NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-02

Solved: 550 SMTP Reject only working without

domain.tld

From: Anton Herber (anton.herberincom.de)
Date: Thu Feb 07 2008 - 02:09:33 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for the reply. I got it working yesterday evening using the right
values "example.com" for $mydestination.
After that all restrictions worked out fine. Anyway I changed the values
you was talking about, leaving some as they are (smtpd_banner).

Thanks.

Am 06.02.2008 19:52, mouss schrieb:
> Anton Herber wrote:
>> Am 06.02.2008 16:40, Charles Marcus schrieb:
>>
>>> On 2/6/2008, Anton Herber (anton.herberincom.de) wrote:
>>>
>>>> postconf (because I'm unsure if I should post the whole configfile
>>>> into
>>>> this mail
>>>>
>>> Paste output of 'postconf -n' only
>>>
>>>
>>
>> done. Thanks.
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> daemon_directory = /usr/libexec/postfix
>> debug_peer_level = 2
>> home_mailbox = Maildir/
>> html_directory = no
>> inet_interfaces = sub.domain.tld, localhost
>>
> is the default ("all") not good for you?
changed.
>> local_recipient_maps = unix:passwd.byname, $alias_maps
>> mail_owner = postfix
>> mailbox_command = /usr/bin/procmail -d "$USER"
>> mailbox_size_limit = 9291456000
>> mailq_path = /usr/bin/mailq.postfix
>> manpage_directory = /usr/share/man
>> message_size_limit = 92914560
>> mydestination = $myhostname
>> mydomain = sub.domain.tld
>> myhostname = incommail.storage.incom.de
>> mynetworks = 127.0.0.0/8, 192.168.0.0/24, 192.168.100.0/24
>> mynetworks_style = class
>>
> remove this. you already have mynetworks, so there is no place for a
> style:)
done.
>> newaliases_path = /usr/bin/newaliases.postfix
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/doc/postfix-2.4.6/README_FILES
>> receive_override_options = no_address_mappings
>>
> beware the dog... if you ever disable the content filter and the
> receive_override_options in master.cf, you'll have no rewrite...
> should be ok now, but document it to avoid "white nights".
removed "receive_override_options" compleatly. Put it in only for testing.

>>
> relay_domains = $mydestination, domain.tld, sub.domain.tld, and_other.tld
>
> 1- remove $mydestination from relay_domains
> 2- put valid relay users in relay_recipient_maps. the default is to
> accept all relay recipients.
> 3- next time; use example.com, example.net, example.org, *.example as
> example domains.
1. done
2. relay_recipient_maps is not used at the moment
3. okay
>> sample_directory = /usr/share/doc/postfix-2.4.6/samples
>> sendmail_path = /usr/sbin/sendmail.postfix
>> setgid_group = postdrop
>> smtp_tls_note_starttls_offer = yes
>> smtp_use_tls = yes
>> smtpd_banner = $myhostname ESMTP
>>
> relayhost = [192.168.100.30]
> remove this. the default is good for you, us and them.
Why should the default be good for me? I have a mailrelay within DMZ
which receives mail from outside and inside. That's the .30.
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated,permit_mynetworks,check_relay_domains,reject_unlisted_recipient,check_recipient_maps
>>
>>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated
> permit_mynewtorks
> reject_unauth_destination
> reject_unlisted_recipient
> #reject_unlisted_sender
> reject_unknown_sender_domain
beautiful... done :-)
>>
> smtpd_reject_unlisted_recipient = yes
> this is the default.
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain =
>> smtpd_sasl_security_options = noanonymous
>> smtpd_sender_restrictions =
>> permit_mynetworks,reject_unknown_sender_domain
>>
>
> if you put reject_unknown_sender_domain under
> smtpd_recipient_restrictions, you won't need this anymore.
removed.
>> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
>> smtpd_tls_auth_only = no
>> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
>> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
>> smtpd_tls_loglevel = 1
>> smtpd_tls_received_header = yes
>> smtpd_tls_session_cache_timeout = 3600s
>> smtpd_use_tls = yes
>> soft_bounce = no
>> tls_random_source = dev:/dev/urandom
>> transport_maps = hash:/etc/postfix/transport
>> unknown_local_recipient_reject_code = 550
>>
>>
>
Thank you for your suggestions.

Anton

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]