Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john, > amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank '' > It is postfix that connects to amavis from source IP > x.x.x.43. > I've obviously googled the error and found pretty much > nothing that applies to me, except for one thread > where someone disabled smtp_bind_address to solve this. > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 > [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 > 192.168.0.0/16 x.x.x.40/29 ); You need to allow amavisd to accept connections from x.x.x.40/29: @inet_acl = qw( 127.0.0.1 [::1] x.x.x.40/29 ); and you need amavisd to bind to all interfaces (instead of a defaults which binds to a loopback interface only): $inet_socket_bind = undef; # binds to all IP interfaces if undef > Connecting using telnet on localhost works fine. > > # telnet localhost 10024 > Trying 127.0.0.1... Your telnet connected to a loopback interface, while your Postfix connects to an ethernet interface. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john bender wrote: > Thanks mouss, I'll try that. > > Regarding the other notes, the smtp/lmtp are there > because I was following the amavis install guide. but you only need one. and if you configure both, chose different names. > Regarding the mynetworks, etc, that's all from me > trying different things trying to resolve this error. > beware the "shake it and you'll get juice" approach. always remember what you change. this way, you can cancel the changes if they don't help. good luck. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
Thanks mouss, I'll try that. Regarding the other notes, the smtp/lmtp are there because I was following the amavis install guide. Regarding the mynetworks, etc, that's all from me trying different things trying to resolve this error. Thanks again. --- mouss <[EMAIL PROTECTED]> wrote: > john bender wrote: > > Hi there! > > > > I'm running Qmail, and on the same system I run > > postfix as a "smart host" or spam "firewall". > > > > Qmail listens on x.x.x.42 and postfix listens on > > x.x.x.43 > > > >>From what I read, this setup might be causing the > > error in question. My question is: would anyone > know > > specifically why this is happening and what I can > do > > to add amavis to this set up? > > > > It is postfix that connects to amavis from source > IP > > x.x.x.43. > > > > I've obviously googled the error and found pretty > much > > nothing that applies to me, except for one thread > > where someone disabled smtp_bind_address to solve > > this: > > > > > http://www.howtoforge.com/forums/archive/index.php/t-1217.html > > > > I can't do that in my set up. > > > > > > main.cf: > > === > > inet_interfaces = x.x.x.43 > > remove this and try again. > > if you want postfix to listen on a given IP, use > master.cf instead: replace > > smtp smtpd > > with > > x.x.x.45:25 smtp > > > > > mynetworks = x.x.x.40/29, 192.168.0.0/16, > 10.0.0.0/8, > > 127.0.0.0/8 > > content_filter=amavisfeed:[127.0.0.1]:10024 > > this is a bit convoluted. you set inet_interfaces to > x.x.x.43 but you > want postfix to talk to 127.0.0.1. while it will, > this is not very logical. > > > > > master.cf: > > > > amavisfeed unix- -n - 2 lmtp > > -o lmtp_data_done_timeout=1200 > > -o lmtp_send_xforward_command=yes > > -o disable_dns_lookups=yes > > -o max_use=20 > > > > amavisfeed unix- -n-2 smtp > > -o smtp_data_done_timeout=1200 > > -o smtp_send_xforward_command=yes > > -o disable_dns_lookups=yes > > -o max_use=20 > > > > you need to make your mind: use lmtp or smtp? use > different names for > different transports. > > > > > 127.0.0.1:10025 inet n-n-- smtpd > > -o content_filter= > > -o smtpd_delay_reject=no > > -o > > smtpd_client_restrictions=permit_mynetworks,reject > > -o smtpd_helo_restrictions= > > -o smtpd_sender_restrictions= > > -o > > > smtpd_recipient_restrictions=permit_mynetworks,reject > > -o > > smtpd_data_restrictions=reject_unauth_pipelining > > -o smtpd_end_of_data_restrictions= > > -o smtpd_restriction_classes= > > -o mynetworks=127.0.0.0/8 > > -o smtpd_error_sleep_time=0 > > -o smtpd_soft_error_limit=1001 > > -o smtpd_hard_error_limit=1000 > > -o smtpd_client_connection_count_limit=0 > > -o smtpd_client_connection_rate_limit=0 > > -o > > > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > > -o local_header_rewrite_clients= > > > > amavis.conf: > > === > > @local_domains_maps = ( [".$mydomain"] ); # list > of > > all local domains > > > > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 > > [FEC0::]/10 > > 10.0.0.0/8 172.16.0.0/12 > > 192.168.0.0/16 x.x.x.40/29 ); > > > > > > Connecting using telnet on localhost works fine. > > > > # telnet localhost 10024 > > This will use 127.0.0.1 as the source IP. This isn't > the same as what > you're asking postfix to do: you're asking postfix > to use x.x.x.43 as a > source IP but connect to 127.0.0.1. you'll need more > than telnet to test > this (you need a client that binds before it > connects). > > > > > Trying 127.0.0.1... > > Connected to localhost.localdomain (127.0.0.1). > > Escape character is '^]'. > > 220 [127.0.0.1] ESMTP amavisd-new service ready > > mail from:<[EMAIL PROTECTED]> > > 250 2.1.0 Sender <[EMAIL PROTECTED]> OK > > rcpt to:<[EMAIL PROTECTED]> > > 250 2.1.5 Recipient <[EMAIL PROTECTED]> OK > > data > > 354 End data with . > > Subject: asdads > > > > asd > > .. > > 250 2.0.0 Ok: queued as 77015A40013 > > > > Thanks for reading all this :P > > > > > > > > > Never miss a thing. Make Yahoo your home page. > > http://www.yahoo.com/r/hs > > > > > > > - > > SF.Net email is sponsored by: > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services > > for just about anything Open Source. > > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > > ___ > > AMaViS-user mailing list > > AMaViS-user@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/amavis-user > > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > > AMaViS-HowTos:http://www.amavis.org/howto/ > > > > > > > -
