On 29.12.17 15:32, Voytek wrote:
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks,
check_sasl_access hash:/etc/postfix/sasl_access permit_sasl_authenticated,
reject_unauth_destination, check_policy_service inet:127.0.0.1:10040,
check_recipient_access hash:/etc/postfix/recipient_no_checks,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/sender_checks, check_client_access
hash:/etc/postfix/client_checks, check_client_access
pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client
ix.dnsbl.manitu.net, reject_rbl_client bl.spamcop.net,
tried with 'port 587 TLS' as well as 'port 587 SSL'
ssl usually means port 465 with implicit SSL, while 587 requires explicit
ssl (aka starttls).
However, with default postfix/master configuration, those should report
postfix/smtps/smtpd (465) or postfix/submission/smtpd (587), see master.cf
options for those services that should contain "-o syslog_name=..."
the line below contains postfix/smtpd which indicates port 25 was used,
unless don't set syslog_name in master.cf.
(Outlook account setup test message)
Dec 29 14:27:44 geko postfix/smtpd[14089]: NOQUEUE: reject: RCPT from
d114-75-83-107.sbr1.nsw.optusnet.com.au[114.75.83.107]: 554 5.7.1
<d114-75-83-107.sbr1.nsw.optusnet.com.au[114.75.83.107]>: Client host
rejected: Access denied; from=<no...@dom.org.au> to=<no...@dom.org.au>
proto=ESMTP helo=<UserPC>
"Client host rejected: Access denied" indicates failed "check_client_access"
directive. That also means that none of former directives succeeded,
including permit_sasl_authenticated. sasl is not enabled on port 25 by
default (iirc)
587 and 465 usually only allow and require authentication, since they only
have "permit_sasl_authenticated,reject" options.
This also indicates that the client did not connect to port 587/465 - are
those ports open and accessible from client?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
