PATCH: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
flowhosts: > Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: restriction > check_recipient_a_access returns OK for vasilnhdgz0sdiminut...@netgooya.com > Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: this is not > allowed for security reasons > Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: use DUNNO instead > of OK if you want to make an exception > Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: reject: RCPT from > unknown[192.168.xxx.xxx]:53698: 451 4.3.5 Server configuration error; This patch applies to Postfix 3.0 and later. Wietse --- ./src/smtpd/smtpd_check.c- 2017-05-31 16:29:46.0 -0500 +++ ./src/smtpd/smtpd_check.c 2017-11-16 09:32:46.898378490 -0600 @@ -4044,7 +4044,7 @@ static void forbid_whitelist(SMTPD_STATE *state, const char *name, int status, const char *target) { -if (status == SMTPD_CHECK_OK) { +if (state->discard == 0 && status == SMTPD_CHECK_OK) { msg_warn("restriction %s returns OK for %s", name, target); msg_warn("this is not allowed for security reasons"); msg_warn("use DUNNO instead of OK if you want to make an exception");
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
On 14.11.17 20:02, liquid cooled wrote: The problem is as follows: A spammer is using an ip address which hast thousands of domains registered, the apammer uses a botnet to send from his domains but from many different source ips. don't you want to use check_sender_a_access instead? last time we received spame from that kind of abusers, I configured that one. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse
Fwd: Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
Thats totally true, i i have to deal with listings of my ip addresses on blacklists very often. Yes the hops which are affected here are: Sieve generates the forwarded mail, one of the postfix mta-out hosts tries to deliver it and fails generating the Mailer-Daemon which also fails to get delivered, then it gets passed on to my postfix fallback mta-out where check_recipient_a_access happens. joe-job forgery sounds interesting i will give this a read! To let the user choose the scenario is definatly an way/option i can imagine. Thanks a lot for your input Victor i will look into making my mailsystem to a more friendly place for other mail hosts (and me). Am 14/11/2017 um 20:18 schrieb Viktor Dukhovni: On Nov 14, 2017, at 2:02 PM, liquid cooled wrote: A spammer is using an ip address which hast thousands of domains registered, the apammer uses a botnet to send from his domains but from many different source ips. My customers then receive the spams and a lot of them have forward anything rules, the new generated forwarded mails could be rejected by the receiving mailhosts through lets say any spamhaus rbl, my mtaout hosts then forge mailer daemon mails for the originating source domains which all lead to the same ip which does not run a mail service, my fallback hosts then fill up with this mailer daemon messages. So another point is im not allowed to use intransparent mail blocking like rbl lists, or oher spam detecting systems, the only thing i use is an user configurable spam / virus detection service. So if a user wants spam he gets it... And if he forwards it i get into the described dilemma. I operate a pretty large mail system so i had about 100k of these mailer daemons per day or even more. For about 3 weeks i got a cronjob running which postsupered the mailer daemon mails hourly, until i discovered the postfix recipient_a_access feature. I see, so you're obligated to accept mail that downstream hosts your users forward to often reject, and then you become a backscatter source, but some of the backscatter clogs your queue, so you've found a way to discard it (there must an SMTP hop between the place where the bounce is generated and the systems that would otherwise queue this mail). Can't say I'm entirely sympathetic, as lots of other backscatter, that is not clogging your queue, is still going out, perhaps to various victims of joe-job forgery. Doing forwarding without filtering imposes externalities (costs) on others and is perhaps not a socially responsible thing to do. Ideally your users would only be able to choose at most one of: * Opt out of email filtering via RBLs and anti-spam content filters * Enable forwarding to an external mailbox If they want forwarding, they'd have to accept filtering. Note that since bounces have a single recipient, REJECT is as effective as DISCARD here.
