Re: how to see my_networks check in peer_debug, level 2 or greater?
On 2013-08-16 5:22 PM, lcon...@go2france.com lcon...@go2france.com wrote: postconf mail_version mail_version = 2.3.3 Good gawd... The reason no one has responded most likely is because you are using such an ancient and most importantly unsupported version. You need to upgrade... -- Best regards, */Charles/*
Re: how to see my_networks check in peer_debug, level 2 or greater?
On Fri, Aug 16, 2013 at 04:22:50PM -0500, lcon...@go2france.com wrote: postconf mail_version mail_version = 2.3.3 uname -a Linux . 2.6.18-128.2.1.el5 #1 SMP Wed Jul 8 11:54:47 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux got an access denied for an IP that is in a /20 postconf confirms is in mynetworks If by peer_debug in the Subject header, you are referring to the debug_peer_list parameter, that's generally most useful for looking for bugs in Postfix itself. Since you are using a version which was EOL four years ago, there is no point in looking for bugs. Perhaps you'd do better here by describing the problem and goal, showing your postconf -n and relevant NON-verbose logs for one mail which wasn't handled as you expected. If your smtpd(8) instance has any -o option overrides, you must show those as well. Pro tip: any smtpd or other daemon definition with -o overrides should also include a -o syslog_name=postfix/foo where foo is something relevant to what this instance does. Access denied means a reject restriction or access(5) lookup result was encountered. There are of course 52.001 gazillion reasons which could cause this. Good luck. I suggest you review this before posting again: http://www.postfix.org/DEBUG_README.html#mail ok, ok, been doing this postfix stuff for 10+ years, it's simpler than full debug_readme: smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/mta_clients_black.map, check_client_access hash:/etc/postfix/webmail_client.class, check_helo_access pcre:/etc/postfix/4tuple_main_unfiltered.pcre, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, ... permit_sasl_authenticated, reject the IPs with Access denied probably from the final reject after permit_sasl_authenticated are: NOT matching before mynetworks and are all in the mynetworks as members of 3 /20s, so they should have not been denied access. debug shows only match_hostname for smtpd_client_event_limit_exceptions, but not for peer debugging. thanks, Len the only match_hostname I see is for smtpd_client_event_limit_exceptions -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: how to see my_networks check in peer_debug, level 2 or greater?
Len Conrad: smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/mta_clients_black.map, check_client_access hash:/etc/postfix/webmail_client.class, check_helo_access pcre:/etc/postfix/4tuple_main_unfiltered.pcre, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, ... permit_sasl_authenticated, reject the IPs with Access denied probably from the final reject after permit_sasl_authenticated are: NOT matching before mynetworks and are all in the mynetworks as members of 3 /20s, so they should have not been denied access. debug shows only match_hostname for smtpd_client_event_limit_exceptions, but not for peer debugging. The permit_mynetworks function logs its name, the client name, and the client IP address when the debugging level is non-zero. If you don't see permit_mynetworks logging, then the REJECT happens earlier. Wietse
Re: how to see my_networks check in peer_debug, level 2 or greater?
On Fri, Aug 16, 2013 at 04:22:50PM -0500, lcon...@go2france.com wrote: postconf mail_version mail_version = 2.3.3 uname -a Linux . 2.6.18-128.2.1.el5 #1 SMP Wed Jul 8 11:54:47 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux got an access denied for an IP that is in a /20 postconf confirms is in mynetworks If by peer_debug in the Subject header, you are referring to the debug_peer_list parameter, that's generally most useful for looking for bugs in Postfix itself. Since you are using a version which was EOL four years ago, there is no point in looking for bugs. Perhaps you'd do better here by describing the problem and goal, showing your postconf -n and relevant NON-verbose logs for one mail which wasn't handled as you expected. If your smtpd(8) instance has any -o option overrides, you must show those as well. Pro tip: any smtpd or other daemon definition with -o overrides should also include a -o syslog_name=postfix/foo where foo is something relevant to what this instance does. Access denied means a reject restriction or access(5) lookup result was encountered. There are of course 52.001 gazillion reasons which could cause this. Good luck. I suggest you review this before posting again: http://www.postfix.org/DEBUG_README.html#mail the only match_hostname I see is for smtpd_client_event_limit_exceptions -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: