From: Brian Carroll (BCarrollsecurenetdesigns.com)
Date: Tue Mar 04 2008 - 21:09:21 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Heya All,

 I have a particular sender who cannot seem to send to one of my users.
My mail server is in production and receives mail from all over the
world. The senders admin has tried to send from two different servers
(albeit on the same subnet and in the same domain). From testing it
seems (operative word!) that postfix is denying the access before the
mail gets handed to amavisd, i.e. the reason for the reject is in the
postfix config.

I have searched the mailing list archives to no avail.

My mail server is set up with virtual users via Postfixadmin and also
utilizes Maia Mailguard. The error message is:

Mar 4 13:34:50 mail postfix/smtpd[18939]: NOQUEUE: reject: RCPT from
webmail4.dioceseofgreensburg.org[208.40.129.242]: 554 5.7.1
<webmail4.dioceseofgreensburg.org[208.40.129.242]>: Client host
rejected: Access denied; from=<removed senders address> to=<removed
valid recipient address> proto=ESMTP
helo=<WebMail4.DioceseOfGreensburg.org>

My particulars as they seem to pertain:

CentOS 5

Postfix-2.3.3-2

amavisd-maia (but as I said, the logs don't show the msg being sent to
amavisd like mail accepted by Postfix usually is)

My postconf -n output:

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

content_filter = amavis:[127.0.0.1]:10024

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

disable_vrfy_command = yes

html_directory = no

inet_interfaces = all

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 20971520

mydestination = $myhostname, localhost.$mydomain, localhost

myhostname = <removed FQDN>

mynetworks = 127.0.0.0/8, 192.168.1.0/24, 172.16.1.0/24

newaliases_path = /usr/bin/newaliases.postfix

proxy_interfaces = <Removed non-RFC1918 NAT IP Address>

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

receive_override_options = no_address_mappings

sample_directory = /usr/share/doc/postfix-2.3.3/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_tls_note_starttls_offer = yes

smtp_use_tls = yes

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_path = /var/run/dovecot/auth-client

smtpd_sasl_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_tls_auth_only = no

smtpd_tls_cert_file = <removed - Verisign cert>

smtpd_tls_key_file = <removed - Verisign cert>

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

strict_rfc821_envelopes = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:89

virtual_mailbox_base = /opt/hostedmail/

virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 89

virtual_transport = virtual

virtual_uid_maps = static:89

Also, if you see anything that seems incorrect in my config, feel free
to point it out. But I am really after the cause of the 554 issue. Is
there some behavior I have configured my MTA to expect from theirs that
isn't happening? Any help would be greatly appreciated.

Regards,

Brian Carroll

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]