On 29/05/2024 02:18, John Hill via Postfix-users wrote:
On 5/28/24 8:10 PM, John Hill via Postfix-users wrote:
On 5/28/24 8:00 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...]
Sending of the message failed.
An error occurred while sending mail. The mail server responded:
<jh...@noach.com>: Sender address rejected: Email blocked by
security policy.
Please check the message recipient "postfix-users@postfix.org"
and try again.
What does the log say about that attempt?
I believe that specific text indicates a problem in
smtpd_sender_restrictions.
May 28 19:02:04 proteus.noach.com opendmarc[504352]: ignoring
connection from gibson.noach.com
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
discarding EHLO keywords: CHUNKING
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
Anonymous TLS connection established from
gibson.noach.com[192.168.200.253]: TLSv1.3 with cipher TLS_AES_128_GC
M_SHA256 (128/128 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
discarding EHLO keywords: CHUNKING
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
NOQUEUE: reject: RCPT from gibson.noach.com[192.168.200.253]: 554
5.7.1 <jh...@noach.com>: Sender address rejec
ted: Email blocked by security policy; from=<jh...@noach.com>
to=<postfix-users@postfix.org> proto=ESMTP helo=<[192.168.200.253]>
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
too many errors after RCPT from gibson.noach.com[192.168.200.253]
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
disconnect from gibson.noach.com[192.168.200.253] ehlo=2 starttls=1
auth=1 mail=1 rcpt=0/1 commands=5/6
It's not something in smtpd_sender_restrictions, but this is as the
log says, a *Sender* stage failure. I don't see an XBL hit (which
makes sense, given the private client address) or anything
indicating a failure at the EHLO or client phases. I see from
earlier in the thread that you have smtpd_sender_login_maps set and
"Email blocked by security policy" seems like something you might
get from that lookup failing. The session summary shows that you did
authenticate but I see no indication of what your SASL login was. I
suspect that if you perform a query on your database for the sender
'jh...@noach.com' it will not return whatever login you
authenticated as.
I also thought for a moment that the problem was due to having
'permit_my_networks' before 'permit_sasl_authenticated' in 2
restriction lists and you hence never needing to authenticate, but
the session summary says otherwise. Note that if all of your
submission clients use authentication, permit_my_networks is
unnecessary.
I do not have a solution handy for you, but you have at least gotten
beyond the XBL issue. It seems possible that you only need to
harmonize the login used for authentication in Thunderbird with that
in your sender login map database.
Yes close, I'll figure it out, trial and error!
Thanks
--john
this worked - I think
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_rbl_client=zen.spamhaus,org=127.0.0.4,reject
I added and = after reject_rbl_client=
--john
I doubt it. By the time smtpd_recipient_restrictions is evaluated there
is the possibility that AUTH attempts have already been allowed. Benny's
suggestion elsewhere in this thread looks correct to me (substituting
his rbl with zen and return code 127.0.0.4).
John
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
