Loading ...
Sorry, an error occurred while loading the content.

Permissions on /etc/postfix files

Expand Messages
  • LuKreme
    All the files in /etc/postfix are 1) owned by root and 2) marked with 644 permissions. I m not sure this is a good idea (though there are no other users who
    Message 1 of 12 , Sep 5, 2013
    • 0 Attachment
      All the files in /etc/postfix are 1) owned by root and 2) marked with 644 permissions.

      I'm not sure this is a good idea (though there are no other users who login to the shell, there are other users who at least in theory could).

      I did chmod 600 and chown postfix the mysql_virtual_*_maps.cf files since they contain the SQL password for the sql users' database.

      Am I worrying needlessly? Chould I chmod 600 and chown postfix all of /etc/postfix?

      --
      I HAVE NEITHER BEEN THERE NOR DONE THAT Bart chalkboard Ep. AABF17
    • Patrick Ben Koetter
      ... All maps root:postfix 640 main.cf, master.cf, dynamicmaps.cf root:postfix 644 Must be world readable for sendmail users root@mail:/etc/postfix# ll total
      Message 2 of 12 , Sep 5, 2013
      • 0 Attachment
        * LuKreme <kremels@...>:
        > All the files in /etc/postfix are 1) owned by root and 2) marked with 644 permissions.
        >
        > I'm not sure this is a good idea (though there are no other users who login to the shell, there are other users who at least in theory could).
        >
        > I did chmod 600 and chown postfix the mysql_virtual_*_maps.cf files since they contain the SQL password for the sql users' database.
        >
        > Am I worrying needlessly? Chould I chmod 600 and chown postfix all of /etc/postfix?

        All maps
        root:postfix 640
        main.cf, master.cf, dynamicmaps.cf
        root:postfix 644
        Must be world readable for sendmail users

        root@mail:/etc/postfix# ll
        total 216
        drwxr-xr-x 3 root root 4096 Sep 4 08:10 ./
        drwxr-xr-x 103 root root 4096 Sep 4 11:28 ../
        -rw-r----- 1 postfix postfix 901 Feb 5 2013 body.chk
        -rw-r----- 1 root postfix 46 Feb 5 2013 client_access
        -rw-r----- 1 root postfix 2113 Feb 5 2013 client_access.cdb
        -rw-r----- 1 root postfix 778 Sep 4 08:10 dh_2048.pem
        -rw-r----- 1 root postfix 156 Feb 5 2013 dh_512.pem
        -rw-r----- 1 root postfix 16351 Jul 8 16:25 drop.cidr
        -rw-r--r-- 1 root postfix 389 Nov 22 2012 dynamicmaps.cf
        -rw-r----- 1 root postfix 3337 Feb 5 2013 header.chk
        -rw-r----- 1 root postfix 491 Apr 29 14:27 helo.chk
        -rw-r--r-- 1 root postfix 5056 Sep 4 08:10 main.cf
        -rw-r----- 1 root postfix 582 Feb 6 2013 Makefile
        -rw-r--r-- 1 root postfix 3400 Mai 23 00:28 master.cf
        -rw-r----- 1 root postfix 172 Feb 5 2013 nested_header.chk
        -rw-r----- 1 root postfix 25 Feb 5 2013 nullsender
        -rw-r----- 1 root postfix 2090 Feb 5 2013 nullsender.cdb
        -rw-r--r-- 1 root postfix 19707 Okt 23 2012 postfix-files
        -rwxr-xr-x 1 root postfix 8729 Okt 23 2012 postfix-script*
        -rwxr-xr-x 1 root postfix 26498 Okt 23 2012 post-install*
        -rw-r----- 1 root postfix 31 Feb 5 2013 postscreen_access.cidr
        -rw-r----- 1 root postfix 214 Feb 5 2013 role_exceptions
        -rw-r----- 1 root postfix 2190 Feb 5 2013 role_exceptions.cdb
        drwxr-x--- 2 root postfix 4096 Okt 23 2012 sasl/
        -rw-r----- 1 root postfix 1728 Feb 5 2013 sender_exceptions
        -rw-r----- 1 root postfix 3686 Feb 5 2013 sender_exceptions.cdb
        -rw-r----- 1 root postfix 67 Feb 6 2013 transport
        -rw-r----- 1 root postfix 2158 Feb 6 2013 transport.cdb
        -rw-r----- 1 root postfix 582 Jun 17 09:34 virtual
        -rw-r----- 1 root postfix 2892 Jun 17 09:34 virtual.cdb

