Loading ...
Sorry, an error occurred while loading the content.
 

Re: Question About Log entries

Expand Messages
  • Reindl Harald
    ... if you want any meaningful answer you have to poast at least a full snippet of all lines to a specific message and output of postconf -n
    Message 1 of 15 , Jan 26, 2013
      Am 26.01.2013 18:25, schrieb Bob Cohen:
      > Follows are several maillog entries. I'm not clear on how to read them.
      >
      > warning: restriction `reject_rbl_client' after `permit' is ignored
      >
      > Does this mean, Postfix rejected an email based on the reject_rbl_client rule, which was placed in the main.cf after the permit. And, Postfix is ignoring the warning?
      >
      > warning: restriction `warn_if_reject' after `permit' is ignored
      >
      > Does this mean, Postfix rejected an email according to some rule in the main.cf. And, Postfix is ignoring the warning?

      if you want any meaningful answer you have to poast at least
      a full snippet of all lines to a specific message and output
      of "postconf -n"
    • Wietse Venema
      ... This means that you have configured: something = something permit reject_rbl_client something As documented, evaluation stops at permit. Therefore,
      Message 2 of 15 , Jan 26, 2013
        Bob Cohen:
        > Follows are several maillog entries. I'm not clear on how to read them.
        >
        > warning: restriction `reject_rbl_client' after `permit' is ignored

        This means that you have configured:

        something = something permit reject_rbl_client something

        As documented, evaluation stops at permit. Therefore, reject_rbl_client
        is ignored.

        Wietse
      • Bob Cohen
        ... Thank you. -Bob log snippet 1 Jan 26 13:03:00 fortapache postfix/smtpd[29122]: connect from camomile.cloud9.net[168.100.1.3] Jan 26 13:03:00 fortapache
        Message 3 of 15 , Jan 26, 2013
          On Jan 26, 2013, at 12:40 PM, Reindl Harald <h.reindl@...> wrote:

          > if you want any meaningful answer you have to poast at least
          > a full snippet of all lines to a specific message and output
          > of "postconf -n"

          Thank you.

          -Bob

          log snippet 1

          Jan 26 13:03:00 fortapache postfix/smtpd[29122]: connect from camomile.cloud9.net[168.100.1.3]
          Jan 26 13:03:00 fortapache postfix/smtpd[29122]: warning: restriction `reject_rbl_client' after `permit' is ignored
          Jan 26 13:03:00 fortapache postfix/smtpd[29122]: warning: restriction `warn_if_reject' after `permit' is ignored
          Jan 26 13:03:00 fortapache postfix/smtpd[29122]: warning: restriction `warn_if_reject' after `permit' is ignored

          log snippet 2

          Jan 26 12:51:52 fortapache postfix/smtpd[28960]: warning: 68.168.97.243: hostname 68-168-97-243.dedicated.codero.net verification failed: Name or service not known
          Jan 26 12:51:52 fortapache postfix/smtpd[28960]: connect from unknown[68.168.97.243]
          Jan 26 12:51:53 fortapache postfix/smtpd[28960]: warning: restriction `reject_rbl_client' after `permit' is ignored
          Jan 26 12:51:53 fortapache postfix/smtpd[28960]: warning: restriction `warn_if_reject' after `permit' is ignored
          Jan 26 12:51:53 fortapache postfix/smtpd[28960]: NOQUEUE: reject: RCPT from unknown[68.168.97.243]: 450 4.1.8 <apache@...>: Sender address rejected: Domain not found; from=<apache@...> to=<42z4r2l5udb@...> proto=ESMTP helo=<68-168-97-243.phx.dedicated.codero.com>
          Jan 26 12:56:53 fortapache postfix/smtpd[28960]: timeout after RSET from unknown[68.168.97.243]
          Jan 26 12:56:53 fortapache postfix/smtpd[28960]: disconnect from unknown[68.168.97.243]