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
> On Nov 14, 2017, at 2:02 PM, liquid cooled wrote: > > A spammer is using an ip address which hast thousands of domains registered, > the apammer uses a botnet to send from his domains but from many different > source ips. > My customers then receive the spams and a lot of them have forward anything > rules, the new generated forwarded mails could be rejected by the receiving > mailhosts through lets say any spamhaus rbl, my mtaout hosts then forge > mailer daemon mails for the originating source domains which all lead to the > same ip which does not run a mail service, my fallback hosts then fill up > with this mailer daemon messages. > > So another point is im not allowed to use intransparent mail blocking like > rbl lists, or oher spam detecting systems, the only thing i use is an user > configurable spam / virus detection service. So if a user wants spam he gets > it... And if he forwards it i get into the described dilemma. > > I operate a pretty large mail system so i had about 100k of these mailer > daemons per day or even more. > > For about 3 weeks i got a cronjob running which postsupered the mailer daemon > mails hourly, until i discovered the postfix recipient_a_access feature. I see, so you're obligated to accept mail that downstream hosts your users forward to often reject, and then you become a backscatter source, but some of the backscatter clogs your queue, so you've found a way to discard it (there must an SMTP hop between the place where the bounce is generated and the systems that would otherwise queue this mail). Can't say I'm entirely sympathetic, as lots of other backscatter, that is not clogging your queue, is still going out, perhaps to various victims of joe-job forgery. Doing forwarding without filtering imposes externalities (costs) on others and is perhaps not a socially responsible thing to do. Ideally your users would only be able to choose at most one of: * Opt out of email filtering via RBLs and anti-spam content filters * Enable forwarding to an external mailbox If they want forwarding, they'd have to accept filtering. Note that since bounces have a single recipient, REJECT is as effective as DISCARD here. -- -- Viktor.
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
The problem is as follows: A spammer is using an ip address which hast thousands of domains registered, the apammer uses a botnet to send from his domains but from many different source ips. My customers then receive the spams and a lot of them have forward anything rules, the new generated forwarded mails could be rejected by the receiving mailhosts through lets say any spamhaus rbl, my mtaout hosts then forge mailer daemon mails for the originating source domains which all lead to the same ip which does not run a mail service, my fallback hosts then fill up with this mailer daemon messages. So another point is im not allowed to use intransparent mail blocking like rbl lists, or oher spam detecting systems, the only thing i use is an user configurable spam / virus detection service. So if a user wants spam he gets it... And if he forwards it i get into the described dilemma. I operate a pretty large mail system so i had about 100k of these mailer daemons per day or even more. For about 3 weeks i got a cronjob running which postsupered the mailer daemon mails hourly, until i discovered the postfix recipient_a_access feature. Hope that clears things up! On 14 Nov 2017 7:20 p.m., "Viktor Dukhovni" wrote: > On Tue, Nov 14, 2017 at 07:11:03PM +0100, flowhosts wrote: > > > Yes this is such a decent feature! > > I use it with the hold action now as this doesn't break things. > > So bad domains (in my case) which would never accept mails are now kept > in > > place, i call it the bad destination hold quarantine. > > Looking forward to massive discarding soon :) > > While DISCARD is clearly not behaving as expected here, I am puzzled > as to when you might want the expected behaviour. Is this a > submission service, and you're trying to discard mail from compromised > accounts? What is the use-case for discarding a message one of > whose recipients has a domain whose MX hosts match some IP address? > > -- > Viktor. >
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
> On Nov 14, 2017, at 1:50 PM, Noel Jones wrote: > > Usually (almost always) REJECT is a more appropriate action for > unwanted mail. Is there some reason you can't use REJECT until this > is fixed? > > I guess you're using this to trap mail your users send to bad/typo > domains eg. hotmal.com? In that case, REJECT would be better to > notify the user of their mistake. The effect is of course different for multi-recipient mail. With DISCARD no recipients get the ail, with REJECT only the "bad" recipients don't get the mail. If one of the "good" recipients then uses "Reply-All" the "bad" recipient might still see the message. And yet I am still puzzled what the use-case is for DISCARD in check_recipient_a_access... I hope the OP is willing to elaborate on what real-world problem that solves... -- Viktor.