        I use a Makefile to maintain maps and permissions:

        SHELL = /bin/sh
        VPATH = /etc
        all: helos.db transport.db client_access.db clients.db roles.db senders.db aliases.db discard_ehlo_keywords.db relay_domains.db virtual_aliases.db tls_policies.db

        aliases.db: /etc/aliases
        cp /etc/aliases /etc/aliases.proto
        postalias hash:/etc/aliases.proto
        mv /etc/aliases.proto.db /etc/aliases.db
        chown root:postfix /etc/aliases*
        chmod 640 /etc/aliases*
        rm /etc/aliases.proto
        /usr/local/sbin/set_postfix_perms

        %.db: %
        cp $< $<.proto
        postmap hash:$<.proto
        mv $<.proto.db $<.db
        chown root:postfix $<*
        chmod 640 $<*
        rm $<.proto
        /usr/local/sbin/set_postfix_perms

        And I call a set_postfix_perms at the end to catch files that are not maps:

        #!/bin/bash
        # Setzt die Permissions und Ownerships in /etc/postfix restriktiv
        # Patrick Koetter, p@...

        # Nur lesbar für root und postfix
        declare -a FILES=(
        dh_2048.pem
        dh_512.pem
        drop.cidr
        header_checks.pcre
        identity.chk
        Makefile
        postscreen_access.cidr
        relay_recipients.ldap
        virtual_aliases.ldap)

        # Die müssen word readable sein
        declare -a CONFS=(
        main.cf
        master.cf
        relay_domains*
        )

        for i in ${FILES[@]}
        do
        chmod 640 $i
        chown root:postfix $i
        done

        for i in ${CONFS[@]}
        do
        chmod 644 $i
        chown root:postfix $i
        done




        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Florian Kirstein
      • DTNX Postmaster
        ... We generally use a subdirectory within /etc/postfix to store all custom files such as maps and the like, and restrict the permissions on that directory
        Message 3 of 12 , Sep 6, 2013
        • 0 Attachment
          On Sep 6, 2013, at 04:39, LuKreme <kremels@...> wrote:

          > All the files in /etc/postfix are 1) owned by root and 2) marked with 644 permissions.
          >
          > I'm not sure this is a good idea (though there are no other users who login to the shell, there are other users who at least in theory could).
          >
          > I did chmod 600 and chown postfix the mysql_virtual_*_maps.cf files since they contain the SQL password for the sql users' database.
          >
          > Am I worrying needlessly? Chould I chmod 600 and chown postfix all of /etc/postfix?

          We generally use a subdirectory within '/etc/postfix' to store all
          'custom' files such as maps and the like, and restrict the permissions
          on that directory and its contents. This also offers a measure of
          protection in case a distribution package overwrites a default file for
          whatever reason.

          HTH,
          Joni
        • LuKreme
          ... do you mean actual real sendmail (we don t have that) or postfix s sendmail compatible interface? ... That s quite clever. ... That is something that s
          Message 4 of 12 , Sep 6, 2013
          • 0 Attachment
            On 05 Sep 2013, at 23:51 , Patrick Ben Koetter <p@...> wrote:
            > main.cf, master.cf, dynamicmaps.cf
            > root:postfix 644
            > Must be world readable for sendmail users

            do you mean actual real sendmail (we don't have that) or postfix's sendmail compatible interface?

