Re: Forward local account mail to virtual user
On 02/26/2015 05:28 AM, Viktor Dukhovni wrote: To take advantage of (commit acts of indecency with?) the local aliases file, you need to ensure that system accounts which are qualified with $myorigin are resolved to the local(8) mailer by virtue of $myorigin being one of the domains in $mydestination. My advice is to convert all the Debian stock aliases(5) entries to virtual(5) entries drop $myorigin/$myhostname from mydestionation and move on. Just set: mydestination = localhost, localhost.$mydomain and rewrite only addresses that need special processing (list-manager managed mailing lists mostly) to @localhost. All other rewriting can be based on virtual aliases. Of course any account with an actual local mailbox (or that relies on procmail or .forward files) still needs a rewrite to @localhost. Okay thanks, I'll spare me the trouble and exclusively use virtual entries, just as you suggested. After all, I don't think any local user will be added in future anyways. -- Xylia Cipriano
corrupt files
FreeBSD-10.1 amd64 I recently had a power outage that resulted in a system shutdown. When I rebooted the system, postfix elicited this massage: postfix/postfix-script: warning: damaged message: corrupt/3ktB2X6JxNz3DljZ postfix/postfix-script: warning: damaged message: corrupt/3ktG0Z1PCPz3DlXm I am wondering how to remove these files. I tried using "postsuper -d ALL" but that failed. I even tried giving it the ID number but it still did not delete the files. Is it okay to delete them manually? Thanks -- Jerry
Re: corrupt files
Postfix User: > FreeBSD-10.1 amd64 > > I recently had a power outage that resulted in a system shutdown. When I > rebooted the system, postfix elicited this massage: > > postfix/postfix-script: warning: damaged message: corrupt/3ktB2X6JxNz3DljZ > postfix/postfix-script: warning: damaged message: corrupt/3ktG0Z1PCPz3DlXm When Postfix doesn't find the expected information in a queue file, it saves the message in the "corrupt" directory. This happens only with messages that were already accepted into the queue (and deleted from the sender's queue or from the maildrop queue), not with messages that were still in transit. > I am wondering how to remove these files. I tried using "postsuper -d ALL" but > that failed. I even tried giving it the ID number but it still did not delete > the files. Is it okay to delete them manually? The files are not part of the mail queue, and you can therefore delete them without affecting how Postfix works. Depending on the kind of damage the postcat command may be able to save the sender/recipient informantion and some of the content. Wietse
Re: corrupt files
On Thu, 26 Feb 2015 11:24:51 -0500 (EST), Wietse Venema stated: > Postfix User: > > FreeBSD-10.1 amd64 > > > > I recently had a power outage that resulted in a system shutdown. When I > > rebooted the system, postfix elicited this massage: > > > > postfix/postfix-script: warning: damaged message: corrupt/3ktB2X6JxNz3DljZ > > postfix/postfix-script: warning: damaged message: corrupt/3ktG0Z1PCPz3DlXm > > When Postfix doesn't find the expected information in a queue file, > it saves the message in the "corrupt" directory. > > This happens only with messages that were already accepted into the > queue (and deleted from the sender's queue or from the maildrop > queue), not with messages that were still in transit. > > > I am wondering how to remove these files. I tried using "postsuper -d > > ALL" but that failed. I even tried giving it the ID number but it still > > did not delete the files. Is it okay to delete them manually? > > The files are not part of the mail queue, and you can therefore > delete them without affecting how Postfix works. Depending on the > kind of damage the postcat command may be able to save the > sender/recipient informantion and some of the content. > > Wietse Thank you. The files were 0 length, so I just deleted them. -rwx-- 1 postfix wheel 0B 2015-02-26 06:04:05 EST 3ktB2X6JxNz3DljZ* -rwx-- 1 postfix wheel 0B 2015-02-26 09:02:41 EST 3ktG0Z1PCPz3DlXm* -- Jerry
Re: corrupt files
Postfix User: > Thank you. The files were 0 length, so I just deleted them. > > -rwx-- 1 postfix wheel 0B 2015-02-26 06:04:05 EST 3ktB2X6JxNz3DljZ* > -rwx-- 1 postfix wheel 0B 2015-02-26 09:02:41 EST 3ktG0Z1PCPz3DlXm* Did you have multiple power failures, one at 06:04 and one at 09:02? Postfix sets the execute bit and fsync()s the file. Only after fsync() returns successfully Postfix sends a "I've got the message" reply to the sender, so that the sender can delete its copy. The above output suggests a system crash before fsync() completed. But these files have time stamps spaced three hours apart. Did you have multiple power failures? Wietse
Fwd: SASL On Postfix/Dovecot running on Freebsd 8.1
I had forgotten to put info on the contents of the master.cf
mtp inet n - n - - smtpd
2500 inet n - n - - smtpd
submission inet n - n - - smtpd -o
smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o
smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o
smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o
