On 5/18/2011 2:57 PM, Noel Jones wrote:
On 5/18/2011 3:39 PM, Shawn Heisey wrote:
I am having a problem that IMHO should be solved by the
following in main.cf. I am using version 2.7.1 in Debian squeeze:
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce
This says to me that if the host is listed in mynetworks, it
should stop looking at the rest of the restrictions. This
doesn't happen. The log complains about improper command
pipelining, and the SMTP conversation sends a 503. I have done
some testing, and have learned that
reject_multi_recipient_bounce *IS* ignored if the source
matches mynetworks, and takes effect if the source is not
listed there.
Show "postconf -n" (all of it, not just snips) and logging
demonstrating the problem.
Here it is. I sanitized the actual hostname and public IP addresses.
This serves as a mail relay for our internal mail system, no mail is
handled locally.
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 524288000
message_size_limit = 52428800
myhostname = server.example.com
mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128, 10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16, 1.2.3.4/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = hash:/etc/postfix/local_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 60
smtpd_client_restrictions = permit_mynetworks, check_client_access
regexp:/etc/postfix/client_regexp, check_client_access
cidr:/etc/postfix/client_access, reject_unknown_client_hostname
smtpd_data_restrictions = permit_mynetworks,
reject_unauth_pipelining, reject_multi_recipient_bounce
smtpd_delay_reject = yes
smtpd_error_sleep_time = 15
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, sleep 2,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_non_fqdn_recipient, reject_unauth_destination,
reject_unknown_recipient_domain, reject_unlisted_recipient,
check_client_access cidr:/etc/postfix/policyd_access,
check_policy_service inet:127.0.0.1:12525
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_soft_error_limit = 2
smtpd_tls_cert_file = /etc/ssl/certs/local/wildcard.combined.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
May 18 16:19:29 nexus2 postfix/smtpd[18002]: connect from
monitor.example.com[10.2.1.39]
May 18 16:19:29 nexus2 postfix/smtpd[18002]: improper command pipelining
after MAIL from monitor.example.com[10.2.1.39]
May 18 16:19:29 nexus2 postfix/smtpd[18002]: disconnect from
monitor.example.com[10.2.1.39]
Xymon's status page for smtp on this server has the following on it:
220 nexus2.mainstreamdata.com ESMTP Postfix (Debian/GNU)
503 5.5.1 Error: send HELO/EHLO first
221 2.0.0 Bye