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
Usually (almost always) REJECT is a more appropriate action for unwanted mail. Is there some reason you can't use REJECT until this is fixed? I guess you're using this to trap mail your users send to bad/typo domains eg. hotmal.com? In that case, REJECT would be better to notify the user of their mistake. -- Noel Jones On 11/14/2017 12:11 PM, flowhosts wrote: > Yes this is such a decent feature! > I use it with the hold action now as this doesn't break things. > So bad domains (in my case) which would never accept mails are now > kept in place, i call it the bad destination hold quarantine. > Looking forward to massive discarding soon :) > > @Noel Jones, thanks! > > Am 14/11/2017 um 18:52 schrieb @lbutlr: >> On 14 Nov 2017, at 05:00, flowhosts wrote: >>> # main.cf >>> smtpd_recipient_restrictions = >>> reject_non_fqdn_sender >>> ... >>> check_recipient_a_access >>> hash:/etc/postfix/lookup/recipient_a_access >>> ... >>> permit >>> >>> # cat /etc/postfix/lookup/recipient_a_access >>> 185.140.110.3 DISCARD >> I hope this bug gets fixed soon, because that looks like it might >> be super useful with a log monitor and blacklist. >> >
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
On Tue, Nov 14, 2017 at 07:11:03PM +0100, flowhosts wrote: > Yes this is such a decent feature! > I use it with the hold action now as this doesn't break things. > So bad domains (in my case) which would never accept mails are now kept in > place, i call it the bad destination hold quarantine. > Looking forward to massive discarding soon :) While DISCARD is clearly not behaving as expected here, I am puzzled as to when you might want the expected behaviour. Is this a submission service, and you're trying to discard mail from compromised accounts? What is the use-case for discarding a message one of whose recipients has a domain whose MX hosts match some IP address? -- Viktor.
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
Yes this is such a decent feature! I use it with the hold action now as this doesn't break things. So bad domains (in my case) which would never accept mails are now kept in place, i call it the bad destination hold quarantine. Looking forward to massive discarding soon :) @Noel Jones, thanks! Am 14/11/2017 um 18:52 schrieb @lbutlr: On 14 Nov 2017, at 05:00, flowhosts wrote: # main.cf smtpd_recipient_restrictions = reject_non_fqdn_sender ... check_recipient_a_access hash:/etc/postfix/lookup/recipient_a_access ... permit # cat /etc/postfix/lookup/recipient_a_access 185.140.110.3 DISCARD I hope this bug gets fixed soon, because that looks like it might be super useful with a log monitor and blacklist.
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
On 14 Nov 2017, at 05:00, flowhosts wrote: > # main.cf > smtpd_recipient_restrictions = > reject_non_fqdn_sender > ... > check_recipient_a_access hash:/etc/postfix/lookup/recipient_a_access > ... > permit > > # cat /etc/postfix/lookup/recipient_a_access > 185.140.110.3 DISCARD I hope this bug gets fixed soon, because that looks like it might be super useful with a log monitor and blacklist. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
On 11/14/2017 6:00 AM, flowhosts wrote: > Hello, > > as described in the subject i tried to implement the new feature > check_recipient_a_access > I have encountered a strange error or maybe an bug. > > The following settings result in an correct action follwed by an > "4.3.5 Server configuration error" response. > # main.cf > smtpd_recipient_restrictions = > reject_non_fqdn_sender > ... > check_recipient_a_access > hash:/etc/postfix/lookup/recipient_a_access > ... > permit > > # cat /etc/postfix/lookup/recipient_a_access > 185.140.110.3 DISCARD > > # maillog > Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: discard: RCPT > from unknown[192.168.xxx.xxx]:53698: > : Recipient address triggers > DISCARD action; from=<> to= > proto=ESMTP helo= > Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: restriction > check_recipient_a_access returns OK for > vasilnhdgz0sdiminut...@netgooya.com > Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: this is not > allowed for security reasons > Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: use DUNNO > instead of OK if you want to make an exception > Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: reject: RCPT > from unknown[192.168.xxx.xxx]:53698: 451 4.3.5 Server configuration > error; from=<> to= proto=ESMTP > helo= > Nov 14 10:53:54 fallback postfix/cleanup[7844]: 3ybjWk29Jhz5vXS: > message-id=<3ybjwk29jhz5...