            > I use a Makefile to maintain maps and permissions:

            That's quite clever.

            On 06 Sep 2013, at 03:29 , DTNX Postmaster <postmaster@...> wrote:
            > We generally use a subdirectory within '/etc/postfix' to store all
            > 'custom' files such as maps and the like, and restrict the permissions
            > on that directory and its contents.

            That's also not a bad idea, but:

            > This also offers a measure of protection in case a distribution package overwrites a default file for
            > whatever reason.

            That is something that's never happened to me with postfix. Other things, sure, but not postfix.

            --
            "It's like those French have a different word for *everything*" - Steve
            Martin
          • Patrick Ben Koetter
            ... I mean the Postfix sendmail command. When someone calls it from command line, it runs with the permissions of that user. The command must lookup some
            Message 5 of 12 , Sep 6, 2013
            • 0 Attachment
              * LuKreme <kremels@...>:
              > On 05 Sep 2013, at 23:51 , Patrick Ben Koetter <p@...> wrote:
              > > main.cf, master.cf, dynamicmaps.cf
              > > root:postfix 644
              > > Must be world readable for sendmail users
              >
              > do you mean actual real sendmail (we don't have that) or postfix's sendmail compatible interface?

              I mean the Postfix sendmail command. When someone calls it from command line,
              it runs with the permissions of that user. The command must lookup some
              configuration from main.cf. Thus the requirement to keep it world readable.

              > > I use a Makefile to maintain maps and permissions:
              >
              > That's quite clever.

              It's either all good or everything brakes at once. ;)

              p@rick

              --
              [*] sys4 AG

              http://sys4.de, +49 (89) 30 90 46 64
              Franziskanerstraße 15, 81669 München

              Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
              Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
              Aufsichtsratsvorsitzender: Florian Kirstein
            • Chris
              Hello, if I send from a public mail service like gmail etc. to my server, I get the email. Then I reply to this one and I this message will never arrive.
              Message 6 of 12 , Sep 9, 2013
              • 0 Attachment
                Hello,

                if I send from a public mail service like gmail etc. to my server, I get
                the email.
                Then I reply to this one and I this message will never arrive.
                Sometimes I get an error mail like:

                <vip4@...>: host service.com[202.107.110.18] said: 554 5.7.1
                <vip4@...>: Relay access denied (in reply to RCPT TO command)

                In the syslog when sending an email to a public mail service I find this
                one:

                Sep 9 22:38:53 nudin1 postfix/smtpd[8648]: connect from
                unknown[148.172.15.55]
                Sep 9 22:38:55 nudin1 postfix/smtpd[8648]: 2723F12E00A3:
                client=unknown[148.172.15.55], sasl_method=PLAIN,
                sasl_username=info@...
                Sep 9 22:38:55 nudin1 postfix/cleanup[7756]: 2723F12E00A3:
                message-id=<522E863A.1000200@...>
                Sep 9 22:38:55 nudin1 postfix/qmgr[1344]: 2723F12E00A3:
                from=<info@...>, size=474, nrcpt=1 (queue active)
                Sep 9 22:38:56 nudin1 postfix/smtpd[8648]: disconnect from
                unknown[148.172.15.55]
                Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: connect from
                localhost[127.0.0.1]
                Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: 7C75B12E00A4:
                client=localhost[127.0.0.1]
                Sep 9 22:38:57 nudin1 postfix/cleanup[7756]: 7C75B12E00A4:
                message-id=<522E863A.1000200@...>
                Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: disconnect from
                localhost[127.0.0.1]
                Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 7C75B12E00A4:
                from=<info@...>, size=900, nrcpt=1 (queue active)
                Sep 9 22:38:57 nudin1 amavis[792]: (00792-04) Passed CLEAN,
                [148.172.15.55] <info@...> -> <privateuser@...>, Message-ID:
                <522E863A.1000200@...>, mail_id: E1oH7KsZ3znA, Hits: -0.002,
                size: 474, queued_as: 7C75B12E00A4, 1713 ms
                Sep 9 22:38:57 nudin1 postfix/smtp[8654]: 2723F12E00A3:
                to=<privateuser@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.9,
                delays=1.2/0/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 from
                MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C75B12E00A4)
                Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 2723F12E00A3: removed

                What could that be?

