On 10.01.20 12:42, Simon B wrote:
>For as long as I can I remember, I have blocked connections purporting
>to be my own domain/IP address using a postmapped file called
>helo_checks.
>
>This is checked AFTER permit_sasl_authenticated.
>
>smtpd_recipient_restrictions =
>reject_non_fqdn_sender,
>reject_non_fqdn_recipient,
>permit_sasl_authenticated,
>reject_sender_login_mismatch,
>rejected_authenticated_sender_login_mismatch,
>check_helo_access hash:/etc/postfix/helo_checks,
>.
>.
>.
>permit_mynetworks,
>reject_unauth_destination,
>a bunch more RBLs,
>permit
>
>Since upgrading to 2.11 yesterday (yes, I am on a path to move up
>through debian versions), all mail coming in on
>postfix/submission/smtpd is being rejected by the domain check in that
>file, even though the user is sasl authenticated.
>
>Can someone help me figure out why?
>
>I can probably remove/comment the offending line and rely on other
>rejection parameters, but it still rejects a significant of spam
>attempts, so I'd prefer to keep it.
On Fri, 10 Jan 2020 at 13:39, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
logs?
On 10.01.20 14:50, Simon B wrote:
Quite difficult to get logs off the production environment onto my
office client, hence the redacted smtpd_recipient_restrictions
Jan 10 13:42:22 mail postfix/smtpd[18730] : NOQUEUE: rejectRCPT from
localhost [127.0.0.1]: 550 5.7.1. <mail.example.net>: Helo command
rejected: Your server is misconfigured as you are not a member of this
domain; from=<si...@example.net> to=<si...@example.com> proto=ESMTP
helo=<mail.example.net>
ok, this looks like recipient rejection, because of helo checks.
Are you sure those clients did authenticate successfully?
don't you have check_helo_access at different place in any chance?
Good shout. it is also in smtpd_relay_restrictions, but that is
functionally a one-to-one copy of smtpd_recipient_restrictions
I'm not sure what smtpd_relay_restrictions debian adds to main.cf by
default.
nothing in my main.cf is default by debian. It's been painstakingly
constructed over hears with contributions from this list.
I guess that upgrade script configured smtpd_recipient_restrictions to
smtpd_relay_restrictions.
Since it's postfix/submission/smtpd, isn't there anything strange in
master.cf ?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