@smtp.xxx.xx> > > > If DISCARD is replaced by HOLD in "recipient_a_access" the error > won't appear but in fact the sending host also receives an OK > message like it does above when discarding the mail, which should > not be allowed if you trust the warning message received. > > So is this a bug when using DISCARD or is it the right behaviour? > And if it's not a bug then i think HOLD is buggy because it does not > respond with an "451 4.3.5 Server configuration error". > > Where can i file a bug report? > Or can someone confirm this behaviour? > > Thanks in advance, > Patrick > Confirmed (on postfix 3.2-20160730, using an inline: map). This looks like a bug, consider it reported. Thanks for finding this. -- Noel Jones
check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error
Hello, as described in the subject i tried to implement the new feature check_recipient_a_access I have encountered a strange error or maybe an bug. The following settings result in an correct action follwed by an "4.3.5 Server configuration error" response. # main.cf smtpd_recipient_restrictions = reject_non_fqdn_sender ... check_recipient_a_access hash:/etc/postfix/lookup/recipient_a_access ... permit # cat /etc/postfix/lookup/recipient_a_access 185.140.110.3 DISCARD # maillog Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: discard: RCPT from unknown[192.168.xxx.xxx]:53698: : Recipient address triggers DISCARD action; from=<> to= proto=ESMTP helo= Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: restriction check_recipient_a_access returns OK for vasilnhdgz0sdiminut...@netgooya.com Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: this is not allowed for security reasons Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: use DUNNO instead of OK if you want to make an exception Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: reject: RCPT from unknown[192.168.xxx.xxx]:53698: 451 4.3.5 Server configuration error; from=<> to= proto=ESMTP helo= Nov 14 10:53:54 fallback postfix/cleanup[7844]: 3ybjWk29Jhz5vXS: message-id=<3ybjwk29jhz5...@smtp.xxx.xx> If DISCARD is replaced by HOLD in "recipient_a_access" the error won't appear but in fact the sending host also receives an OK message like it does above when discarding the mail, which should not be allowed if you trust the warning message received. So is this a bug when using DISCARD or is it the right behaviour? And if it's not a bug then i think HOLD is buggy because it does not respond with an "451 4.3.5 Server configuration error". Where can i file a bug report? Or can someone confirm this behaviour? Thanks in advance, Patrick
Re: 451 4.3.5 Server configuration error
>> They are, look like this in main.cf >> >> # OpenDKIM >> milter_default_action = accept >> milter_protocol = 6 >> smtpd_milters = local:/opendkim/opendkim.sock >> non_smtpd_milters = $smtpd_milters > > Each parameter definition must start in the *first* > column of its text line. See > > http://www.postfix.org/postconf.5.html > > The general format of the main.cf file is as follows: > > • Each logical line is in the form "parameter = value". > Whitespace around the "=" is ignored, as is whitespace > at the end of a logical line. > > • Empty lines and whitespace-only lines are ignored, as are > lines whose first non-whitespace character is a `#'. > > • A logical line starts with non-whitespace text. A line > that starts with whitespace continues a logical line. That was it, should read first! Thank you guys ___ Daniel A. Rodriguez Departamento de Tecnología para la Gestión Escuela Provincial de Educación Técnica N° 1 Posadas - Misiones - Argentina (0376) 443-8578 www.epet1.edu.ar
Re: 451 4.3.5 Server configuration error
> On Aug 30, 2017, at 12:56 PM, Daniel Armando Rodriguez > wrote: > > They are, look like this in main.cf > > # OpenDKIM > milter_default_action = accept > milter_protocol = 6 > smtpd_milters = local:/opendkim/opendkim.sock > non_smtpd_milters = $smtpd_milters Each parameter definition must start in the *first* column of its text line. See http://www.postfix.org/postconf.5.html The general format of the main.cf file is as follows: • Each logical line is in the form "parameter = value". Whitespace around the "=" is ignored, as is whitespace at the end of a logical line. • Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. • A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. -- Viktor.