                Thank you,
                Chris
              • Noel Jones
                ... The above message says the server at 202.107.110.18 refused to relay the message, but gives no indication of why. Some context would help. Why are you
                Message 7 of 12 , Sep 10, 2013
                • 0 Attachment
                  On 9/9/2013 9:46 PM, Chris wrote:
                  > Hello,
                  >
                  > if I send from a public mail service like gmail etc. to my server, I
                  > get the email.
                  > Then I reply to this one and I this message will never arrive.
                  > Sometimes I get an error mail like:
                  >
                  > <vip4@...>: host service.com[202.107.110.18] said: 554 5.7.1
                  > <vip4@...>: Relay access denied (in reply to RCPT TO command)

                  The above message says the server at 202.107.110.18 refused to relay
                  the message, but gives no indication of why. Some context would
                  help. Why are you sending mail to this server?


                  >
                  > In the syslog when sending an email to a public mail service I find
                  > this one:
                  >
                  > Sep 9 22:38:53 nudin1 postfix/smtpd[8648]: connect from
                  > unknown[148.172.15.55]
                  > Sep 9 22:38:55 nudin1 postfix/smtpd[8648]: 2723F12E00A3:
                  > client=unknown[148.172.15.55], sasl_method=PLAIN,
                  > sasl_username=info@...
                  > Sep 9 22:38:55 nudin1 postfix/cleanup[7756]: 2723F12E00A3:
                  > message-id=<522E863A.1000200@...>
                  > Sep 9 22:38:55 nudin1 postfix/qmgr[1344]: 2723F12E00A3:
                  > from=<info@...>, size=474, nrcpt=1 (queue active)
                  > Sep 9 22:38:56 nudin1 postfix/smtpd[8648]: disconnect from
                  > unknown[148.172.15.55]
                  > Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: connect from
                  > localhost[127.0.0.1]
                  > Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: 7C75B12E00A4:
                  > client=localhost[127.0.0.1]
                  > Sep 9 22:38:57 nudin1 postfix/cleanup[7756]: 7C75B12E00A4:
                  > message-id=<522E863A.1000200@...>
                  > Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: disconnect from
                  > localhost[127.0.0.1]
                  > Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 7C75B12E00A4:
                  > from=<info@...>, size=900, nrcpt=1 (queue active)
                  > Sep 9 22:38:57 nudin1 amavis[792]: (00792-04) Passed CLEAN,
                  > [148.172.15.55] <info@...> -> <privateuser@...>,
                  > Message-ID: <522E863A.1000200@...>, mail_id: E1oH7KsZ3znA,
                  > Hits: -0.002, size: 474, queued_as: 7C75B12E00A4, 1713 ms
                  > Sep 9 22:38:57 nudin1 postfix/smtp[8654]: 2723F12E00A3:
                  > to=<privateuser@...>, relay=127.0.0.1[127.0.0.1]:10024,
                  > delay=2.9, delays=1.2/0/0/1.7, dsn=2.0.0, status=sent (250 2.0.0
                  > from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C75B12E00A4)
                  > Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 2723F12E00A3: removed

                  This appears to be a perfectly normal sequence of postfix receiving
                  mail from a SASL authenticated client, then postfix filtering the
                  mail through amavisd-new. Is there something here you're not expecting?


                  >
                  > What could that be?

