On 4/21/2010 10:15 PM, David Cottle wrote:
Sent from my iPhone
On 22/04/2010, at 12:00, Noel Jones <njo...@megan.vbhcs.org> wrote:
On 4/21/2010 6:35 PM, David Cottle wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am having some issues with my server blocking ISP IP addresses.
I know a recent update to plesk-9.5.1 changed my postfix main.cf and
master.cf (the timestamps changed). I managed to fix main.cf as on
the smtpd_client_restrictions, they put the RBLs first.
Can anyone see what is wrong in the master.cf?
I just want submission on 587 able to bypass RBL checks:
you must have missed the answer yesterday.
#
# Postfix master process configuration file. For details on the format
==========================================================================
[...]
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_sasl_authenticated,reject -o
smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025
add here:
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-- Noel Jones
Hi Noel,
Okay I did miss this! I will add your smtpd_helo_restrictions as above.
What exactly does that do as to not having it?
The suggested config above prevents settings in main.cf from
interfering with settings on the submission port.
I have to get my client to try sending email again and dig out the logs.
What I can't understand is he has 3 OS on his PC.
Fedora 11 and Windows XP using thunderbird, exactly same settings and
both can RX but not send mail.
Windows 7, using thunderbird it RX and Sends.
Same details, ports, it's got the server certificate same on all 3 but
only W7 works.
That's very important information. That makes this sound very
much like a client configuration issue, not postfix.
If you still think it's postfix, show your current "postconf
-n" and master.cf, and show logs demonstrating that the client
authenticates yet is rejected.
But according to the config you posted earlier, if the client
does authenticate they will bypass RBL checks. So you need to
show proof the client authenticated and was rejected.
Next nail, same client can submit mail using a different
configuration on the same hardware with the same IP. Sounds
as if they are able to authenticate with at least one config.
Without further evidence, this isn't a postfix issue. Fix the
client.
-- Noel Jones