          postconf -n

          alias_database = /etc/postfix/aliases
          alias_maps = hash:/etc/postfix/aliases
          command_directory = /usr/sbin
          config_directory = /etc/postfix
          content_filter = amavisfeed:[127.0.0.1]:10024
          daemon_directory = /usr/libexec/postfix
          home_mailbox = Maildir/
          html_directory = no
          local_recipient_maps = $virtual_alias_maps
          mail_owner = postfix
          mailq_path = /usr/bin/mailq
          manpage_directory = /usr/share/man
          mydestination = /etc/postfix/local_domains
          myhostname = fortapache.bjcserver.com
          myorigin = $myhostname
          newaliases_path = /usr/bin/newaliases
          queue_directory = /var/spool/postfix
          readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
          relay_domains = $mydestination
          sample_directory = /usr/share/doc/postfix-2.3.3/samples
          sendmail_path = /usr/sbin/sendmail
          setgid_group = postdrop
          smtpd_client_restrictions = reject_unauth_pipelining,
          check_client_access hash:/etc/postfix/access,
          check_client_access hash:/etc/postfix/poprelay,
          permit
          reject_rbl_client zen.spamhaus.org,
          reject_rbl_client dnsbl.sorbs.net,
          smtpd_helo_restrictions = check_helo_access pcre:/etc/postfix/tld.pcre,
          permit
          warn_if_reject,
          check_helo_access pcre:/etc/postfix/tld.pcre
          smtpd_recipient_restrictions = reject_non_fqdn_recipient,
          check_client_access hash:/etc/postfix/access,
          reject_unknown_recipient_domain,
          reject_unauth_destination,
          permit
          smtpd_sender_restrictions =
          reject_unknown_sender_domain,
          reject_non_fqdn_sender,
          check_client_access pcre:/etc/postfix/tld.pcre,
          check_client_access hash:/etc/postfix/access,
          check_client_access hash:/etc/postfix/poprelay,
          permit
          warn_if_reject,
          check_reverse_client_hostname_access pcre:/etc/postfix/tld.pcre

          soft_bounce = no
          virtual_alias_maps = hash:/etc/postfix/virtual

          Bob Cohen
          Writer, Internet Consultant, Teacher
          w: bobjcohen.com
          t: #itsabobworld
        • Bob Cohen
          ... Thank you. Does that mean I need to put the something = something before permit? Note I just posted some log entries and postconf -n. -Bob Bob Cohen
          Message 4 of 15 , Jan 26, 2013
            On Jan 26, 2013, at 1:00 PM, Wietse Venema <wietse@...> wrote:

            > Bob Cohen:
            >> Follows are several maillog entries. I'm not clear on how to read them.
            >>
            >> warning: restriction `reject_rbl_client' after `permit' is ignored
            >
            > This means that you have configured:
            >
            > something = something permit reject_rbl_client something
            >
            > As documented, evaluation stops at permit. Therefore, reject_rbl_client
            > is ignored.

            Thank you. Does that mean I need to put the something = something before permit? Note I just posted some log entries and postconf -n.

            -Bob

            Bob Cohen
            Writer, Internet Consultant, Teacher
            w: bobjcohen.com
            t: #itsabobworld
          • Reindl Harald
            ... logically yes how do you imagine that anything does something after permit took action?
            Message 5 of 15 , Jan 26, 2013
              Am 26.01.2013 19:13, schrieb Bob Cohen:
              >
              > On Jan 26, 2013, at 1:00 PM, Wietse Venema <wietse@...> wrote:
              >
              >> Bob Cohen:
              >>> Follows are several maillog entries. I'm not clear on how to read them.
              >>>
              >>> warning: restriction `reject_rbl_client' after `permit' is ignored
              >>
              >> This means that you have configured:
              >>
              >> something = something permit reject_rbl_client something
              >>
              >> As documented, evaluation stops at permit. Therefore, reject_rbl_client
              >> is ignored.
              >
              > Thank you. Does that mean I need to put the something = something before permit?

              logically yes

              how do you imagine that anything does something after "permit" took action?
            • Viktor Dukhovni
              ... Postfix is *issuing* the warning, it takes a flight of fancy to think Postfix is ignoring the warning. When Postfix warns you that: thing Y after [thing]
              Message 6 of 15 , Jan 26, 2013
                On Sat, Jan 26, 2013 at 12:25:00PM -0500, Bob Cohen wrote:

                > Follows are several maillog entries. I'm not clear on how to read them.
                >
                > warning: restriction `reject_rbl_client' after `permit' is ignored
                >
                > Does this mean, Postfix rejected an email based on the
                > reject_rbl_client rule, which was placed in the main.cf after the
                > permit. And, Postfix is ignoring the warning?

