allowed just fine..
Mail from one specific ip keeps bouncing:

Aug 11 14:22:33 serverX postfix/smtpd[28348]: NOQUEUE: reject: RCPT from 
serverX.is.local[10.35.10.34]: 554 5.7.1 : Relay access 
denied; from= to= proto=ESMTP 
helo=

I'm pretty sure I'm missing something very simple, but I just can't see it!

Thanks for any hints in the right direction!

[cid:blank29.gif]
Marco van Kammen
Applicatiebeheerder
[cid:blank4823.gif]


[cid:blank6784.gif]
Mirabeau | Managed ServicesDr. C.J.K. van Aalstweg 8F 301, 1625 NV Hoorn
+31(0)20-5950550  -  www.mirabeau.nl
[Mirabeau]

[cid:leaf3d6c.gif]  Please consider the environment before printing this 
email



<><><><><><>

Re: Relay access denied issue

2011-08-12 Thread Jeroen Geilman 

On 2011-08-12 09:00, Marco van Kammen wrote:


Dear List,

Very basic relaying setup.

Mail coming in from specific range of servers is allowed and forwarded 
to their final destinations.


Postfix 2.3.3



Consider upgrading; this version is no longer suported.


postconf --n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

html_directory = no

inet_interfaces = all

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain, localhost

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

sample_directory = /usr/share/doc/postfix-2.3.3/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

unknown_local_recipient_reject_code = 550

/etc/postfix/access

/etc/postfix/access.db

10.35.0.0/16OK



This database is not referenced anywhere.


Most servers within the 10.35.0.0/16 range are allowed just fine..

Mail from one specific ip keeps bouncing:

Aug 11 14:22:33 serverX postfix/smtpd[28348]: NOQUEUE: reject: RCPT 
from serverX.is.local[10.35.10.34]: 554 5.7.1 : 
Relay access denied; from= 
to= proto=ESMTP helo=


I'm pretty sure I'm missing something very simple, but I just can't 
see it!




To RELAY mail through postfix, one of the following must be true:

- either the recipient domain appears in relay_domains, OR
- the source IP(s) appear in mynetworks, OR
- there is a client access map that is actually applied somewere.

I don't see any of the above happening; this means the default for 
mynetworks is used: the IP of the postfix server, and the smallest IP 
range it is a member of.


Since you say this concerns a known set of internal IPs, use the following:

mynetworks = 127.0.0.1/8 10.35.0.0/16

and verify that:

smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination


http://www.postfix.org/postconf.5.html#mynetworks
http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions

If this server is accessible from the outside, those restrictions are 
NOT sufficient: http://www.postfix.org/SMTPD_ACCESS_README.html



--
J.

Re: sender_bcc - patterns questions

2011-08-12 Thread Jeroen Geilman 

On 2011-08-12 01:37, Troy Piggins wrote:

On Thu, Aug 11, 2011 at 10:02:21AM +1000, Troy Piggins wrote:

On Wed, Aug 10, 2011 at 09:47:37AM +0200, Jeroen Geilman wrote:



It is not a variable expansion. Use this instead:

/(user1)@mydomain.com/  $1_s...@mydomain.com

Read http://www.postfix.org/pcre_table.5.html, section Text Substitution for
details.

Note that this offers zero advantage over an exact match.

Thankyou!  That works.  I now have this and it seems to be working fine:

if !/^(excludeduser1|root|.+_sent)@mydomain\.com$/
/^(.+)@mydomain\.com$/ ${1}_s...@mydomain.com
endif

Perhaps I spoke too soon.  This is creating duplicates.  Any pointers on why?
I could see a loop problem if the "if/endif" condition wasn't there, but
shouldn't that prevent "_sent" messages going through again?

For completeness, the procmail rule I use is:

:0:
* ^X-Original-To:.*_sent@mydomain\.com
| gzip -fc9>>  ${HOME}/Sent_${DATE}.gz

The duplicates do not show up in the sender's normal Sent folder, but do show
up in the gzipped archive.  Using my "old" method of manually adding/deleting
each user as they join/leave the company, and using a hash table instead of
pcre, this worked and didn't create duplicates:

us...@mydomain.com  user1_s...@mydomain.com
us...@mydomain.com  user2_s...@mydomain.com
us...@mydomain.com  user3_s...@mydomain.com
and so on...

I can't see my error, please help.


Really, use an archive DOMAIN. This precludes any looping.