smtpd_sender_login_maps=hash:/usr/local/etc/postfix/virtual -o
smtpd_sender_restrictions=reject_sender_login_mismatch -o
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - n 60 1 pickup -o
content_filter= -o receive_override_options=no_header_body_checks
cleanupunix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 300 1 tlsmgr
rewriteunix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discardunix - - n - - discard
local unix - n n - - local
virtualunix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe flags=R
user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe user=cyrus
argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
scan unix - - n - 16 smtp -o
smtp_send_xforward_command=yes user=nobody argv=/usr/bin/perl
/usr/local/libexec/postfix/smtpd-policy.pl user=nobody argv=/usr/bin/perl
/usr/local/libexec/postfix/greylist.pl
smtp-amavis unix - - - - 2 lmtp -o
smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o
disable_dns_lookups=yes -o max_use=20
127.0.0.1:10025 inet n - - - - smtpd -o
content_filter= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o
smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining -o
smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.1/32 -o
smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o
smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o
smtpd_client_connection_rate_limit=0 -o smtpd_milters= -o
local_header_rewrite_clients= -o local_recipient_maps= -o relay_recipient_maps=
-o
receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
submission inet n - n - - smtpd -o
smtpd_etrn_restrictions=reject -o smtpd_sasl_type=dovecot -o
smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o
smtpd_reject_unlisted_sender=yes -o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
slow unix - - n - - smtp -o
smtp_connection_cache
smtpd_sasl_exceptions_networks doesn't work
Hi everyone! I want to allow sasl authentification only from specific networks. I've added smtpd_sasl_exceptions_networks option: smtpd_sasl_exceptions_networks = !10.0.0.0/8, !192.168.0.0/16, static:all Looks like everything is fine, EHLO doesn't show AUTH for alien networks: 250-example.com 250-PIPELINING 250-SIZE 1024 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN BUT I still can use AUTH LOGIN from any IP I want! Am I doing something wrong or have I forgot to add something? Oleg P.S. Postfix version 2.6.6
Re: SASL On Postfix/Dovecot running on Freebsd 8.1
jason hirsh: > I was getting some relay issues when my local IP changed so I realized or > thought that perhaps my SASL wasn?t working > > I did a bunch of tweaking which is never good but when i switched > my mail to port 587 i was able to once again send with no problem And you were not satisfied that it worked... > BUT when i did the telnet test froth postfix.org as follow > [smtp example trimmed] > AUTH PLAIN base64 gibberish > 535 5.7.8 Error: authentication failed: > > the base 64 encodes (\0user\@doman.com\0Password) > I also tried (\0user\@doman\.com\0Password) > I am running postfix 2.12-20140709 Dovecot version 1.2.17 I suspect that you erred while constructing the base64 text. If you don't follow the examples with bash, printf, or perl carefully, then it is unlikely to work. Wietse
Re: smtpd_sasl_exceptions_networks doesn't work
Oleg: > BUT I still can use AUTH LOGIN from any IP I want! smtpd_sasl_exceptions_networks What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. It works as described: Postfix does not announce AUTH support. This feature was donated to prevent certain network clients from messing up when the server announces AUTH support but the client has no login information. With smtpd_sasl_exceptions_networks, those clients would not try to authenticate and all was well. smtpd_sasl_exceptions_networks is obsoleted by smtpd_discard_ehlo_keywords and smtpd_discard_ehlo_keyword_address_maps. The latter two prevent Postfix from accepting AUTH commands. smtpd_sasl_exceptions_networks should probably be deprecated and eventually removed from documentation. Wietse
Re: Sender access issues
Hi,
A few days ago I was having an issue with not being able to use
sender_access to permit mail with non-existent hostnames to be delivered
that would normally be rejected:
Feb 24 16:48:55 mail01 postfix/smtpd[1945]: NOQUEUE: reject: RCPT from
smtp.lanyonmail.com[50.56.12.142]: 450 4.1.8 :
Sender address rejected: Domain not found; from=
to= proto=ESMTP helo=
Viktor had helped me get it working, or so I thought, but it was still
rejecting mail, and I don't entirely know why. I've since added an
additional check_sender_access to the recipient restrictions, and I
believe it's working again, but I didn't want to do it that way, and I'm
not even sure that was the actual fix, as I was working under pressure.
smtpd_recipient_restrictions =
...
check_sender_access hash:/etc/postfix/sender_checks,
--- ---
reject_unknown_sender_domain,
...
permit
smtpd_sender_restrictions = reject_unknown_sender_domain
-
I've separated out the smtpd_{client,recipient,sender}_restrictions, and
added the email address with the invalid domain I wish to allow to
sender_access, but it's still being rejected.