Re: 451 4.3.5 Server configuration error
2017-08-30 10:16 GMT-03:00 Christian Kivalo : > > > On 2017-08-30 15:07, Daniel Armando Rodriguez wrote: >>> >>> On 2017-08-30 14:51, Daniel Armando Rodriguez wrote: Hi, I'm getting such message logged after the warning: unknown smtpd restriction: "milter_default_action" >>> >>> >>> Note that options in master.cf are without spaces around the "=". >> >> >> yep >> All incoming mail is rejected. What I'm trying to achieve is to get dkim validation working, following this guide https://wiki.debian.org/opendkim >>> >>> >>> It helps to show your configuration. >>> >>> See http://www.postfix.org/DEBUG_README.html#mail >>> >>> Send the output of >>> postconf -n >> >> >> # postconf -n >> alias_database = hash:/etc/aliases >> alias_maps = hash:/etc/aliases >> append_dot_mydomain = no >> biff = no >> config_directory = /etc/postfix >> home_mailbox = Maildir/ >> html_directory = /usr/share/doc/postfix/html >> inet_interfaces = all >> mailbox_command = >> mailbox_size_limit = 0 >> mydestination = localhost >> mydomain = unau.edu.ar >> myhostname = correo.$mydomain >> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128, >> 170.210.45.128/29 >> myorigin = $myhostname >> policyd-spf_time_limit = 3600 >> readme_directory = /usr/share/doc/postfix >> recipient_delimiter = + >> relayhost = >> smtp_tls_security_level = may >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >> smtpd_banner = $myhostname ESMTP $mail_name >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_unauth_destination, >> check_policy_service unix:private/policyd-spf milter_default_action = > >^^ > Maybe just your mailclient, but you seem to be missing newlines here. > >> accept milter_protocol = 6 smtpd_milters = >> local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters > > All these milter_* options should be on their own line. They are, look like this in main.cf # OpenDKIM milter_default_action = accept milter_protocol = 6 smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters ___ Daniel A. Rodriguez Departamento de Tecnología para la Gestión Escuela Provincial de Educación Técnica N° 1 Posadas - Misiones - Argentina (0376) 443-8578 www.epet1.edu.ar
Re: 451 4.3.5 Server configuration error
On 2017-08-30 15:07, Daniel Armando Rodriguez wrote: On 2017-08-30 14:51, Daniel Armando Rodriguez wrote: Hi, I'm getting such message logged after the warning: unknown smtpd restriction: "milter_default_action" Note that options in master.cf are without spaces around the "=". yep All incoming mail is rejected. What I'm trying to achieve is to get dkim validation working, following this guide https://wiki.debian.org/opendkim It helps to show your configuration. See http://www.postfix.org/DEBUG_README.html#mail Send the output of postconf -n # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_command = mailbox_size_limit = 0 mydestination = localhost mydomain = unau.edu.ar myhostname = correo.$mydomain mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128, 170.210.45.128/29 myorigin = $myhostname policyd-spf_time_limit = 3600 readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf milter_default_action = ^^ Maybe just your mailclient, but you seem to be missing newlines here. accept milter_protocol = 6 smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters All these milter_* options should be on their own line. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/unau.edu.ar/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/unau.edu.ar/privkey.pem smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual_aliases virtual_mailbox_domains = $mydomain virtual_transport = lmtp:unix:private/dovecot-lmtp postconf -Mf postconf -Mf smtp inet n - - - - smtpd -o content_filter=spamassassin submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=spamassassin smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=spamassassin pickup unix n - - 60 1 pickup cleanupunix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewriteunix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discardunix - - - - - discard local unix - n n - - local virtualunix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uu
Re: 451 4.3.5 Server configuration error
> On 2017-08-30 14:51, Daniel Armando Rodriguez wrote: >> >> Hi, I'm getting such message logged after the warning: unknown smtpd >> restriction: "milter_default_action" > > Note that options in master.cf are without spaces around the "=". yep >> All incoming mail is rejected. >> >> What I'm trying to achieve is to get dkim validation working, >> following this guide >> https://wiki.debian.org/opendkim > > It helps to show your configuration. > > See http://www.postfix.org/DEBUG_README.html#mail > > Send the output of > postconf -n # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_command = mailbox_size_limit = 0 mydestination = localhost mydomain = unau.edu.ar myhostname = correo.$mydomain mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128, 170.210.45.128/29 myorigin = $myhostname policyd-spf_time_limit = 3600 readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf milter_default_action = accept milter_protocol = 6 smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/unau.edu.ar/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/unau.edu.ar/privkey.pem smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual_aliases virtual_mailbox_domains = $mydomain virtual_transport = lmtp:unix:private/dovecot-lmtp > postconf -Mf postconf -Mf smtp inet n - - - - smtpd -o content_filter=spamassassin submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=spamassassin smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=spamassassin pickup unix n - - 60 1 pickup cleanupunix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewriteunix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discardunix - - - - - discard local unix - n n - - local virtualunix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n