--
J.

mail server on vm

2011-08-12 Thread Amira Othman 
Hi all,

I am configuring mail server on virtual machine for testing. I am using
centos 5.6 and postfix-2.3.3-2.3.el5_6. I can send without problems but I
can't receive mails. I don't have mx record I tried to add to  hosts file
but no change. is mx record a must even if I am using for testing only?? Is
there any alternatives of using mx record locally something like hosts file

Regards


Amira Othman

Server Administrator

  www.cairosource.com

 



6 EL Nil EL Abyad, Mohandiseen 

Cairo, Egypt

Direct: +2 02 3303 7175
Mobile:   +2 012 220 4165

 

The information transmitted is intended solely for the individual or entity
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of or
taking action in reliance upon this information by persons or entities other
than the intended recipient is prohibited. If you have received this email
in error please contact the sender and delete the material from any
computer.

 

 

<>

Re: mail server on vm

2011-08-12 Thread zoolook 
2011/8/12 Amira Othman 

> Hi all,
>
> I am configuring mail server on virtual machine for testing. I am using
> centos 5.6 and postfix-2.3.3-2.3.el5_6. I can send without problems but I
> can’t receive mails. I don’t have mx record I tried to add to  hosts file
> but no change. is mx record a must even if I am using for testing only?? Is
> there any alternatives of using mx record locally something like hosts file
> 
>
>
>
Have you tried telnet?

$ telnet ip-of-vm 25

Regards,
Norberto

Relaying with amazon cloud questions

2011-08-12 Thread Alex 
Hi,

We have set up an application using the amazon cloud service, and
having a problem with relaying. How do I properly authorize the amazon
servers to relay mail through our server?

Aug 11 17:06:39 portal postfix/smtpd[13792]: NOQUEUE: reject: RCPT
from ec2-184-72-46-254.us-west-1.compute.amazonaws.com[184.72.46.254]:
554 5.7.1 : Helo command rejected: You are not in
example.com; from= to=
proto=ESMTP helo=

Thanks,
Alex

Re: mail server on vm

2011-08-12 Thread Erwan Loaëc 
You can also try through your favorite mail client (thunderbird, etc...) 
and define your VM-TEST-SERVER as the smtp server for your mail account.


zoolook wrote:
2011/8/12 Amira Othman >


Hi all,

I am configuring mail server on virtual machine for testing. I am
using centos 5.6 and postfix-2.3.3-2.3.el5_6. I can send without
problems but I can’t receive mails. I don’t have mx record I tried
to add to  hosts file but no change. is mx record a must even if I
am using for testing only?? Is there any alternatives of using mx
record locally something like hosts file



Have you tried telnet?

$ telnet ip-of-vm 25

Regards,
Norberto

Re: Relaying with amazon cloud questions

2011-08-12 Thread Wietse Venema 
Alex:
> Hi,
> 
> We have set up an application using the amazon cloud service, and
> having a problem with relaying. How do I properly authorize the amazon
> servers to relay mail through our server?
> 
> Aug 11 17:06:39 portal postfix/smtpd[13792]: NOQUEUE: reject: RCPT
> from ec2-184-72-46-254.us-west-1.compute.amazonaws.com[184.72.46.254]:
> 554 5.7.1 : Helo command rejected: You are not in
> example.com; from= to=
> proto=ESMTP helo=

1) Remove all the "extra" rules that you have added to main.cf. These
rules are causing the above error.

2) Start at http://www.postfix.org/BASIC_CONFIGURATION_README.html.

Wietse

Re: mail server on vm

2011-08-12 Thread Peter Blair 
The RFC stipulates that only an A record is required.  Mind you, your
/etc/hosts file isn't equivalent to an A record.  Configure an
override in your transport file for testing.

Oh, and try not to send HTML mails to mailing lists.

On Fri, Aug 12, 2011 at 9:46 AM, Amira Othman  wrote:
>
> Hi all,
>
> I am configuring mail server on virtual machine for testing. I am using 
> centos 5.6 and postfix-2.3.3-2.3.el5_6. I can send without problems but I 
> can’t receive mails. I don’t have mx record I tried to add to  hosts file but 
> no change. is mx record a must even if I am using for testing only?? Is there 
> any alternatives of using mx record locally something like hosts file
>
> Regards

Re: Relaying with amazon cloud questions

2011-08-12 Thread Alex 
Hi,

>> We have set up an application using the amazon cloud service, and
>> having a problem with relaying. How do I properly authorize the amazon
>> servers to relay mail through our server?
>>
>> Aug 11 17:06:39 portal postfix/smtpd[13792]: NOQUEUE: reject: RCPT
>> from ec2-184-72-46-254.us-west-1.compute.amazonaws.com[184.72.46.254]:
>> 554 5.7.1 : Helo command rejected: You are not in
>> example.com; from= to=
>> proto=ESMTP helo=
>
> 1) Remove all the "extra" rules that you have added to main.cf. These
> rules are causing the above error.
>
> 2) Start at http://www.postfix.org/BASIC_CONFIGURATION_README.html.

