On 2017-08-30 12:45, mbridgett wrote:
Thanks for the comprehensive explanation. What's strange is it's
happening
for example to my gmail account (which I was using to test
sender_access) as
well and I would have expected their mail servers to "behave". Theirs
seems
to retry at random periods between 90 minutes and two hours. I sent a
test
email over 12 hours ago and gmail keeps trying to re-deliver.
Also I note that my Postfix doesn't appear to be rejecting with the
code
mentioned. Maillog shows (just the last two entries):
Aug 30 07:17:16 localhost postfix/smtpd[1095]: NOQUEUE: reject: RCPT
from
mail-qt0-f171.google.com[209.85.216.171]: 454 4.7.1
<mbridg...@gmail.com>:
Sender address rejected: Access denied; from=<mbridg...@gmail.com>
to=<m...@byteplayer.com> proto=ESMTP helo=<mail-qt0-f171.google.com>
Aug 30 09:43:22 localhost postfix/smtpd[5125]: NOQUEUE: reject: RCPT
from
mail-qt0-f174.google.com[209.85.216.174]: 454 4.7.1
<mbridg...@gmail.com>:
Sender address rejected: Access denied; from=<mbridg...@gmail.com>
to=<m...@byteplayer.com> proto=ESMTP helo=<mail-qt0-f174.google.com>
So isn't think using 454? I can't see anything outwardly in my config
that
looks wrong:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb
$daemon_directory/$process_name $process_id & sleep 5
default_privs = nobody
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
luser_relay = mbridget
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a
"$RECIPIENT"
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 50000000
milter_connect_macros = j {daemon_name} v {if_name} _
milter_default_action = accept
mydestination = byteplayer.byteplayer.com, mail.byteplayer.com,
$myhostname,
$mydomain,
localhost,byteplayer.com,byteplayer.co.uk,byteplayer.dyndns.org,byteplayer.uk
mydomain = byteplayer.com
myhostname = mail.byteplayer.com
mynetworks = 192.168.200.0/24, 127.0.0.0/8
myorigin = byteplayer.com
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org,
b.barracudacentral.org,bl.spamcop.net
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
relayhost = [smtp.tools.sky.com]:465
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_wrappermode = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
smtpd_milters = unix:/var/run/clamav-milter/clamav-milter.socket
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
permit_sasl_authenticated, reject_unauth_pipelining, permit_mynetworks,
reject_unauth_destination, reject_invalid_hostname, check_sender_access
hash:/etc/postfix/sender_access, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks,
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file =
/etc/letsencrypt/live/byteplayer.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = RC4-MD5
smtpd_tls_key_file = /etc/letsencrypt/live/byteplayer.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
soft_bounce = yes
^^ you have the soft_bounce safety net enabled. This changes all 5xx to
4xx replies, telling the sending server that it should try again later.
See http://www.postfix.org/postconf.5.html#soft_bounce
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot
thanks for any support.
Mark
--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
--
Christian Kivalo