                Postfix is *issuing* the warning, it takes a flight of fancy to
                think Postfix is ignoring the warning. When Postfix warns you that:

                "thing Y after [thing] X is ignored"

                it means what it says: Thing Y which occurs after thing X is [always]
                ignored. Therefore, a configuration with thing Y after thing X is
                likely the result of confusion or a careless error.

                In this case confusion. Restrictions are evaluated in order, don't
                modify Postfix restrictions until you understand how they work.

                Perhaps this will help:

                http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

                DO NOT parrot any of the specific examples in the guide, rather
                read it ONLY for its explanation of how restrictions work, using
                the specific examples only to help you understand the general rules.
                The explanator material starts with:

                General Notes On "hostname," "helo," "client," "sender"
                and "recipient" Access Lists and Restrictions

                and especially the section:

                Understanding The Order In Which SMTPD Restrictions Are Applied

                --
                Viktor.
              • Wietse Venema
                ... No. It means you should read documentation instead seeking well-known answers on the mailing list. Start with these:
                Message 7 of 15 , Jan 26, 2013
                  Bob Cohen:
                  >
                  > On Jan 26, 2013, at 1:00 PM, Wietse Venema <wietse@...> wrote:
                  >
                  > > Bob Cohen:
                  > >> Follows are several maillog entries. I'm not clear on how to read them.
                  > >>
                  > >> warning: restriction `reject_rbl_client' after `permit' is ignored
                  > >
                  > > This means that you have configured:
                  > >
                  > > something = something permit reject_rbl_client something
                  > >
                  > > As documented, evaluation stops at permit. Therefore, reject_rbl_client
                  > > is ignored.
                  >
                  > Thank you. Does that mean I need to put the something = something
                  > before permit? Note I just posted some log entries and postconf

                  No. It means you should read documentation instead
                  seeking well-known answers on the mailing list.

                  Start with these:
                  http://www.postfix.org/BASIC_CONFIGURATION_README.html
                  http://www.postfix.org/SMTPD_ACCESS_README.html

                  and follow the hyperlinks.

                  Wietse
                • Bob Cohen
                  ... Thank you. Sorry if I violated list etiquette. It s hard for a ham and egger like me to know what is or isn t common knowledge. Bob Cohen Writer, Internet
                  Message 8 of 15 , Jan 26, 2013
                    On Jan 26, 2013, at 5:05 PM, Wietse Venema <wietse@...> wrote:

                    > No. It means you should read documentation instead
                    > seeking well-known answers on the mailing list.


                    Thank you. Sorry if I violated list etiquette. It's hard for a ham and egger like me to know what is or isn't common knowledge.

                    Bob Cohen
                    Writer, Internet Consultant, Teacher
                    w: bobjcohen.com
                    t: #itsabobworld
                  • Ralf Hildebrandt
                    ... No. Everything after permit is ignored. ... Again, you seem to have something like: ... stuff ... permit ... more stuff ... in your restrictions. more
                    Message 9 of 15 , Jan 28, 2013
                      * Bob Cohen <bob@...>:
                      > Follows are several maillog entries. I'm not clear on how to read them.
                      >
                      > warning: restriction `reject_rbl_client' after `permit' is ignored


                      > Does this mean, Postfix rejected an email based on the
                      > reject_rbl_client rule, which was placed in the main.cf after the
                      > permit. And, Postfix is ignoring the warning?

                      No. Everything after permit is ignored.

                      > warning: restriction `warn_if_reject' after `permit' is ignored

                      Again, you seem to have something like:

                      ... stuff ...
                      permit
                      ... more stuff ...

                      in your restrictions. "more stuff" will be ignored.

                      --
                      [*] sys4 AG

                      http://sys4.de, +49 (89) 30 90 46 64
                      Franziskanerstraße 15, 81669 München

                      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                      Aufsichtsratsvorsitzender: Joerg Heidrich
                    Your message has been successfully submitted and would be delivered to recipients shortly.