I see that this error is being produced by my helo_checks file, but it
also catching a lot of malicious mail as well.

I really thought I had a better understanding of my configuration than
I apparently do. Can you help me to consider more specifically which
options contain my mistake? This is postfix v2.5.5.

alias_maps = hash:/etc/postfix/aliases
bounce_queue_lifetime = $maximal_queue_lifetime
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = $myhostname
local_recipient_maps =
mail_owner = postfix
mailbox_size_limit = 82120
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 50d
message_size_limit = 5024
mydestination = $myhostname, localhost.$mydomain
mydomain = example.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/README_FILES
receive_override_options = no_address_mappings
relay_domains = $mydestination, example.com
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_mechanism_filter = plain, login
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
check_client_access cidr:/etc/postfix/asian-ip5.txt
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks permit_sasl_authenticated
check_client_access hash:/etc/postfix/pop-before-smtp
check_client_access hash:/etc/postfix/client_checks
reject_unauth_destination
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unknown_sender_domain
check_client_access hash:/etc/postfix/client_checks
check_client_access pcre:/etc/postfix/client_checks.pcre
check_helo_access hash:/etc/postfix/helo_checks
check_sender_access hash:/etc/postfix/sender_checks
check_sender_access hash:/etc/postfix/disallow_my_domain
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre
reject_rbl_client zen.spamhaus.org

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_restrictions = permit_sasl_authenticated,  permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus

Thanks,
Alex

Re: Relaying with amazon cloud questions

2011-08-12 Thread Wietse Venema 
Alex:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi,
> 
> >> We have set up an application using the amazon cloud service, and
> >> having a problem with relaying. How do I properly authorize the amazon
> >> servers to relay mail through our server?
> >>
> >> Aug 11 17:06:39 portal postfix/smtpd[13792]: NOQUEUE: reject: RCPT
> >> from ec2-184-72-46-254.us-west-1.compute.amazonaws.com[184.72.46.254]:
> >> 554 5.7.1 : Helo command rejected: You are not in
> >> example.com; from= to=
> >> proto=ESMTP helo=
> >
> > 1) Remove all the "extra" rules that you have added to main.cf. These
> > rules are causing the above error.
> >
> > 2) Start at http://www.postfix.org/BASIC_CONFIGURATION_README.html.
> 
> I see that this error is being produced by my helo_checks file, but it
> also catching a lot of malicious mail as well.

If the "relay" clients have a static IP address, see:
http://www.postfix.org/BASIC_CONFIGURATION_README.html.

Wietse

Re: Relaying with amazon cloud questions

2011-08-12 Thread Wietse Venema 
Wietse Venema:
> Alex:
> > Hi,
> > 
> > >> We have set up an application using the amazon cloud service, and
> > >> having a problem with relaying. How do I properly authorize the amazon
> > >> servers to relay mail through our server?
> > >>
> > >> Aug 11 17:06:39 portal postfix/smtpd[13792]: NOQUEUE: reject: RCPT
> > >> from ec2-184-72-46-254.us-west-1.compute.amazonaws.com[184.72.46.254]:
> > >> 554 5.7.1 : Helo command rejected: You are not in
> > >> example.com; from= to=
> > >> proto=ESMTP helo=
> > >
> > > 1) Remove all the "extra" rules that you have added to main.cf. These
> > > rules are causing the above error.
> > >
> > > 2) Start at http://www.postfix.org/BASIC_CONFIGURATION_README.html.
> > 
> > I see that this error is being produced by my helo_checks file, but it
> > also catching a lot of malicious mail as well.
> 
> If the "relay" clients have a static IP address, see:
> http://www.postfix.org/BASIC_CONFIGURATION_README.html.

Otherwise, see http://www.postfix.org/SASL_README.html (for SASL
authentication) or http://www.postfix.org/TLS_README.html (for
TLS authenticationa nd encryption).