                  If you need more help, please see:
                  http://www.postfix.org/DEBUG_README.html#mail




                  -- Noel Jones
                • Chris
                  Hello, I checked it now again. domain1 is on my server (vps, postfix + dovecot). I can send and receive from user@domain1.com to user2@domain1.com - no problem
                  Message 8 of 12 , Sep 12, 2013
                  • 0 Attachment
                    Hello,

                    I checked it now again.

                    domain1 is on my server (vps, postfix + dovecot).
                    I can send and receive from user@... to user2@... - no
                    problem at all.

                    Now I tried to send from user@... to a public freemailer (the
                    one I'm using here):

                    Sep 12 04:57:02 nudin1 postfix/smtpd[29097]: CD5F712E00AC:
                    client=unknown[123.88.179.125], sasl_method=PLAIN,
                    sasl_username=info@...
                    Sep 12 04:57:03 nudin1 postfix/cleanup[28418]: CD5F712E00AC:
                    message-id=<523181D6.8030604@...>
                    Sep 12 04:57:04 nudin1 postfix/qmgr[1297]: CD5F712E00AC:
                    from=<info@...>, size=304, nrcpt=1 (queue active)
                    Sep 12 04:57:04 nudin1 postfix/smtpd[29097]: disconnect from
                    unknown[123.88.179.125]
                    Sep 12 04:57:06 nudin1 postfix/smtpd[29109]: connect from
                    localhost[127.0.0.1]
                    Sep 12 04:57:06 nudin1 postfix/smtpd[29109]: D57D812E00AF:
                    client=localhost[127.0.0.1]
                    Sep 12 04:57:06 nudin1 postfix/cleanup[28418]: D57D812E00AF:
                    message-id=<523181D6.8030604@...>
                    Sep 12 04:57:06 nudin1 postfix/qmgr[1297]: D57D812E00AF:
                    from=<info@...>, size=726, nrcpt=1 (queue active)
                    Sep 12 04:57:06 nudin1 postfix/smtpd[29109]: disconnect from
                    localhost[127.0.0.1]
                    Sep 12 04:57:06 nudin1 amavis[732]: (00732-14) Passed CLEAN,
                    [123.88.179.125] <info@...> -> <spamonme@...>, Message-ID:
                    <523181D6.8030604@...>, mail_id: inH6RjFFgZyS, Hits: -0.001,
                    size: 304, queued_as: D57D812E00AF, 2728 ms
                    Sep 12 04:57:06 nudin1 postfix/smtp[29106]: CD5F712E00AC:
                    to=<spamonme@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.6,
                    delays=1.9/0.01/0/2.7, dsn=2.0.0, status=sent (250 2.0.0 from
                    MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D57D812E00AF)
                    Sep 12 04:57:06 nudin1 postfix/qmgr[1297]: CD5F712E00AC: removed
                    Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to
                    freenet.de[62.104.23.42]:25: Connection refused
                    Sep 12 04:57:06 nudin1 postfix/smtp[29110]: D57D812E00AF:
                    to=<spamonme@...>, relay=none, delay=0.08,
                    delays=0.01/0.01/0.06/0, dsn=4.4.1, status=deferred (connect to
                    freenet.de[62.104.23.42]:25: Connection refused)

                    But I can't look into the log file from freenet.de - it just seems as if
                    the server is refusing me for a reason .. I don't know?

                    So how can I find out why my server gets refused from some servers (but
                    not from itself)?