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john bender wrote: > Hi there! > > I'm running Qmail, and on the same system I run > postfix as a "smart host" or spam "firewall". > > Qmail listens on x.x.x.42 and postfix listens on > x.x.x.43 > >>From what I read, this setup might be causing the > error in question. My question is: would anyone know > specifically why this is happening and what I can do > to add amavis to this set up? > > It is postfix that connects to amavis from source IP > x.x.x.43. > > I've obviously googled the error and found pretty much > nothing that applies to me, except for one thread > where someone disabled smtp_bind_address to solve > this: > > http://www.howtoforge.com/forums/archive/index.php/t-1217.html > > I can't do that in my set up. > > > main.cf: > === > inet_interfaces = x.x.x.43 remove this and try again. if you want postfix to listen on a given IP, use master.cf instead: replace smtp smtpd with x.x.x.45:25 smtp > mynetworks = x.x.x.40/29, 192.168.0.0/16, 10.0.0.0/8, > 127.0.0.0/8 > content_filter=amavisfeed:[127.0.0.1]:10024 this is a bit convoluted. you set inet_interfaces to x.x.x.43 but you want postfix to talk to 127.0.0.1. while it will, this is not very logical. > > master.cf: > > amavisfeed unix- -n - 2 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > > amavisfeed unix- -n-2 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > you need to make your mind: use lmtp or smtp? use different names for different transports. > > 127.0.0.1:10025 inet n-n-- smtpd > -o content_filter= > -o smtpd_delay_reject=no > -o > smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o > smtpd_recipient_restrictions=permit_mynetworks,reject > -o > smtpd_data_restrictions=reject_unauth_pipelining > -o smtpd_end_of_data_restrictions= > -o smtpd_restriction_classes= > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > -o local_header_rewrite_clients= > > amavis.conf: > === > @local_domains_maps = ( [".$mydomain"] ); # list of > all local domains > > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 > [FEC0::]/10 > 10.0.0.0/8 172.16.0.0/12 > 192.168.0.0/16 x.x.x.40/29 ); > > > Connecting using telnet on localhost works fine. > > # telnet localhost 10024 This will use 127.0.0.1 as the source IP. This isn't the same as what you're asking postfix to do: you're asking postfix to use x.x.x.43 as a source IP but connect to 127.0.0.1. you'll need more than telnet to test this (you need a client that binds before it connects). > Trying 127.0.0.1... > Connected to localhost.localdomain (127.0.0.1). > Escape character is '^]'. > 220 [127.0.0.1] ESMTP amavisd-new service ready > mail from:<[EMAIL PROTECTED]> > 250 2.1.0 Sender <[EMAIL PROTECTED]> OK > rcpt to:<[EMAIL PROTECTED]> > 250 2.1.5 Recipient <[EMAIL PROTECTED]> OK > data > 354 End data with . > Subject: asdads > > asd > .. > 250 2.0.0 Ok: queued as 77015A40013 > > Thanks for reading all this :P > > > > > Never miss a thing. Make Yahoo your home page. > http://www.yahoo.com/r/hs > > > - > SF.Net email is sponsored by: > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services > for just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ > > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
Hi there! I'm running Qmail, and on the same system I run postfix as a "smart host" or spam "firewall". Qmail listens on x.x.x.42 and postfix listens on x.x.x.43 >From what I read, this setup might be causing the error in question. My question is: would anyone know specifically why this is happening and what I can do to add amavis to this set up? It is postfix that connects to amavis from source IP x.x.x.43. I've obviously googled the error and found pretty much nothing that applies to me, except for one thread where someone disabled smtp_bind_address to solve this: http://www.howtoforge.com/forums/archive/index.php/t-1217.html I can't do that in my set up. main.cf: === inet_interfaces = x.x.x.43 mynetworks = x.x.x.40/29, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8 content_filter=amavisfeed:[127.0.0.1]:10024 master.cf: amavisfeed unix- -n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 amavisfeed unix- -n-2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n-n-- smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= amavis.conf: === @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 x.x.x.40/29 ); Connecting using telnet on localhost works fine. # telnet localhost 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready mail from:<[EMAIL PROTECTED]> 250 2.1.0 Sender <[EMAIL PROTECTED]> OK rcpt to:<[EMAIL PROTECTED]> 250 2.1.5 Recipient <[EMAIL PROTECTED]> OK data 354 End data with . Subject: asdads asd .. 250 2.0.0 Ok: queued as 77015A40013 Thanks for reading all this :P Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/