Re: Occasional email rejections with no shown explanation
On 04/12/2011 08:09 PM, Eric Cunningham wrote: Hi, on occassion, I'm noting rejected emails without any specific reason logged. Without a reason, it's hard to pinpoint a fix to allow legit emails through. Here's an example from my mail log: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from hsarelay1t.mail.mylife.com[216.52.223.210] Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP helo=hsarelay1t.mail.mylife.com Apr 12 13:15:10 postal2 postfix/smtpd[22543]: disconnect from hsarelay1t.mail.mylife.com[216.52.223.210] I would like to allow emails from this particular sender but have not been able to do so though the usual allowances in my smtpd_recipient_restrictions. You're not showing any of these restrictions. Include the contents of all these access maps, and, specifically, the definition of your restriction class (postconf does not output non-standard settings.) The recipient address is legit and working for other senders. Any ideas as to what could cause this? You're matching and rejecting the *sender* address /somewhere/. -- J.
Re: Occasional email rejections with no shown explanation
Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP helo=hsarelay1t.mail.mylife.com The recipient address is legit and working for other senders. You are rejecting the SENDER ADDRESS. Wietse
Re: Occasional email rejections with no shown explanation
Wietse Venema wrote: Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP helo=hsarelay1t.mail.mylife.com The recipient address is legit and working for other senders. You are rejecting the SENDER ADDRESS. Wietse Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. -Eric
Re: Occasional email rejections with no shown explanation
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote: Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. -Eric And what's the content of /etc/postfix/access/connect_client_access -- Darek
Re: Occasional email rejections with no shown explanation
On Tue, Apr 12, 2011 at 02:09:11PM -0400, Eric Cunningham wrote: Hi, on occassion, I'm noting rejected emails without any specific reason logged. Without a reason, it's hard to pinpoint a fix to allow legit emails through. Here's an example from my mail log: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from hsarelay1t.mail.mylife.com[216.52.223.210] Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: This says it was a check_sender_access lookup. Access denied; And this says the result was reject. If you don't add text to your numerous access(5) lookups, it is indeed harder to debug them. from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP helo=hsarelay1t.mail.mylife.com Apr 12 13:15:10 postal2 postfix/smtpd[22543]: disconnect from hsarelay1t.mail.mylife.com[216.52.223.210] I would like to allow emails from this particular sender but have not been able to do so though the usual allowances in my smtpd_recipient_restrictions. The recipient address is legit and working for other senders. Any ideas as to what could cause this? postconf -n output is attached. snip smtpd_recipient_restrictions = permit_sasl_authenticated, check_recipient_access pcre:/etc/postfix/access/final_recipient_access, reject_unauth_pipelining, check_helo_access pcre:/etc/postfix/access/final_helo_access, check_client_access hash:/etc/postfix/access/final_client_access, check_sender_access pcre:/etc/postfix/access/final_sender_access, This would be the prime suspect. permit_mynetworks, reject_unknown_sender_domain, reject_unauth_destination, check_helo_access pcre:/etc/postfix/access/suspect_helo, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client autospam.whoi.edu, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client dnsbl.ahbl.org, reject_rbl_client list.dsbl.org, DSBL has been gone for almost three years now. reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, CBL is included in Zen. The second lookup against CBL data is unlikely to block anything, and it IS more load on CBL's infrastructure. reject_rbl_client combined.njabl.org, reject_rbl_client bhnc.njabl.org -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Occasional email rejections with no shown explanation
Darek M wrote: On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote: Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. -Eric And what's the content of /etc/postfix/access/connect_client_access 216.52.223.210 OK
Re: Occasional email rejections with no shown explanation
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote: Wietse Venema wrote: Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP helo=hsarelay1t.mail.mylife.com The recipient address is legit and working for other senders. You are rejecting the SENDER ADDRESS. Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. I'll assume you remembered to postmap(1) a hash: file if it was a hash: file. In that case it appears that we're lacking information. Was this rejected session on your main port 25 smtpd(8), or might it have arrived on a different port with -o overrides? Show master.cf with comments removed, and the final_sender_access file. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Occasional email rejections with no shown explanation
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote: Wietse Venema wrote: Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP helo=hsarelay1t.mail.mylife.com The recipient address is legit and working for other senders. You are rejecting the SENDER ADDRESS. Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. I'll assume you remembered to postmap(1) a hash: file if it was a hash: file. In that case it appears that we're lacking information. Was this rejected session on your main port 25 smtpd(8), or might it have arrived on a different port with -o overrides? Show master.cf with comments removed, and the final_sender_access file. Wietse is correct. There -was- a REJECT entry in my (rather large) final_sender_access. Thanks to all who replied. -Eric (with egg on face)
Re: Occasional email rejections with no shown explanation
* Eric Cunningham e...@whoi.edu: Darek M wrote: On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote: Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. -Eric And what's the content of /etc/postfix/access/connect_client_access 216.52.223.210 OK That's not a sender, that's a client. The sender is the ENVELOPE SENDER (or parts thereof) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
