We are currently having problems where mail Andrew sends to luv-main gets
blocked by localhost.
# postconf -d|grep mynet
mynetworks = 127.0.0.0/8 10.10.10.0/24 [::1]/128 [2a01:4f8:140:71f5::]/64
[fe80::]/64
Below are the relevant log entries. It seems that ::1 is not being accepted
as an exclusion for spam checks, from the above you can see that ::1 is in
mynetworks and from the attached main.cf you can see that permit_mynetworks is
before other checks. Any ideas as to what the problem might be and why it
only seems to affect Andrew's mail?
To clarify, what happens is that outbound mail from the list server is sent to
localhost and the Postfix instance on localhost is rejecting it.
>From the attached master.cf you can see that localhost is excluded from
SpamAssassin and ClamAV checks.
Jun 18 16:21:47 itmustbe postfix/cleanup[23587]: CADE6B0AD: reject: header
From: achalmers--- via luv-main <[email protected]> from localhost[::1];
from=<[email protected]> to=<[email protected]> proto=ESMTP
helo=<itmustbe.luv.asn.au>: 5.7.1 550 Message rejected Mail from a likely spam
domain 10002
Jun 18 16:21:47 itmustbe postfix/cleanup[23587]: CD54CB0AD: reject: header
From: achalmers--- via luv-main <[email protected]> from localhost[::1];
from=<[email protected]> to=<[email protected]> proto=ESMTP
helo=<itmustbe.luv.asn.au>: 5.7.1 550 Message rejected Mail from a likely spam
domain 10002
Jun 18 16:21:48 itmustbe postfix/cleanup[23587]: D96C3B0AD: reject: header
From: achalmers--- via luv-main <[email protected]> from localhost[::1];
from=<[email protected]> to=<[email protected]> proto=ESMTP
helo=<itmustbe.luv.asn.au>: 5.7.1 550 Message rejected Mail from a likely spam
domain 10002
Jun 18 16:21:48 itmustbe postfix/cleanup[23587]: 26916B0AD: reject: header
From: achalmers--- via luv-main <[email protected]> from localhost[::1];
from=<[email protected]> to=<[email protected]> proto=ESMTP
helo=<itmustbe.luv.asn.au>: 5.7.1 550 Message rejected Mail from a likely spam
domain 10002
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/www.luv.asn.au/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/www.luv.asn.au/privkey.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/www.luv.asn.au/chain.pem
smtpd_tls_mandatory_protocols = TLSv1
smtpd_use_tls=yes
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = luv.asn.au
alias_maps = hash:/etc/aliases,hash:/etc/aliases.mailman
alias_database = hash:/etc/aliases,hash:/etc/aliases.mailman
myorigin = /etc/mailname
mydestination = itmustbe.luv.asn.au, lists.luv.asn.au, tainted.luv.asn.au,
luv.asn.au, localhost
mydomain = luv.asn.au
relayhost =
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# We need this so we can just send all @lists email to mailman.
#relay_domains = luv.asn.au, lists.luv.asn.au, lists.wikimedia.org.au
relay_domains = luv.asn.au, lists.luv.asn.au
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_pipelining, reject_unknown_client, permit
smtpd_restriction_classes = greylist
greylist = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_policy_service unix:private/spfcheck, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_pipelining,
reject_unknown_client, check_recipient_access hash:/etc/postfix/greylist_optin,
permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname,
permit
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
header_checks = regexp:/etc/postfix/regex/header_checks
body_checks = regexp:/etc/postfix/regex/body_checks
mime_header_checks = regexp:/etc/postfix/regex/mime_checks
access_map_reject_code = 554
invalid_hostname_reject_code = 554
maps_rbl_reject_code = 554
reject_code = 550
relay_domains_reject_code = 550
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 554
unverified_recipient_reject_code = 451
unverified_sender_reject_code = 451
non_fqdn_reject_code = 554
unknown_local_recipient_reject_code = 550
disable_dns_lookups = no
home_mailbox = Maildir/
smtpd_milters = unix:/run/opendkim/opendkim.sock,
unix:/var/spool/postfix/spamass/spamass.sock,
unix:/var/run/clamav/clamav-milter.ctl
non_smtpd_milters = unix:/run/opendkim/opendkim.sock
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_policy_service unix:private/spfcheck, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_pipelining,
reject_unknown_client, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_authenticated_header = yes
compatibility_level = 2
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
# modified to disable chroot
10.10.10.9:smtp inet n - n - - smtpd
[2a01:4f8:140:71f5::9]:smtp inet n - n - -
smtpd
127.0.0.1:smtp inet n - n - - smtpd -o
smtpd_milters=unix:/run/opendkim/opendkim.sock
[::1]:smtp inet n - n - - smtpd -o
smtpd_milters=unix:/run/opendkim/opendkim.sock
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
# modified to disable chroot
pickup fifo n - n 60 1 pickup
# modified to disable chroot
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
# modified to disable chroot
tlsmgr unix - - n 1000? 1 tlsmgr
# modified to disable chroot
rewrite unix - - n - - trivial-rewrite
# modified to disable chroot
bounce unix - - n - 0 bounce
# modified to disable chroot
defer unix - - n - 0 bounce
# modified to disable chroot
trace unix - - n - 0 bounce
# modified to disable chroot
verify unix - - n - 1 verify
# modified to disable chroot
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
# modified to disable chroot
smtp unix - - n - - smtp
# modified to disable chroot
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
# modified to disable chroot
showq unix n - n - - showq
# modified to disable chroot
error unix - - n - - error
# modified to disable chroot
retry unix - - n - - error
# modified to disable chroot
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
# modified to disable chroot
lmtp unix - - n - - lmtp
# modified to disable chroot
anvil unix - - n - 1 anvil
# modified to disable chroot
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
spfcheck unix - n n - 0 spawn
user=postfix-policy argv=/usr/sbin/postfix-policyd-spf-perl
_______________________________________________
luv-main mailing list
[email protected]
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
