Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john, > amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank '' > It is postfix that connects to amavis from source IP > x.x.x.43. > I've obviously googled the error and found pretty much > nothing that applies to me, except for one thread > where someone disabled smtp_bind_address to solve this. > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 > [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 > 192.168.0.0/16 x.x.x.40/29 ); You need to allow amavisd to accept connections from x.x.x.40/29: @inet_acl = qw( 127.0.0.1 [::1] x.x.x.40/29 ); and you need amavisd to bind to all interfaces (instead of a defaults which binds to a loopback interface only): $inet_socket_bind = undef; # binds to all IP interfaces if undef > Connecting using telnet on localhost works fine. > > # telnet localhost 10024 > Trying 127.0.0.1... Your telnet connected to a loopback interface, while your Postfix connects to an ethernet interface. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john bender wrote: > Thanks mouss, I'll try that. > > Regarding the other notes, the smtp/lmtp are there > because I was following the amavis install guide. but you only need one. and if you configure both, chose different names. > Regarding the mynetworks, etc, that's all from me > trying different things trying to resolve this error. > beware the "shake it and you'll get juice" approach. always remember what you change. this way, you can cancel the changes if they don't help. good luck. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
Thanks mouss, I'll try that. Regarding the other notes, the smtp/lmtp are there because I was following the amavis install guide. Regarding the mynetworks, etc, that's all from me trying different things trying to resolve this error. Thanks again. --- mouss <[EMAIL PROTECTED]> wrote: > john bender wrote: > > Hi there! > > > > I'm running Qmail, and on the same system I run > > postfix as a "smart host" or spam "firewall". > > > > Qmail listens on x.x.x.42 and postfix listens on > > x.x.x.43 > > > >>From what I read, this setup might be causing the > > error in question. My question is: would anyone > know > > specifically why this is happening and what I can > do > > to add amavis to this set up? > > > > It is postfix that connects to amavis from source > IP > > x.x.x.43. > > > > I've obviously googled the error and found pretty > much > > nothing that applies to me, except for one thread > > where someone disabled smtp_bind_address to solve > > this: > > > > > http://www.howtoforge.com/forums/archive/index.php/t-1217.html > > > > I can't do that in my set up. > > > > > > main.cf: > > === > > inet_interfaces = x.x.x.43 > > remove this and try again. > > if you want postfix to listen on a given IP, use > master.cf instead: replace > > smtp smtpd > > with > > x.x.x.45:25 smtp > > > > > mynetworks = x.x.x.40/29, 192.168.0.0/16, > 10.0.0.0/8, > > 127.0.0.0/8 > > content_filter=amavisfeed:[127.0.0.1]:10024 > > this is a bit convoluted. you set inet_interfaces to > x.x.x.43 but you > want postfix to talk to 127.0.0.1. while it will, > this is not very logical. > > > > > master.cf: > > > > amavisfeed unix- -n - 2 lmtp > > -o lmtp_data_done_timeout=1200 > > -o lmtp_send_xforward_command=yes > > -o disable_dns_lookups=yes > > -o max_use=20 > > > > amavisfeed unix- -n-2 smtp > > -o smtp_data_done_timeout=1200 > > -o smtp_send_xforward_command=yes > > -o disable_dns_lookups=yes > > -o max_use=20 > > > > you need to make your mind: use lmtp or smtp? use > different names for > different transports. > > > > > 127.0.0.1:10025 inet n-n-- smtpd > > -o content_filter= > > -o smtpd_delay_reject=no > > -o > > smtpd_client_restrictions=permit_mynetworks,reject > > -o smtpd_helo_restrictions= > > -o smtpd_sender_restrictions= > > -o > > > smtpd_recipient_restrictions=permit_mynetworks,reject > > -o > > smtpd_data_restrictions=reject_unauth_pipelining > > -o smtpd_end_of_data_restrictions= > > -o smtpd_restriction_classes= > > -o mynetworks=127.0.0.0/8 > > -o smtpd_error_sleep_time=0 > > -o smtpd_soft_error_limit=1001 > > -o smtpd_hard_error_limit=1000 > > -o smtpd_client_connection_count_limit=0 > > -o smtpd_client_connection_rate_limit=0 > > -o > > > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > > -o local_header_rewrite_clients= > > > > amavis.conf: > > === > > @local_domains_maps = ( [".