I've included my postconf output below, and hoped someone could review
it. I'd like to remove the check_sender_access in the recipient
restrictions to separate it out into the three different classes.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-user
biff = no
body_checks = regexp:/etc/postfix/body_checks.pcre
bounce_queue_lifetime = 1d
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_process_limit = 200
delay_warning_time = 4h
disable_vrfy_command = yes
fallback_relay =
header_checks = pcre:/etc/postfix/header_checks.pcre
pcre:/etc/postfix/header_checks-jimsun.pcre
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 2400
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain
mydomain = example.com
myhostname = bwimail01.example.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 68.123.123.40/29
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:$config_directory/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
dnsbl.sorbs.net=127.0.0.10*8 b.barracudacentral.org*7
dnsbl.sorbs.net=127.0.0.5*6 mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
bl.mailspike.net*4 bl.spamcop.net*4 bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 10m
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:8}s
postscreen_whitelist_interfaces = static:all 68.123.123.40/29
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = $mydestination, $transport_maps, example.com
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/client_checks,
check_client_access cidr:/etc/postfix/client_access_blocklist
smtpd_helo_required = yes
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_checks,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks,
reject_invalid_helo_hostname,
check_policy_service inet:127.0.0.1:2501,
check_recipient_access pcre:/etc/postfix/relay_recips_access,
permit
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_checks,
reject_unknown_sender_domain
transport_maps = hash:/etc/postfix/transport
vir
Re: corrupt files
On Thu, 26 Feb 2015 12:48:42 -0500 (EST), Wietse Venema stated: > Postfix User: > > Thank you. The files were 0 length, so I just deleted them. > > > > -rwx-- 1 postfix wheel 0B 2015-02-26 06:04:05 EST > > 3ktB2X6JxNz3DljZ* -rwx-- 1 postfix wheel 0B 2015-02-26 > > 09:02:41 EST 3ktG0Z1PCPz3DlXm* > > Did you have multiple power failures, one at 06:04 and one at 09:02? > > Postfix sets the execute bit and fsync()s the file. Only after > fsync() returns successfully Postfix sends a "I've got the message" > reply to the sender, so that the sender can delete its copy. > > The above output suggests a system crash before fsync() completed. > > But these files have time stamps spaced three hours apart. Did you > have multiple power failures? > > Wietse Yes, I did. The UPS apparently never kicked in. I have always had problems getting them to work on a FreeBSD system. One of these days I hope to get it working correctly. -- Jerry
Re: corrupt files
Wietse: > But these files have time stamps spaced three hours apart. Did you > have multiple power failures? Postfix User: > Yes, I did. The UPS apparently never kicked in. I have always had problems > getting them to work on a FreeBSD system. One of these days I hope to get it > working correctly. Thanks for the clarification. This explains the zero-length executable files with different time stamps. As for FreeBSD and UPSes, I have run FreeBSD for 18+ years backed up by a variety of UPSes, and all UPSes that I have used would take over as soon as power drops (or as soon as I yanked the power chord for testing). The only time this did not work was when I had plugged the computer into an UPS outlet that had surge protection only, no power backup. Wietse
Re: Sender access issues
On Thu, Feb 26, 2015 at 02:58:16PM -0500, Alex Regan wrote: > A few days ago I was having an issue with not being able to use > sender_access to permit mail with non-existent hostnames to be delivered > that would normally be rejected: > > Feb 24 16:48:55 mail01 postfix/smtpd[1945]: NOQUEUE: reject: RCPT from > smtp.lanyonmail.com[50.56.12.142]: 450 4.1.8 : Sender > address rejected: Domain not found; from= > to= proto=ESMTP helo= That was two days ago, who knows how it relates to your current configuration. Test by sending from the same address via a direct connection to your MTA and report results that match the exact configuration you're reporting. > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/sender_checks, > reject_unknown_sender_domain What does the below report (with the exact address from the unmunged log message): $ sender="myuser@lanyonrs.local" $ postmap -q "$sender" hash:/etc/postfix/sender_checks > smtpd_recipient_restrictions = > ... > check_sender_access hash:/etc/postfix/sender_checks, > reject_unknown_sender_domain, > ... Why is the sender logic repeated in the recipient restrictions? I am puzzled as to what you make of this configuration? Did you read through it yourself before posting? -- Viktor.
