On Tue, Apr 12, 2011 at 02:09:11PM -0400, Eric Cunningham wrote:
> Hi, on occassion, I'm noting rejected emails without any specific
> reason logged. Without a reason, it's hard to pinpoint a fix to
> allow legit emails through. Here's an example from my mail log:
>
>
> Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from
> hsarelay1t.mail.mylife.com[216.52.223.210]
> Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject:
> RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
> <myl...@mail.mylife.com>: Sender address rejected:
This says it was a check_sender_access lookup.
> Access denied;
And this says the result was "reject". If you don't add text to your
numerous access(5) lookups, it is indeed harder to debug them.
> from=<myl...@mail.mylife.com> to=<e...@whoi.edu> proto=ESMTP
> helo=<hsarelay1t.mail.mylife.com>
> Apr 12 13:15:10 postal2 postfix/smtpd[22543]: disconnect from
> hsarelay1t.mail.mylife.com[216.52.223.210]
>
> I would like to allow emails from this particular sender but have
> not been able to do so though the usual allowances in my
> smtpd_recipient_restrictions. The recipient address is legit and
> working for other senders. Any ideas as to what could cause this?
>
> postconf -n output is attached.
snip
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> check_recipient_access
> pcre:/etc/postfix/access/final_recipient_access,
> reject_unauth_pipelining,
> check_helo_access pcre:/etc/postfix/access/final_helo_access,
> check_client_access hash:/etc/postfix/access/final_client_access,
> check_sender_access pcre:/etc/postfix/access/final_sender_access,
This would be the prime suspect.
> permit_mynetworks, reject_unknown_sender_domain,
> reject_unauth_destination, check_helo_access
> pcre:/etc/postfix/access/suspect_helo, reject_rbl_client
> b.barracudacentral.org, reject_rbl_client zen.spamhaus.org,
> reject_rbl_client autospam.whoi.edu, reject_rhsbl_sender
> dsn.rfc-ignorant.org, reject_rbl_client dnsbl.ahbl.org,
> reject_rbl_client list.dsbl.org,
DSBL has been gone for almost three years now.
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client cbl.abuseat.org,
CBL is included in Zen. The second lookup against CBL data is
unlikely to block anything, and it IS more load on CBL's
infrastructure.
> reject_rbl_client combined.njabl.org,
> reject_rbl_client bhnc.njabl.org
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