$mydomain"] ); # list > of > > all local domains > > > > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 > > [FEC0::]/10 > > 10.0.0.0/8 172.16.0.0/12 > > 192.168.0.0/16 x.x.x.40/29 ); > > > > > > Connecting using telnet on localhost works fine. > > > > # telnet localhost 10024 > > This will use 127.0.0.1 as the source IP. This isn't > the same as what > you're asking postfix to do: you're asking postfix > to use x.x.x.43 as a > source IP but connect to 127.0.0.1. you'll need more > than telnet to test > this (you need a client that binds before it > connects). > > > > > Trying 127.0.0.1... > > Connected to localhost.localdomain (127.0.0.1). > > Escape character is '^]'. > > 220 [127.0.0.1] ESMTP amavisd-new service ready > > mail from:<[EMAIL PROTECTED]> > > 250 2.1.0 Sender <[EMAIL PROTECTED]> OK > > rcpt to:<[EMAIL PROTECTED]> > > 250 2.1.5 Recipient <[EMAIL PROTECTED]> OK > > data > > 354 End data with . > > Subject: asdads > > > > asd > > .. > > 250 2.0.0 Ok: queued as 77015A40013 > > > > Thanks for reading all this :P > > > > > > > > > Never miss a thing. Make Yahoo your home page. > > http://www.yahoo.com/r/hs > > > > > > > - > > SF.Net email is sponsored by: > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services > > for just about anything Open Source. > > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > > ___ > > AMaViS-user mailing list > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/amavis-user > > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > > AMaViS-HowTos:http://www.amavis.org/howto/ > > > > > > > -
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john bender wrote: > Hi there! > > I'm running Qmail, and on the same system I run > postfix as a "smart host" or spam "firewall". > > Qmail listens on x.x.x.42 and postfix listens on > x.x.x.43 > >>From what I read, this setup might be causing the > error in question. My question is: would anyone know > specifically why this is happening and what I can do > to add amavis to this set up? > > It is postfix that connects to amavis from source IP > x.x.x.43. > > I've obviously googled the error and found pretty much > nothing that applies to me, except for one thread > where someone disabled smtp_bind_address to solve > this: > > http://www.howtoforge.com/forums/archive/index.php/t-1217.html > > I can't do that in my set up. > > > main.cf: > === > inet_interfaces = x.x.x.43 remove this and try again. if you want postfix to listen on a given IP, use master.cf instead: replace smtp smtpd with x.x.x.45:25 smtp > mynetworks = x.x.x.40/29, 192.168.0.0/16, 10.0.0.0/8, > 127.0.0.0/8 > content_filter=amavisfeed:[127.0.0.1]:10024 this is a bit convoluted. you set inet_interfaces to x.x.x.43 but you want postfix to talk to 127.0.0.1. while it will, this is not very logical. > > master.cf: > > amavisfeed unix- -n - 2 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > > amavisfeed unix- -n-2 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > you need to make your mind: use lmtp or smtp? use different names for different transports. > > 127.0.0.1:10025 inet n-n-- smtpd > -o content_filter= > -o smtpd_delay_reject=no > -o > smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o > smtpd_recipient_restrictions=permit_mynetworks,reject > -o > smtpd_data_restrictions=reject_unauth_pipelining > -o smtpd_end_of_data_restrictions= > -o smtpd_restriction_classes= > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > -o local_header_rewrite_clients= > > amavis.conf: > === > @local_domains_maps = ( [".$mydomain"] ); # list of > all local domains > > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 > [FEC0::]/10 > 10.0.0.0/8 172.16.0.0/12 > 192.168.0.0/16 x.x.x.40/29 ); > > > Connecting using telnet on localhost works fine. > > # telnet localhost 10024 This will use 127.0.0.1 as the source IP. This isn't the same as what you're asking postfix to do: you're asking postfix to use x.x.x.43 as a source IP but connect to 127.0.0.1. you'll need more than telnet to test this (you need a client that binds before it connects). > Trying 127.0.0.1... > Connected to localhost.localdomain (127.0.0.1). > Escape character is '^]'. > 220 [127.0.0.1] ESMTP amavisd-new service ready > mail from:<[EMAIL PROTECTED]> > 250 2.1.0 Sender <[EMAIL PROTECTED]> OK > rcpt to:<[EMAIL PROTECTED]> > 250 2.1.5 Recipient <[EMAIL PROTECTED]> OK > data > 354 End data with . > Subject: asdads > > asd > .. > 250 2.0.0 Ok: queued as 77015A40013 > > Thanks for reading all this :P > > > > > Never miss a thing. Make Yahoo your home page. > http://www.yahoo.com/r/hs > > > - > SF.Net email is sponsored by: > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services > for just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ___ > AMaViS-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ > > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
