the ip of my last mail does not match the first, but it is from the same company that uses several ips and all of them are added to the access file
El 02/04/2019 a las 19:15, Francesc Peñalvez escribió:
the problem is with the directive reject_unknown_reverse_client_hostname when there is a failure in the resolution of the ip blocks the connection with this ip, to avoid adding the access file the ip as indicated in the first mail, but still blocking that ip by not resolving. activate the debug on that ip in case I saw the reason and that's what I get between many data when that ip connectsOut: 250-ETRN Out: 250-AUTH PLAIN LOGIN Out: 250-AUTH=PLAIN LOGIN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL From:<webmas...@elperiodico.com> SIZE=118853 Out: 250 2.1.0 Ok In: RCPT To:<naz...@almogavers.net> Out: 450 4.7.25 Client host rejected: cannot find your hostname, [217.124.241.125] In: DATA Out: 554 5.5.1 Error: no valid recipients In: RSET Out: 250 2.0.0 Ok In: QUIT Out: 221 2.0.0 Bye alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no allow_untrusted_routing = yes append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_list = 213.4.61.170 195.77.249.6 212.0.124.176 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man masquerade_domains = almogavers.net message_size_limit = 102400000 meta_directory = /etc/postfix milter_default_action = accept milter_protocol = 6 mydestination = ns.almogavers.net, localhost.almogavers.net, localhost,canalonanismo.org, canalonanismo.es, almogavers.net, web.almogavers.net,active.almogavers.net, 5.39.93.184, 37.187.18.41 myhostname = almogavers.net mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.2 almogavers.net 192.168.1.0/24 mynetworks_style = class newaliases_path = /usr/bin/newaliases non_smtpd_milters = inet:localhost:3277notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software postscreen_access_list = permit_mynetworks cidr:/etc/postfix/trusted_ips.cidrpostscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3b.barracudacentral.org=127.0.0.[2..11]*2 bl.spamcop.net swl.spamhaus.org*-4postscreen_dnsbl_threshold = 1 postscreen_dnsbl_ttl = 10m postscreen_greet_action = enforce queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + sample_directory = /etc/postfix sender_bcc_maps = hash:/etc/postfix/bcc sender_dependent_default_transport_maps = hash:/etc/postfix/dependent sendmail_path = /usr/sbin/sendmail setgid_group = postdrop shlib_directory = /usr/lib/postfix smtp_dns_support_level = enabled smtp_host_lookup = dns smtp_tls_CApath = /etc/ssl/certs smtp_tls_ciphers = medium smtp_tls_loglevel = 1 smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_client_restrictions = permit_mynetworks permit_inet_interfacespermit_tls_all_clientcerts permit_sasl_authenticated permit_auth_destinationcheck_client_access hash:/etc/postfix/access smtpd_hard_error_limit = 20 smtpd_helo_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, check_client_access cidr:/etc/postfix/trusted_ips.cidr, reject_invalid_hostname, permit smtpd_milters = inet:localhost:3277smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticatedcheck_client_access hash:/etc/postfix/access permit_auth_destination reject_unauth_destination reject_invalid_hostname reject_unknown_recipient_domain reject_unknown_client_hostname reject_unknown_reverse_client_hostname reject_unverified_recipient check_policy_service inet:127.0.0.1:10023 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination permit_inet_interfaces check_client_access hash:/etc/postfix/access reject_unknown_reverse_client_hostname smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous noplaintext smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sender_restrictions = permit_mynetworks check_client_accesshash:/etc/postfix/access permit_auth_destination permit_sasl_authenticated check_sender_access inline:{ { almogavers.net = REJECT local sender fromunauthorized client } } smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem smtpd_tls_ciphers = medium smtpd_tls_key_file = /etc/postfix/postfix.key.pem smtpd_tls_mandatory_ciphers = high smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual smtp inet n - y - - smtpd -o content_filter=spamassassin -o smtpd_sasl_auth_enable=yes receive_override_options=no_header_body_checks smtp inet n - y - 1 postscreen dnsblog unix - - y - 0 dnsblog tlsproxy unix - - y - 0 tlsproxy smtpd pass - - y - - smtpd submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=spamassassin smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING pickup fifo n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 relay unix - - y - - smtp showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)ifmail unix - n n - - pipe flags=F user=ftnargv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}policyd-spf unix - n n - 0 spawn user=policyd-spfargv=/usr/bin/policyd-spf smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o disable_dns_lookups=yes -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yesspamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}dane unix - - n - - smtp -o smtp_dns_support_level=dnssec -o smtp_tls_security_level=dane postlog unix-dgram n - n - 1 postlogd El 02/04/2019 a las 18:38, Bill Cole escribió:On 2 Apr 2019, at 11:17, Francesc Peñalvez wrote:following the instructions given to me place the access in front of the rule that is not supported ips unresolved, and as I still have the same problems I added a debug to that ip that interests me and among other things in this debug I find this: 16:43:05 ns postfix / smtpd [28258]: generic_checks: name = check_client_access Apr 2 16:43:05 ns postfix / smtpd [28258]: check_namadr_access: name unknown addr 213.4.61.170Apr 2 16:43:05 ns postfix / smtpd [28258]: check_domain_access: unknownApr 2 16:43:05 ns postfix / smtpd [28258]: maps_find: hash: / etc / postfix / access: unknown: not found Apr 2 16:43:05 ns postfix / smtpd [28258]: check_addr_access: 213.4.61.170my access file contains: 213.4.61.170 OK Where do I have the error?It is impossible for us to tell, because you have not provided enough information. The solution may be as simple as using 'postmap' to rebuild the operational form of the access map (e.g. /etc/postfix/access.db) or it may be something more complex.See http://www.postfix.org/DEBUG_README.html#mail for how to effectively report problems here.Most importantly: 1. Turn off debug logging. 2. Provide the output of 'postconf -nf' and 'postconf -Mf' 3. Provide log lines relevant to a single SMTP session with the problem.
smime.p7s
Description: Firma criptográfica S/MIME