                    Thanks,
                    Chris



                    Am 10.09.2013 19:16, schrieb Noel Jones:
                    > On 9/9/2013 9:46 PM, Chris wrote:
                    >> Hello,
                    >>
                    >> if I send from a public mail service like gmail etc. to my server, I
                    >> get the email.
                    >> Then I reply to this one and I this message will never arrive.
                    >> Sometimes I get an error mail like:
                    >>
                    >> <vip4@...>: host service.com[202.107.110.18] said: 554 5.7.1
                    >> <vip4@...>: Relay access denied (in reply to RCPT TO command)
                    >
                    > The above message says the server at 202.107.110.18 refused to relay
                    > the message, but gives no indication of why. Some context would
                    > help. Why are you sending mail to this server?
                    >
                    >
                    >>
                    >> In the syslog when sending an email to a public mail service I find
                    >> this one:
                    >>
                    >> Sep 9 22:38:53 nudin1 postfix/smtpd[8648]: connect from
                    >> unknown[148.172.15.55]
                    >> Sep 9 22:38:55 nudin1 postfix/smtpd[8648]: 2723F12E00A3:
                    >> client=unknown[148.172.15.55], sasl_method=PLAIN,
                    >> sasl_username=info@...
                    >> Sep 9 22:38:55 nudin1 postfix/cleanup[7756]: 2723F12E00A3:
                    >> message-id=<522E863A.1000200@...>
                    >> Sep 9 22:38:55 nudin1 postfix/qmgr[1344]: 2723F12E00A3:
                    >> from=<info@...>, size=474, nrcpt=1 (queue active)
                    >> Sep 9 22:38:56 nudin1 postfix/smtpd[8648]: disconnect from
                    >> unknown[148.172.15.55]
                    >> Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: connect from
                    >> localhost[127.0.0.1]
                    >> Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: 7C75B12E00A4:
                    >> client=localhost[127.0.0.1]
                    >> Sep 9 22:38:57 nudin1 postfix/cleanup[7756]: 7C75B12E00A4:
                    >> message-id=<522E863A.1000200@...>
                    >> Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: disconnect from
                    >> localhost[127.0.0.1]
                    >> Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 7C75B12E00A4:
                    >> from=<info@...>, size=900, nrcpt=1 (queue active)
                    >> Sep 9 22:38:57 nudin1 amavis[792]: (00792-04) Passed CLEAN,
                    >> [148.172.15.55] <info@...> -> <privateuser@...>,
                    >> Message-ID: <522E863A.1000200@...>, mail_id: E1oH7KsZ3znA,
                    >> Hits: -0.002, size: 474, queued_as: 7C75B12E00A4, 1713 ms
                    >> Sep 9 22:38:57 nudin1 postfix/smtp[8654]: 2723F12E00A3:
                    >> to=<privateuser@...>, relay=127.0.0.1[127.0.0.1]:10024,
                    >> delay=2.9, delays=1.2/0/0/1.7, dsn=2.0.0, status=sent (250 2.0.0
                    >> from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C75B12E00A4)
                    >> Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 2723F12E00A3: removed
                    >
                    > This appears to be a perfectly normal sequence of postfix receiving
                    > mail from a SASL authenticated client, then postfix filtering the
                    > mail through amavisd-new. Is there something here you're not expecting?
                    >
                    >
                    >>
                    >> What could that be?
                    >
                    > If you need more help, please see:
                    > http://www.postfix.org/DEBUG_README.html#mail
                    >
                    >
                    >
                    >
                    > -- Noel Jones
                    >
                    >
                  • Noel Jones
                    ... connection refused is a network problem, probably a firewall block. Perhaps your ISP doesn t allow you to run a mail server? -- Noel Jones
                    Message 9 of 12 , Sep 12, 2013
                    • 0 Attachment
                      On 9/12/2013 4:18 AM, Chris wrote:
                      > Hello,
                      >
                      > I checked it now again.
                      >
                      > domain1 is on my server (vps, postfix + dovecot).
                      > I can send and receive from user@... to user2@... -
                      > no problem at all.
                      >
                      > Now I tried to send from user@... to a public freemailer
                      > (the one I'm using here):
                      >
                      > Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to
                      > freenet.de[62.104.23.42]:25: Connection refused

                      connection refused is a network problem, probably a firewall block.
                      Perhaps your ISP doesn't allow you to run a mail server?


