>On Fri, Aug 16, 2013 at 04:22:50PM -0500, lcon...@go2france.com wrote: >> postconf mail_version >> mail_version = 2.3.3 >> >> >> uname -a >> Linux ..... 2.6.18-128.2.1.el5 #1 SMP Wed Jul 8 11:54:47 EDT 2009 >> x86_64 x86_64 x86_64 GNU/Linux >> >> got an "access denied" for an IP that is in a /20 postconf confirms >> is in mynetworks > >If by peer_debug in the Subject header, you are referring to the >debug_peer_list parameter, that's generally most useful for looking >for bugs in Postfix itself. Since you are using a version which was >EOL four years ago, there is no point in looking for bugs. > >Perhaps you'd do better here by describing the problem and goal, >showing your "postconf -n" and relevant NON-verbose logs for one mail >which wasn't handled as you expected. > >If your smtpd(8) instance has any -o option overrides, you must show >those as well. Pro tip: any smtpd or other daemon definition with -o >overrides should also include a " -o syslog_name=postfix/foo" where >"foo" is something relevant to what this instance does. > >"Access denied" means a "reject" restriction or access(5) lookup >result was encountered. There are of course 52.001 gazillion reasons >which could cause this. > >Good luck. I suggest you review this before posting again:
>http://www.postfix.org/DEBUG_README.html#mail ok, ok, been doing this postfix stuff for 10+ years, it's simpler than full debug_readme: smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/mta_clients_black.map, check_client_access hash:/etc/postfix/webmail_client.class, check_helo_access pcre:/etc/postfix/4tuple_main_unfiltered.pcre, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, ... permit_sasl_authenticated, reject the IPs with "Access denied" probably from the final "reject" after "permit_sasl_authenticated" are: NOT matching before mynetworks and are all in the mynetworks as members of 3 /20s, so they should have not been denied access. debug shows only match_hostname for "smtpd_client_event_limit_exceptions", but not for peer debugging. thanks, Len ================ >> the only match_hostname I see is for >> smtpd_client_event_limit_exceptions >-- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