Re: 451 4.3.5 Server configuration error
On 2017-08-30 14:51, Daniel Armando Rodriguez wrote: Hi, I'm getting such message logged after the warning: unknown smtpd restriction: "milter_default_action" Note that options in master.cf are without spaces around the "=". All incoming mail is rejected. What I'm trying to achieve is to get dkim validation working, following this guide https://wiki.debian.org/opendkim It helps to show your configuration. See http://www.postfix.org/DEBUG_README.html#mail Send the output of postconf -n postconf -Mf regards in advance -- Christian Kivalo
451 4.3.5 Server configuration error
Hi, I'm getting such message logged after the warning: unknown smtpd restriction: "milter_default_action" All incoming mail is rejected. What I'm trying to achieve is to get dkim validation working, following this guide https://wiki.debian.org/opendkim regards in advance
Re: 451 4.3.5 Server configuration error
Dino Edwards: > Hello, > > Having a strange issue with a server. Multiple times a day I get the > following errors in mail.log: > > 451 4.3.5 Server configuration error; from= > to= proto=ESMTP helo= The error is logged BEFORE this line. Wietse
451 4.3.5 Server configuration error
Hello, Having a strange issue with a server. Multiple times a day I get the following errors in mail.log: 451 4.3.5 Server configuration error; from= to= proto=ESMTP helo= I also get the following email in my admin mailbox: From: Mail Delivery System Subject: Postfix SMTP server: errors from localhost[::1] To: postmas...@domain.tld Transcript of session follows. Out: 220 server.domain.tld In: ehlo server.domain.tld Out: 250- server.domain.tld Out: 250-PIPELINING Out: 250-SIZE 52428800 Out: 250-VRFY Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: mail FROM: size=527 Out: 250 2.1.0 Ok In: rcpt TO: Out: 451 4.3.5 Server configuration error In: rset Out: 250 2.0.0 Ok Session aborted, reason: lost connection For other details, see the local mail logfile So, it looks like some process is trying to send email from r...@server.domain.tld to root@localhost but I don't know what process it is or how to make it stop. It doesn't seem to affect the server otherwise. Other email flows in and out as normal except for these errors. I would appreciate some insight on where to look to get this resolved. Thanks
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
Certainly, I have already corrected them Thanks for all Postfix Family 2017-03-19 11:26 GMT-04:00 Viktor Dukhovni : > > > On Mar 19, 2017, at 11:19 AM, Wietse Venema > wrote: > > > > There are some other typos as well - multiple reject_rbl_client. > > And bare RBL domain names with no reject_rbl_client or similar. > > -- > Viktor. > > -- *Lester Montilla* CEO *Oficina.* 809-957-5764 *Móvil* . 829-766-3570 *E-mail* :lest...@gmail.com *Skype:* lestraw *Whatsaap*: 829-766-3570 *Pagad a todos lo que debáis: al que impuesto, impuesto; al que tributo, tributo; al que temor, temor; al que honor, honor.* *Romanos 13:17*
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
> On Mar 19, 2017, at 11:19 AM, Wietse Venema wrote: > > There are some other typos as well - multiple reject_rbl_client. And bare RBL domain names with no reject_rbl_client or similar. -- Viktor.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
lestraw: > Mar 18 21:03:27 server postfix/smtpd[26211]: warning: unknown smtpd > restriction: "combined.rbl.msrbl.net" You forgot to have 'reject_rbl_client' before 'combined.rbl.msrbl.net' > smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces > permit_tls_all_clientcerts reject_rbl_client reject_rbl_client > reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client > reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net > combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client ... There are some other typos as well - multiple reject_rbl_client. Wietse
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
*Problem solved * It turns out that in *smtpd_client_restrictions =* I was missing the *permit_sasl_authenticated sentence* Thanks for everything -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89536.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
