454 instead 5xx status for "Relay access denied"

Sun, 28 Apr 2013 02:48:06 -0700 

Hi

should this not be a permanent error instead temporary?
in fact some spammer tried for open relay

Apr 28 00:32:49 mail postfix/smtpd[25333]: NOQUEUE: reject: RCPT from 
unknown[221.5.24.12]: 454 4.7.1
<acylea2...@yahoo.com.tw>: Relay access denied; from=<ver...@googlegroups.com> 
to=<acylea2...@yahoo.com.tw>
proto=ESMTP helo=<oetezh.com>

FYI: the "permit_sasl_authenticated reject" followed by more restrictions
in "smtpd_recipient_restrictions" is intentional and this "reject"
would be removed if the machine has to play MX again
___________________________________

postconf -n | grep code
unknown_address_reject_code = 550
unknown_hostname_reject_code = 501
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
___________________________________

postconf -n | grep smtpd | grep -v tls
barracuda_smtpd_recipient_restrictions = permit_mynetworks, reject
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_rate_limit = 50
smtpd_client_recipient_rate_limit = 400
smtpd_discard_ehlo_keywords = silent-discard, etrn, dsn, vrfy
smtpd_error_sleep_time = ${stress?1}${stress:2}s
smtpd_hard_error_limit = ${stress?5}${stress:10}
smtpd_helo_required = yes
smtpd_peername_lookup = yes
smtpd_proxy_options = speed_adjust
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient 
reject_non_fqdn_sender
reject_unlisted_sender reject_authenticated_sender_login_mismatch 
permit_sasl_authenticated reject
reject_unauth_destination reject_unknown_sender_domain 
reject_unknown_recipient_domain reject_invalid_hostname
reject_unknown_reverse_client_hostname reject_unauth_pipelining 
reject_rbl_client dnsbl-1.uceprotect.net
check_policy_service unix:/var/spool/postfix/postgrey/socket 
check_recipient_access
proxy:mysql:/etc/postfix/mysql-spamfilter.cf
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, 
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-senderaccess.cf
smtpd_soft_error_limit = ${stress?2}${stress:5}
___________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to