Re: match_list_match: host in my subnet: no match

Sat, 05 Sep 2009 23:21:27 -0700 

On Sunday 06 September 2009 00:45:42 Paul Beard wrote:
> Not sure if a version of something changed and a feature was
> removed but now postfix tells me this:
>
> Sep  5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match:
> erewhon.example.org: no match
> Sep  5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match:
> 192.168.2.9: no match
> Sep  5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match:
> erewhon.example.org: no match
> Sep  5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match:
> 192.168.2.9: no match
>
> which I don't understand.

I don't understand either, because you're using verbose logging
unnecessarily, and have omitted the crucial (non-verbose) bits. Try
giving us the complete, non-verbose logs for a mail that illustrates
the problem you're seeing.

> If I have permitted 192.168.2.0/24 and that system is on that
> network (it's a wireless AP running as a gateway) why is it
> unmatched? 

> --main.cf non-default parameters--

> maps_rbl_domains = blackholes.mail-abuse.org

This setting was deprecated long ago, and seems to be irrelevant to
what you're doing, anyway.

> mynetworks = 192.168.2.0/24, 127.0.0.0/8

> smtpd_client_restrictions = permit_mynetworks, reject

If client is in mynetworks, permit, otherwise reject.

> smtpd_helo_restrictions = permit_mynetworks, check_helo_access
> hash:/usr/local/etc/postfix/helo_access, reject_non_fqdn_hostname,
> reject_invalid_hostname, reject_unknown_helo_hostname, permit

All this looks pointless given the above.

> smtpd_recipient_restrictions = permit_sasl_authenticated, reject

If client authenticated, permit, otherwise reject.

Combining what you have in those two stages, it appears that your
clients MUST authenticate and MUST be in mynetworks, or else they are
rejected. Is that what you wanted?

> smtpd_sasl_exceptions_networks = 192.168.2.0/24, 127.0.0.0/8

postconf.5.html#smtpd_sasl_exceptions_networks
    "What remote SMTP clients the Postfix SMTP server will not offer
     AUTH support to."

Thus, clients in mynetworks cannot AUTH. Must AUTH plus cannot AUTH
means no mail is accepted, at all.

> smtpd_sender_restrictions = permit_sasl_authenticated,
> permit_mynetworks 

Does nothing.

See http://www.postfix.org/SMTPD_ACCESS_README.html for an overview
of access(5) features.
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

Reply via email to