On 5/28/24 8:00 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...]
Sending of the message failed.
An error occurred while sending mail. The mail server responded:
<jh...@noach.com>: Sender address rejected: Email blocked by
security policy.
Please check the message recipient "postfix-users@postfix.org" and
try again.
What does the log say about that attempt?
I believe that specific text indicates a problem in
smtpd_sender_restrictions.
May 28 19:02:04 proteus.noach.com opendmarc[504352]: ignoring
connection from gibson.noach.com
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
discarding EHLO keywords: CHUNKING
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
Anonymous TLS connection established from
gibson.noach.com[192.168.200.253]: TLSv1.3 with cipher TLS_AES_128_GC
M_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS
(2048 bits) server-digest SHA256
May 28 19:02:04 proteus.noach.com postfix/submission/smtpd[504893]:
discarding EHLO keywords: CHUNKING
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
NOQUEUE: reject: RCPT from gibson.noach.com[192.168.200.253]: 554
5.7.1 <jh...@noach.com>: Sender address rejec
ted: Email blocked by security policy; from=<jh...@noach.com>
to=<postfix-users@postfix.org> proto=ESMTP helo=<[192.168.200.253]>
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
too many errors after RCPT from gibson.noach.com[192.168.200.253]
May 28 19:02:09 proteus.noach.com postfix/submission/smtpd[504893]:
disconnect from gibson.noach.com[192.168.200.253] ehlo=2 starttls=1
auth=1 mail=1 rcpt=0/1 commands=5/6
It's not something in smtpd_sender_restrictions, but this is as the
log says, a *Sender* stage failure. I don't see an XBL hit (which
makes sense, given the private client address) or anything indicating
a failure at the EHLO or client phases. I see from earlier in the
thread that you have smtpd_sender_login_maps set and "Email blocked by
security policy" seems like something you might get from that lookup
failing. The session summary shows that you did authenticate but I see
no indication of what your SASL login was. I suspect that if you
perform a query on your database for the sender 'jh...@noach.com' it
will not return whatever login you authenticated as.
I also thought for a moment that the problem was due to having
'permit_my_networks' before 'permit_sasl_authenticated' in 2
restriction lists and you hence never needing to authenticate, but the
session summary says otherwise. Note that if all of your submission
clients use authentication, permit_my_networks is unnecessary.
I do not have a solution handy for you, but you have at least gotten
beyond the XBL issue. It seems possible that you only need to
harmonize the login used for authentication in Thunderbird with that
in your sender login map database.
Yes close, I'll figure it out, trial and error!
Thanks
--john
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
