Hi
System debian 9 and postfix 3.1.14-0+deb9u1
This is only MX server.
In external server (zabbix) i add a trigger to send e-mail to my MX (1
e-mail per min)
and add zabbix (86.xxx.xxx.xxx) to mynetworks in my MX server
Al works fine but sometimes i get in log:
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: connect from
zabbix-ext.domain.ltd[86.xxx.xxx.xxx]
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: Anonymous TLS connection
established from zabbix-ext.domain.ltd[86.xxx.xxx.xxx]: TLSv1.2 with
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: too many errors after EHLO
from zabbix-ext.domain.ltd[86.xxx.xxx.xxx]
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: disconnect from
zabbix-ext.domain.ltd[86.xxx.xxx.xxx] ehlo=2 starttls=1 noop=1 commands=4
And I dont have idea
postconf |grep "_error_limit"
smtpd_hard_error_limit = ${stress?{1}:{20}}
smtpd_soft_error_limit = 10
now I add in main.cf
debug_peer_list=86.xxx.xxx.xxx
and reaload
https://paste.debian.net/1140731/
my restryctions in main.cf:
---------- start --------------
mynetworks = 127.0.0.0/8, 86.xxx.xxx.xxx/32
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
reject_unauth_pipelining,
reject_invalid_helo_hostname
smtpd_client_restrictions =
# ip black / whitlist
check_client_access cidr:/etc/postfix/client_checks,
--------------------- > 86.xxx.xxx.xxx OK
check_client_access cidr:/etc/postfix/amavis_bypass,
reject_unauth_pipelining,
permit
smtpd_sender_restrictions =
permit_mynetworks
check_sender_access pcre:/etc/postfix/sender_checks.pcre
reject_unknown_sender_domain
reject_unknown_reverse_client_hostname,
reject_non_fqdn_sender
reject_unknown_address,
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
# whitlista po stronie serwera
check_client_access hash:/etc/postfix/whitelista,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname
#filtry dla testowania mx i spf
check_sender_mx_access cidr:/etc/postfix/mx_access.cidr,
check_helo_mx_access cidr:/etc/postfix/mx_access.cidr,
check_policy_service unix:private/policy-spf,
lpolicyd,
reject_unlisted_recipient,
check_client_access hash:/etc/postfix/rbl_override,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dynamic.rbl.tld,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
permit
# Data restrictions
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
#zgodnosc z rfc
strict_rfc821_envelopes = yes