                      -- Noel Jones


                      > Sep 12 04:57:06 nudin1 postfix/smtp[29110]: D57D812E00AF:
                      > to=<spamonme@...>, relay=none, delay=0.08,
                      > delays=0.01/0.01/0.06/0, dsn=4.4.1, status=deferred (connect to
                      > freenet.de[62.104.23.42]:25: Connection refused)
                      >
                      > But I can't look into the log file from freenet.de - it just seems
                      > as if the server is refusing me for a reason .. I don't know?
                      >
                      > So how can I find out why my server gets refused from some servers
                      > (but not from itself)?
                      >
                      > Thanks,
                      > Chris
                      >
                      >
                      >
                      > Am 10.09.2013 19:16, schrieb Noel Jones:
                      >> On 9/9/2013 9:46 PM, Chris wrote:
                      >>> Hello,
                      >>>
                      >>> if I send from a public mail service like gmail etc. to my server, I
                      >>> get the email.
                      >>> Then I reply to this one and I this message will never arrive.
                      >>> Sometimes I get an error mail like:
                      >>>
                      >>> <vip4@...>: host service.com[202.107.110.18] said: 554 5.7.1
                      >>> <vip4@...>: Relay access denied (in reply to RCPT TO
                      >>> command)
                      >>
                      >> The above message says the server at 202.107.110.18 refused to relay
                      >> the message, but gives no indication of why. Some context would
                      >> help. Why are you sending mail to this server?
                      >>
                      >>
                      >>>
                      >>> In the syslog when sending an email to a public mail service I find
                      >>> this one:
                      >>>
                      >>> Sep 9 22:38:53 nudin1 postfix/smtpd[8648]: connect from
                      >>> unknown[148.172.15.55]
                      >>> Sep 9 22:38:55 nudin1 postfix/smtpd[8648]: 2723F12E00A3:
                      >>> client=unknown[148.172.15.55], sasl_method=PLAIN,
                      >>> sasl_username=info@...
                      >>> Sep 9 22:38:55 nudin1 postfix/cleanup[7756]: 2723F12E00A3:
                      >>> message-id=<522E863A.1000200@...>
                      >>> Sep 9 22:38:55 nudin1 postfix/qmgr[1344]: 2723F12E00A3:
                      >>> from=<info@...>, size=474, nrcpt=1 (queue active)
                      >>> Sep 9 22:38:56 nudin1 postfix/smtpd[8648]: disconnect from
                      >>> unknown[148.172.15.55]
                      >>> Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: connect from
                      >>> localhost[127.0.0.1]
                      >>> Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: 7C75B12E00A4:
                      >>> client=localhost[127.0.0.1]
                      >>> Sep 9 22:38:57 nudin1 postfix/cleanup[7756]: 7C75B12E00A4:
                      >>> message-id=<522E863A.1000200@...>
                      >>> Sep 9 22:38:57 nudin1 postfix/smtpd[8658]: disconnect from
                      >>> localhost[127.0.0.1]
                      >>> Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 7C75B12E00A4:
                      >>> from=<info@...>, size=900, nrcpt=1 (queue active)
                      >>> Sep 9 22:38:57 nudin1 amavis[792]: (00792-04) Passed CLEAN,
                      >>> [148.172.15.55] <info@...> -> <privateuser@...>,
                      >>> Message-ID: <522E863A.1000200@...>, mail_id: E1oH7KsZ3znA,
                      >>> Hits: -0.002, size: 474, queued_as: 7C75B12E00A4, 1713 ms
                      >>> Sep 9 22:38:57 nudin1 postfix/smtp[8654]: 2723F12E00A3:
                      >>> to=<privateuser@...>, relay=127.0.0.1[127.0.0.1]:10024,
                      >>> delay=2.9, delays=1.2/0/0/1.7, dsn=2.0.0, status=sent (250 2.0.0
                      >>> from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C75B12E00A4)
                      >>> Sep 9 22:38:57 nudin1 postfix/qmgr[1344]: 2723F12E00A3: removed
                      >>
                      >> This appears to be a perfectly normal sequence of postfix receiving
                      >> mail from a SASL authenticated client, then postfix filtering the
                      >> mail through amavisd-new. Is there something here you're not
                      >> expecting?
                      >>
                      >>
                      >>>
                      >>> What could that be?
                      >>
                      >> If you need more help, please see:
                      >> http://www.postfix.org/DEBUG_README.html#mail
                      >>
                      >>
                      >>
                      >>
                      >> -- Noel Jones
                      >>
                      >>
                    • Jan P. Kessler
                      ... Something is wrong with your DNS resolution. freenet.de[62.104.23.42] is not the correct MX for @freenet.de: # host -t mx freenet.de freenet.de mail is
                      Message 10 of 12 , Sep 12, 2013
                      • 0 Attachment
                        > > Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to
                        > > freenet.de[62.104.23.42]:25: Connection refused
                        >
                        > connection refused is a network problem, probably a firewall block.
                        > Perhaps your ISP doesn't allow you to run a mail server?