I put the result of postconf -n I will put it back, I will also place the most detailed result of the postfix log * Postfix LOG:* Mar 18 21:03:27 server postfix/smtpd[28381]: warning: unknown[DD.D.D.DD]: SASL LOGIN authentication failed: AAA Mar 18 21:03:27 server postfix/smtpd[26211]: warning: unknown smtpd restriction: "combined.rbl.msrbl.net" *Mar 18 21:03:27 server postfix/smtpd[26211]: NOQUEUE: reject: RCPT from unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error; from= to= proto=ESMTP helo=<[DD.D.D.DD]>* Mar 18 21:03:27 server postfix/smtpd[28381]: lost connection after AUTH from unknown[DD.D.D.DD] Mar 18 21:03:27 server postfix/smtpd[28381]: disconnect from unknown[DD.D.D.DD] Mar 18 21:03:28 server postfix/cleanup[30157]: C1077620DF6: message-id=<20170319010328.c1077620...@a.com> *Postconf - N: * alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no bounce_queue_lifetime = 30m broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 776 default_destination_recipient_limit = 776 default_process_limit = 776 delay_warning_time = 2h fast_flush_purge_time = 30m fast_flush_refresh_time = 15m home_mailbox = Maildir/ html_directory = no mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 1000s maximal_queue_lifetime = 2h message_size_limit = 0 minimal_backoff_time = 300s mydestination = /etc/postfix/mydestination mydomain = .AAA mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix qmgr_message_active_limit = 4 qmgr_message_recipient_limit = 4 readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = $mydestination, bonofull.com, maillion.net, unityfull.com sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_connection_cache_on_demand = no smtp_destination_concurrency_limit = 400 smtp_mx_session_limit = 776 smtp_use_tls = yes smtpd_banner = $mydomain smtpd_client_connection_count_limit = 400 smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client reject_rbl_client reject_rhsbl_client bl.spamcannibal.org smtpd_peername_lookup = no smtpd_recipient_limit = 776 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces check_relay_domains reject_sender_login_mismatch smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = !DDD.DD.DD.D, DDD.DDD.D.D/DD smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_tls_CAfile = /home/maillion/ssl.ca smtpd_tls_cert_file = /home//ssl.cert smtpd_tls_key_file = /home//ssl.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual Please, help me -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89535.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
lestraw: > Hi postfix familiy, > > I'm using thunderbird as a email client, and when sending an email is giving > me the following error on /var/log/maillog: > > Mar 18 19:54:39 server postfix/smtpd[21712]: NOQUEUE: reject: RCPT from > unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error; > from= to= proto=ESMTP > helo=<[DD.D.D.DD]> That text is sent to the remote client, and therefore it has no configuration details. Instead, Postfix logs internal details BEFORE replying to the client. Wietse
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
Hi postfix familiy, I'm using thunderbird as a email client, and when sending an email is giving me the following error on /var/log/maillog: Mar 18 19:54:39 server postfix/smtpd[21712]: NOQUEUE: reject: RCPT from unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error; from= to= proto=ESMTP helo=<[DD.D.D.DD]> Postconf - n shows the following: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no bounce_queue_lifetime = 30m broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 776 default_destination_recipient_limit = 776 default_process_limit = 776 delay_warning_time = 2h fast_flush_purge_time = 30m fast_flush_refresh_time = 15m home_mailbox = Maildir/ html_directory = no mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 1000s maximal_queue_lifetime = 2h message_size_limit = 0 minimal_backoff_time = 300s mydestination = /etc/postfix/mydestination mydomain = .AAA mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix qmgr_message_active_limit = 4 qmgr_message_recipient_limit = 4 readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = $mydestination, bonofull.com, maillion.net, unityfull.com sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_connection_cache_on_demand = no smtp_destination_concurrency_limit = 400 smtp_mx_session_limit = 776 smtp_use_tls = yes smtpd_banner = $mydomain smtpd_client_connection_count_limit = 400 smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client reject_rbl_client reject_rhsbl_client bl.spamcannibal.org smtpd_peername_lookup = no smtpd_recipient_limit = 776 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces check_relay_domains reject_sender_login_mismatch smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = !DDD.DD.DD.D, DDD.DDD.D.D/DD smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_tls_CAfile = /home/maillion/ssl.ca smtpd_tls_cert_file = /home//ssl.cert smtpd_tls_key_file = /home//ssl.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual *What is wrong with this configuration?* -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89533.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
