Loading ...
Sorry, an error occurred while loading the content.

289480Re: Client can't access through submission protocol

Expand Messages
  • Pierre-Gilles RAYNAUD
    Nov 17, 2012
    • 0 Attachment
      On 13/11/12 19:08, Noel Jones wrote:
      > On 11/13/2012 1:30 AM, Pierre-Gilles RAYNAUD wrote:
      >> Hi Everyone,
      >>
      >> The submission port is setup like this
      >> submission inet n - n - - smtpd
      >> -o smtpd_tls_security_level=encrypt
      >> -o smtpd_sasl_auth_enable=yes
      >> -o smtpd_sasl_security_options=noanonymous
      >> -o
      >> smtpd_sender_restrictions=reject_unknown_sender_domain,reject_non_fqdn_sender
      > OK so far.
      >
      >> -o
      >> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject
      >> -o milter_macro_daemon_name=ORIGINATING
      > This isn't the cause of your rejections, but the
      > reject_non_fqdn_recipient above is useless. If mail is in
      > mynetworks or authenticated, it will pass anyway. Otherwise it is
      > rejected anyway. If you want to enforce non fqdn recipient, move it
      > to the front of the list.
      >
      Thank you for the advice.
      I have updated accordingly.
      I used an example as model.
      >> and when the client application is outside the mynetwork definition,
      >> i.e.: domaingprs.tld (see below)
      >> we get this error,
      >>
      >> Nov 11 14:16:31 serv001 postfix/smtpd[30545]: connect from
      >> wn1nat29.domaingprs.tld[xxx.yyy.zzz.29]
      >> Nov 11 14:16:42 serv001 postfix/smtpd[30545]: NOQUEUE: reject: RCPT
      >> from wn1nat29.domaingprs.tld[xxx.yyy.zzz..29]: 454 4.7.1
      >> <wn1nat29.domaingprs.tld[xxx.yyy.zzz.29]>: Client host rejected: Access
      >> denied; from=<user@...> to=<someone@...
      >> <mailto:someone@...>> proto=ESMTP
      >> helo=<[10.224.148.220]>
      >> Nov 11 14:16:48 serv001 postfix/smtpd[30545]: disconnect from
      >> wn1nat29.domaingprs.tld[xxx.yyy.zzz.29]
      >>
      >> but when the client application is inside our network definition, the
      >> mail is correctly sent.
      > Your settings in main.cf are interfering with your submission port.
      > Add to your submission entry:
      > -o smtpd_helo_restrictions=
      > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      >
      > You might want to add permit_mynetworks to the above also, but
      > that's not usually used on the submission port.
      >
      >
      > -- Noel Jones
      I did.
      But the issue was elsewehre .... and solved
      Thank you for your time and advice.

      PGR
    • Show all 3 messages in this topic