                        Something is wrong with your DNS resolution. freenet.de[62.104.23.42] is
                        not the correct MX for @...:

                        # host -t mx freenet.de
                        freenet.de mail is handled by 1 mx.freenet.de.

                        # host mx.freenet.de
                        mx.freenet.de has address 195.4.92.211
                        mx.freenet.de has address 195.4.92.9
                        mx.freenet.de has IPv6 address 2001:748:100:40::8:111
                        mx.freenet.de has IPv6 address 2001:748:100:40::8:110
                      • Wietse Venema
                        ... Well spotted. Apparently he uses A lookup instead of MX lookup. This is a definite no-no for email. % dig a freenet.de ... freenet.de. 300
                        Message 11 of 12 , Sep 12, 2013
                        • 0 Attachment
                          Jan P. Kessler:
                          > > > Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to
                          > > > freenet.de[62.104.23.42]:25: Connection refused
                          > >
                          > > connection refused is a network problem, probably a firewall block.
                          > > Perhaps your ISP doesn't allow you to run a mail server?
                          >
                          > Something is wrong with your DNS resolution. freenet.de[62.104.23.42] is
                          > not the correct MX for @...:

                          Well spotted. Apparently he uses A lookup instead of MX lookup.
                          This is a definite no-no for email.

                          % dig a freenet.de
                          ...
                          freenet.de. 300 IN A 62.104.23.42

                          Wietse
                        • Chris
                          Hello Jan, Wietse, thank you very much - so it s not about Postfix but about my DNS setup. I ll change that in my zone settings. Hope it works after this. :)
                          Message 12 of 12 , Sep 12, 2013
                          • 0 Attachment
                            Hello Jan, Wietse,

                            thank you very much - so it's not about Postfix but about my DNS setup.

                            I'll change that in my zone settings.

                            Hope it works after this. :)

                            Bye, Chris


                            Am 13.09.2013 01:16, schrieb Jan P. Kessler:
                            >
                            >>> Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to
                            >>> freenet.de[62.104.23.42]:25: Connection refused
                            >>
                            >> connection refused is a network problem, probably a firewall block.
                            >> Perhaps your ISP doesn't allow you to run a mail server?
                            >
                            > Something is wrong with your DNS resolution. freenet.de[62.104.23.42] is
                            > not the correct MX for @...:
                            >
                            > # host -t mx freenet.de
                            > freenet.de mail is handled by 1 mx.freenet.de.
                            >
                            > # host mx.freenet.de
                            > mx.freenet.de has address 195.4.92.211
                            > mx.freenet.de has address 195.4.92.9
                            > mx.freenet.de has IPv6 address 2001:748:100:40::8:111
                            > mx.freenet.de has IPv6 address 2001:748:100:40::8:110
                            >
                            >
                            >
                          Your message has been successfully submitted and would be delivered to recipients shortly.