lestraw: > Hello Postfix Familty, > > I have configured it according to the postfix manuals a Postfix SASL e-mail > server with Dovecot. And I'm having the following error, when I'm going to > send an email from a client > > *451 4.3.5 Server configuration error * > > Postfix version 2.6.6 + Dovecot Version 2.0.9 > > > ### ~> Postfix main.cf CENTOS6_X64 > command_directory = /usr/sbin > daemon_directory = /usr/libexec/postfix > > mydomain = domain.example > myorigin = $mydomain > unknown_local_recipient_reject_code = 550 > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > home_mailbox = Maildir/ > smtpd_banner = $mydomain > debug_peer_level = 2 > debugger_command = >PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin >xxgdb $daemon_directory/$process_name $process_id & sleep 5 > sendmail_path = /usr/sbin/sendmail.postfix > newaliases_path = /usr/bin/newaliases.postfix > mailq_path = /usr/bin/mailq.postfix > setgid_group = postdrop > html_directory = no > manpage_directory = /usr/share/man > sample_directory = /usr/share/doc/postfix-2.3.3/samples > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > > #sasl autentication start > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > smtpd_sasl_authenticated_header = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options > smtpd_sasl_local_domain = $myhostname > broken_sasl_auth_clients = yes > relay_domains = $mydestination, second.example, domain.example > smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders > smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated > permit_inet_interfaces check_relay_domains reject_sender_login_mismatch > #sasl autentication end > > delay_warning_time = 2h > fast_flush_refresh_time = 15m > fast_flush_purge_time = 30m > smtpd_recipient_limit = 776 > bounce_queue_lifetime = 30m > maximal_queue_lifetime = 2h > mailbox_size_limit = 0 > message_size_limit = 0 > smtp_connection_cache_on_demand = no > smtpd_peername_lookup = no > default_process_limit = 776 > qmgr_message_active_limit = 4 > qmgr_message_recipient_limit = 4 > default_destination_concurrency_limit = 776 > default_destination_recipient_limit = 776 > smtp_mx_session_limit = 776 > smtpd_client_connection_count_limit = 400 > smtp_destination_concurrency_limit = 400 > maximal_backoff_time = 1000s > minimal_backoff_time = 300s > virtual_alias_maps = hash:/etc/postfix/virtual > sender_bcc_maps = hash:/etc/postfix/bcc > mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME > mydestination = /etc/postfix/mydestination > allow_percent_hack = no > recipient_bcc_maps = hash:/etc/postfix/recipient_bcc > > # TLS parameters start > smtpd_tls_key_file = /home/maillion/ssl.key > smtpd_tls_CAfile = /home/maillion/ssl.ca > smtpd_tls_cert_file = /home/maillion/ssl.cert > smtp_use_tls = yes > smtpd_tls_security_level = may > # TLS parameters end > > smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces > permit_tls_all_clientcerts reject_rbl_client reject_rbl_client > reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client > reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net > combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client > reject_rbl_client reject_rhsbl_client bl.spamcannibal.org > mynetworks = 127.0.0.0/8 > > > * > There is any error?* > > Please help me!! TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
NOQUEUE: reject: ... 451 4.3.5 Server configuration error
Hello Postfix Familty, I have configured it according to the postfix manuals a Postfix SASL e-mail server with Dovecot. And I'm having the following error, when I'm going to send an email from a client *451 4.3.5 Server configuration error * Postfix version 2.6.6 + Dovecot Version 2.0.9 ### ~> Postfix main.cf CENTOS6_X64 command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mydomain = domain.example myorigin = $mydomain unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ smtpd_banner = $mydomain debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES #sasl autentication start smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes relay_domains = $mydestination, second.example, domain.example smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces check_relay_domains reject_sender_login_mismatch #sasl autentication end delay_warning_time = 2h fast_flush_refresh_time = 15m fast_flush_purge_time = 30m smtpd_recipient_limit = 776 bounce_queue_lifetime = 30m maximal_queue_lifetime = 2h mailbox_size_limit = 0 message_size_limit = 0 smtp_connection_cache_on_demand = no smtpd_peername_lookup = no default_process_limit = 776 qmgr_message_active_limit = 4 qmgr_message_recipient_limit = 4 default_destination_concurrency_limit = 776 default_destination_recipient_limit = 776 smtp_mx_session_limit = 776 smtpd_client_connection_count_limit = 400 smtp_destination_concurrency_limit = 400 maximal_backoff_time = 1000s minimal_backoff_time = 300s virtual_alias_maps = hash:/etc/postfix/virtual sender_bcc_maps = hash:/etc/postfix/bcc mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mydestination = /etc/postfix/mydestination allow_percent_hack = no recipient_bcc_maps = hash:/etc/postfix/recipient_bcc # TLS parameters start smtpd_tls_key_file = /home/maillion/ssl.key smtpd_tls_CAfile = /home/maillion/ssl.ca smtpd_tls_cert_file = /home/maillion/ssl.cert smtp_use_tls = yes smtpd_tls_security_level = may # TLS parameters end smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client reject_rbl_client reject_rhsbl_client bl.spamcannibal.org mynetworks = 127.0.0.0/8 * There is any error?* Please help me!! -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530.html Sent from the Postfix Users mailing list archive at Nabble.com.