Re: Sender access issues
Hi, Feb 24 16:48:55 mail01 postfix/smtpd[1945]: NOQUEUE: reject: RCPT from smtp.lanyonmail.com[50.56.12.142]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= That was two days ago, who knows how it relates to your current configuration. Test by sending from the same address via a direct connection to your MTA and report results that match the exact configuration you're reporting. My apologies. I was having a little difficulty explaining what's happening while still keeping the history in tact. I thought it was working after the changes we made the other day, but it started rejecting the messages again in the same way as shown above: Feb 26 19:46:03 mail01 postfix/smtpd[23353]: NOQUEUE: reject: RCPT from smtp.lanyonmail.com[50.56.12.142]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= What does the below report (with the exact address from the unmunged log message): $ sender="myuser@lanyonrs.local" $ postmap -q "$sender" hash:/etc/postfix/sender_checks I had "*@lanyonrs.local OK" in sender_checks and it printed nothing. I added the explicit email address and it returns OK. Maybe that is what I inadvertently changed that caused it to stop working after some point that it was working. smtpd_recipient_restrictions = ... check_sender_access hash:/etc/postfix/sender_checks, reject_unknown_sender_domain, ... Why is the sender logic repeated in the recipient restrictions? I must not have explained very clearly that I had added that when it stopped working because it's what I last had working properly, and it did get it to work again. I'd now like to identify why the method we worked out two days ago stopped working and started to reject mail again. Thanks, Alex
Re: Sender access issues
On Thu, Feb 26, 2015 at 08:53:43PM -0500, Alex Regan wrote: > >What does the below report (with the exact address from > >the unmunged log message): > > > > $ sender="myuser@lanyonrs.local" > > $ postmap -q "$sender" hash:/etc/postfix/sender_checks > > I had "*@lanyonrs.local OK" in sender_checks and it printed nothing. I > added the explicit email address and it returns OK. Nothing in the Postfix documentation promises any special meaning for "*@domain" keys in indexed tables. If you're going by intuition and guess-work rather than documentation, you won't get far. The lookup keys for access tables are documented under: http://www.postfix.org/access.5.html To match every address in a domain, just use the domain as the lookup key: lanyonrs.local OK An even better solution is to fix the problem on the sender end, and use a real sending address. -- Viktor.
Re: Sender access issues
Hi, What does the below report (with the exact address from the unmunged log message): $ sender="myuser@lanyonrs.local" $ postmap -q "$sender" hash:/etc/postfix/sender_checks I had "*@lanyonrs.local OK" in sender_checks and it printed nothing. I added the explicit email address and it returns OK. Nothing in the Postfix documentation promises any special meaning for "*@domain" keys in indexed tables. If you're going by intuition and guess-work rather than documentation, you won't get far. The lookup keys for access tables are documented under: http://www.postfix.org/access.5.html To match every address in a domain, just use the domain as the lookup key: lanyonrs.local OK An even better solution is to fix the problem on the sender end, and use a real sending address. I even looked at access(5) just before sending this, and have no idea how I missed that. I think I need a break. Yes, certainly using a real address is the proper solution here. Thanks for your continued help with this. Alex
Re: Saslfinger download link
On Thu, Feb 26, 2015 at 1:12 AM, jekvb wrote: > Yo, > > I found that saslfinger is build right into Ubuntu > Otherwise you may download the rpm at filewatcher.com for rpms > Hmm, you are right. I can find it in third-party resources (RPM and DEB file). Just out of curiosity, what happened to *original* download link http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ ?
Re: Saslfinger download link
Am 27.02.2015 um 04:22 schrieb Masegaloeh: > On Thu, Feb 26, 2015 at 1:12 AM, jekvb wrote: >> Yo, >> >> I found that saslfinger is build right into Ubuntu >> Otherwise you may download the rpm at filewatcher.com for rpms >> > > > Hmm, you are right. I can find it in third-party resources (RPM and DEB file). > > Just out of curiosity, what happened to *original* download link > http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ ? > I think it moved or is in migration, stay tuned for more info Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: smtpd_sasl_exceptions_networks doesn't work
wie...@porcupine.org: Oleg: BUT I still can use AUTH LOGIN from any IP I want! smtpd_sasl_exceptions_networks What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. It works as described: Postfix does not announce AUTH support. This feature was donated to prevent certain network clients from messing up when the server announces AUTH support but the client has no login information. With smtpd_sasl_exceptions_networks, those clients would not try to authenticate and all was well. smtpd_sasl_exceptions_networks is obsoleted by smtpd_discard_ehlo_keywords and smtpd_discard_ehlo_keyword_address_maps. The latter two prevent Postfix from accepting AUTH commands. smtpd_sasl_exceptions_networks should probably be deprecated and eventually removed from documentation. Excellent. smtpd_discard_ehlo_keyword_address_maps solved my problem Thanks alot Oleg
