Our mail server is still getting a nice steady supply of email, so I didn't
realize anything was wrong. The a freind said that emails from her office
address were getting rejected. I checked the logs and noticed that she
wasn't the only one getting the message.
Before the line below, my friend's emails pass spf successfully. This is
what's showing up in the logs:
Aug 25 05:24:27 carson postfix/smtpd[27028]: NOQUEUE: reject: RCPT from
mail-ig0-f175.google.com[209.85.213.175]: 451 4.3.5 Server configuration
problem; from=<myfri...@example.com> to=<m...@example.com> proto=ESMTP
helo=<ma
il-ig0-f175.google.com>
I don't want to go tinkering too much in my .cf files before I see if you
guys see any red flags. Again, vast number of emails getting through but
there are enough being rejected from various sources (some known to me as
business contacts/friends) that I better check this out.
I appreciate any help.
Here's the result of postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m
"${EXTENSION}"
mailbox_size_limit = 0
myhostname = carson.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
policy-spf_time_limit = 3600s
readme_directory = no
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = carson.example.com ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions =
reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service
unix:private/policy-spf,reject_rbl_client zen.spamhaus.org,reject_rbl_client
bl.spamcop.net,reject_rbl_client cbl.abuseat.org,check_policy_service inet:
127.0.0.1:10023
smtpd_relay_restrictions =
permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/valid_senders, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/ssl-chain-mail-example.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/ssl/private/ssl-key-decrypted-mail-example.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = example.com
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
Thanks.
