Re: Incoming smtp: 554 Access Denied

Wed, 24 Jun 2009 14:41:18 -0700 


Noel Jones wrote:



The "smtps" service is for your own mail clients to use.  This is a 
deprecated method of encryption sometimes called SSL (not to be 
confused with HTTPS/SSL) in some mail clients.  Clients that don't 
authenticate via SASL should be rejected.
Typically only "older" MUAs and some Microsoft products need the smtps 
service.  Most modern clients use STARTTLS on the "submission" service.


Just turn it off (comment it out) if you don't need it.

All of my mail users are connecting through smtps. So I guess I'd like 
to keep it.



The permit_tls_clientcerts function is probably not what you want.  
The typical use case is MTA to MTA authenticated relaying since few 
end-user mail programs support certificate based authentication.

Yeah, I'm still trying to get a grasp of the situation.  After reading 
more it does not seem to be the best option.





If you can explain what you mean by "allow these tls connections" we 
can give more pointers.

Looking at the logs, the company that is having issues with our mail 
server only has issue occasionally.  It appears to be one server in 
particular.  This one server always starts a TLS connection, and that's 
usually the end of it.



Here are the logs that I see.  The first connection is the problem the 
others work well.


# grep 69.74.116 /var/log/maillog

Jun 24 09:30:50 mail postfix/smtpd[44853]: connect from 
bb02d1.eurorscg.com[69.74.116.40]
Jun 24 09:30:50 mail postfix/smtpd[44853]: setting up TLS connection 
from bb02d1.eurorscg.com[69.74.116.40]
Jun 24 09:30:50 mail postfix/smtpd[44853]: Anonymous TLS connection 
established from bb02d1.eurorscg.com[69.74.116.40]: SSLv3 with cipher 
RC4-MD5 (128/128 bits)
Jun 24 09:30:50 mail postfix/smtpd[44853]: NOQUEUE: reject: RCPT from 
bb02d1.eurorscg.com[69.74.116.40]: 554 5.7.1 
<bb02d1.eurorscg.com[69.74.116.40]>: Client host rejected: Access 
denied; from=<xremov...@euroscg.com> to=<xremov...@psyop.tv> proto=ESMTP 
helo=<bb02d1.eurorscg.com>
Jun 24 09:30:50 mail postfix/smtpd[44853]: disconnect from 
bb02d1.eurorscg.com[69.74.116.40]
Jun 24 14:24:16 mail postfix/smtpd[58786]: connect from 
ms01d1.eurorscg.com[69.74.116.44]
Jun 24 14:24:16 mail postfix/smtpd[58786]: 246F6102D3F: 
client=ms01d1.eurorscg.com[69.74.116.44]
Jun 24 14:24:16 mail postfix/smtpd[58786]: disconnect from 
ms01d1.eurorscg.com[69.74.116.44]
Jun 24 14:24:22 mail amavis[59190]: (59190-01-3) Checking: 
[69.74.116.44] <xremov...@euroscg.com> -> <xremov...@psyop.tv>
Jun 24 14:24:22 mail amavis[59190]: (59190-01-3) Passed CLEAN, 
[69.74.116.44] [69.74.116.44] <xremov...@euroscg.com> -> 
<xremov...@psyop.tv>, Message-ID: <xremov...@euroscg.com>, Hits: -, 415 ms
Jun 24 14:38:17 mail postfix/smtpd[58080]: connect from 
ms01d1.eurorscg.com[69.74.116.44]
Jun 24 14:38:17 mail postfix/smtpd[58080]: 516EE102D2C: 
client=ms01d1.eurorscg.com[69.74.116.44]
Jun 24 14:38:17 mail postfix/smtpd[58080]: disconnect from 
ms01d1.eurorscg.com[69.74.116.44]
Jun 24 14:38:18 mail amavis[59880]: (59880-01) Checking: [69.74.116.44] 
<xremov...@euroscg.com> -> <xremov...@psyop.tv>
Jun 24 14:38:18 mail amavis[59880]: (59880-01) Passed CLEAN, 
[69.74.116.44] [69.74.116.44] <xremov...@euroscg.com> -> 
<xremov...@psyop.tv>, Message-ID: <xremov...@euroscg.com>, Hits: -, 337 ms
Jun 24 14:46:18 mail postfix/smtpd[58785]: connect from 
ms08d1.eurorscg.com[69.74.116.58]
Jun 24 14:46:18 mail postfix/smtpd[58785]: 80A51102D2A: 
client=ms08d1.eurorscg.com[69.74.116.58]
Jun 24 14:46:18 mail postfix/smtpd[58785]: disconnect from 
ms08d1.eurorscg.com[69.74.116.58]
Jun 24 14:46:18 mail amavis[60310]: (60310-01) Checking: [69.74.116.58] 
<xremov...@euroscg.com> -> <xremov...@psyop.tv>
Jun 24 14:46:19 mail amavis[60310]: (60310-01) Passed CLEAN, 
[69.74.116.58] [69.74.116.58] <xremov...@euroscg.com> -> 
<xremov...@psyop.tv>, Message-ID: <xremov...@euroscg.com>, Hits: -, 329 ms
Jun 24 14:47:10 mail postfix/smtpd[58786]: connect from 
ms07d1.eurorscg.com[69.74.116.48]
Jun 24 14:47:10 mail postfix/smtpd[58786]: 55F11102D2D: 
client=ms07d1.eurorscg.com[69.74.116.48]
Jun 24 14:47:10 mail postfix/smtpd[58786]: disconnect from 
ms07d1.eurorscg.com[69.74.116.48]
Jun 24 14:47:12 mail amavis[60310]: (60310-07) Checking: [69.74.116.48] 
<xremov...@euroscg.com> -> <xremov...@psyop.tv>
Jun 24 14:47:12 mail amavis[60310]: (60310-07) Passed CLEAN, 
[69.74.116.48] [69.74.116.48] <xremov...@euroscg.com> -> 
<xremov...@psyop.tv>, Message-ID: <xremov...@euroscg.com>, Hits: -, 283 ms



Is there a single site or book that I should read?  I feel as if I am 
running around blindfolded.  I'm glad you folks have been kind enough to 
tell me when to turn.

-jesse























					Reply via email to