Wietse

PATCH: Milter question

2011-08-12 Thread Wietse Venema 
Wietse Venema:
> Christian Roessner:
> > Aug 11 14:57:11 mx0 postfix-loopback/smtpd[10241]: event: SMFIC_CONNECT;
> > macros: j=mx0.roessner-net.de {daemon_name}=mx0.ro
> > essner-net.de {client_ptr}=localhost {client_connections}=570245840
> > v=Postfix 2.8.4
> 
> The client_connections macro reports some uninitialized value.  This
> happens because the anvil daemon was not queried for the remote
> SMTP client connection count, as the remote SMTP client was excluded
> from connection count limits.
> 
> Workaround: don't exclude clients from connection count limits.
> 
> /etc/postfix/main.cf:
> smtpd_client_connection_count_limit = 1000
> smtpd_client_event_limit_exceptions = 

[20110811-milter-connection-count-patch] follows.

Wietse

20110811

Workaround: report a {client_connections} Milter macro value
of zero instead of garbage, when the remote SMTP client is
excluded from connection count limits. Problem reported by
Christian Roessner. File: smtpd/smtpd_state,c,

diff -cr /var/tmp/postfix-2.9-20110729-nonprod/src/smtpd/smtpd_state.c 
src/smtpd/smtpd_state.c
*** /var/tmp/postfix-2.9-20110729-nonprod/src/smtpd/smtpd_state.c   Thu Jan 
 6 07:12:49 2011
--- src/smtpd/smtpd_state.c Thu Aug 11 14:56:52 2011
***
*** 84,89 
--- 84,90 
  state->service = mystrdup(service);
  state->buffer = vstring_alloc(100);
  state->addr_buf = vstring_alloc(100);
+ state->conn_count = state->conn_rate = 0;
  state->error_count = 0;
  state->error_mask = 0;
  state->notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks,

Re: mail server on vm

2011-08-12 Thread Jeroen Geilman 

  
  
On 2011-08-12 15:46, Amira Othman wrote:

  
  
  
  
  
Hi all,
I am configuring mail server on virtual
  machine for testing. I am using centos 5.6 and
  postfix-2.3.3-2.3.el5_6. I can send without problems but I
  can’t receive mails. I don’t have mx record I tried to add to 
  hosts file but no change.
  


If you want postfix to respect your hosts file, you need to set

        disable_dns_lookups = yes

in main.cf.



  
 is mx record a must even if I am using for
  testing only?? 
  


No, an MX record is not required. You can always send mail to the
FQDN of your postfix server.


  
Is there any alternatives of using mx
  record locally something like hosts file
Regards

  

  
Amira
  Othman
Server
  Administrator
www.cairosource.com
 
  
  

  
  
6 EL Nil EL
Abyad, Mohandiseen 
Cairo, Egypt
Direct:     +2 02 3303
7175
Mobile:   +2 012 220 4165
 
  

  

The information
transmitted is intended solely for the individual or entity
to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission,
dissemination or other use of or taking action in reliance
upon this information by persons or entities other than the
intended recipient is prohibited. If you have received this
email in error please contact the sender and delete the
material from any computer.
 
 
  



-- 
J.

Re: mail server on vm

2011-08-12 Thread Wietse Venema 
Jeroen Geilman:
> On 2011-08-12 15:46, Amira Othman wrote:
> >
> > Hi all,
> >
> > I am configuring mail server on virtual machine for testing. I am 
> > using centos 5.6 and postfix-2.3.3-2.3.el5_6. I can send without 
> > problems but I can't receive mails. I don't have mx record I tried to 
> > add to  hosts file but no change.
> >
> 
> If you want postfix to respect your hosts file, you need to set
> 
>  disable_dns_lookups = yes
> 
> in main.cf.

For finer control, use "smtp_host_lookup = dns, native" or
"smtp_host_lookup = native".

http://www.postfix.org/postconf.5.html#smtp_host_lookup

Wietse
> 
> > is mx record a must even if I am using for testing only??
> >
> 
> No, an MX record is not required. You can always send mail to the FQDN 
> of your postfix server.
> 
> > Is there any alternatives of using mx record locally something like 
> > hosts file
> >
> > Regards
> >
> > *Amira Othman***
> >
> > *Server Administrator*
> >
> > *www.cairosource.com* **
> >
> > 
> >
> > **
> >
> > 
> >
> > 6 EL Nil EL Abyad, Mohandiseen
> >
> > Cairo, Egypt
> >
> > *Direct: *  +2 02 3303 7175
> > *Mobile: *  +2 012 220 4165
> >
> > The information transmitted is intended solely for the individual or 
> > entity to which it is addressed and may contain confidential and/or 
> > privileged material. Any review, retransmission, dissemination or 
> > other use of or taking action in reliance upon this information by 
> > persons or entities other than the intended recipient is prohibited. 
> > If you have received this email in error please contact the sender and 
> > delete the material from any computer.
> >
> 
> 
> -- 
> J.
>