On Tue, Apr 12, 2011 at 02:09:11PM -0400, Eric Cunningham wrote: > Hi, on occassion, I'm noting rejected emails without any specific > reason logged. Without a reason, it's hard to pinpoint a fix to > allow legit emails through. Here's an example from my mail log: > > > Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from > hsarelay1t.mail.mylife.com[216.52.223.210] > Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: > RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 > <myl...@mail.mylife.com>: Sender address rejected:
This says it was a check_sender_access lookup. > Access denied; And this says the result was "reject". If you don't add text to your numerous access(5) lookups, it is indeed harder to debug them. > from=<myl...@mail.mylife.com> to=<e...@whoi.edu> proto=ESMTP > helo=<hsarelay1t.mail.mylife.com> > Apr 12 13:15:10 postal2 postfix/smtpd[22543]: disconnect from > hsarelay1t.mail.mylife.com[216.52.223.210] > > I would like to allow emails from this particular sender but have > not been able to do so though the usual allowances in my > smtpd_recipient_restrictions. The recipient address is legit and > working for other senders. Any ideas as to what could cause this? > > postconf -n output is attached. snip > smtpd_recipient_restrictions = permit_sasl_authenticated, > check_recipient_access > pcre:/etc/postfix/access/final_recipient_access, > reject_unauth_pipelining, > check_helo_access pcre:/etc/postfix/access/final_helo_access, > check_client_access hash:/etc/postfix/access/final_client_access, > check_sender_access pcre:/etc/postfix/access/final_sender_access, This would be the prime suspect. > permit_mynetworks, reject_unknown_sender_domain, > reject_unauth_destination, check_helo_access > pcre:/etc/postfix/access/suspect_helo, reject_rbl_client > b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, > reject_rbl_client autospam.whoi.edu, reject_rhsbl_sender > dsn.rfc-ignorant.org, reject_rbl_client dnsbl.ahbl.org, > reject_rbl_client list.dsbl.org, DSBL has been gone for almost three years now. > reject_rbl_client bl.spamcop.net, > reject_rbl_client cbl.abuseat.org, CBL is included in Zen. The second lookup against CBL data is unlikely to block anything, and it IS more load on CBL's infrastructure. > reject_rbl_client combined.njabl.org, > reject_rbl_client bhnc.njabl.org -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header