PATCH: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Wietse Venema]

flowhosts:
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: restriction 
> check_recipient_a_access returns OK for vasilnhdgz0sdiminut...@netgooya.com
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: this is not 
> allowed for security reasons
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: use DUNNO instead 
> of OK if you want to make an exception
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: reject: RCPT from 
> unknown[192.168.xxx.xxx]:53698: 451 4.3.5 Server configuration error; 

This patch applies to Postfix 3.0 and later.

Wietse

--- ./src/smtpd/smtpd_check.c-  2017-05-31 16:29:46.0 -0500
+++ ./src/smtpd/smtpd_check.c   2017-11-16 09:32:46.898378490 -0600
@@ -4044,7 +4044,7 @@
 static void forbid_whitelist(SMTPD_STATE *state, const char *name,
 int status, const char *target)
 {
-if (status == SMTPD_CHECK_OK) {
+if (state->discard == 0 && status == SMTPD_CHECK_OK) {
msg_warn("restriction %s returns OK for %s", name, target);
msg_warn("this is not allowed for security reasons");
msg_warn("use DUNNO instead of OK if you want to make an exception");

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Matus UHLAR - fantomas]

On 14.11.17 20:02, liquid cooled wrote:

The problem is as follows:
A spammer is using an ip address which hast thousands of domains
registered, the apammer uses a botnet to send from his domains but from
many different source ips.


don't you want to use check_sender_a_access instead?
last time we received spame from that kind of abusers, I configured that
one.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse

Fwd: Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[flowhosts]

Thats totally true,

i i have to deal with listings of my ip addresses on blacklists very often.
Yes the hops which are affected here are:
Sieve generates the forwarded mail, one of the postfix mta-out hosts
tries to deliver it and fails generating the Mailer-Daemon which also
fails to get delivered, then it gets passed on to my postfix fallback
mta-out where check_recipient_a_access happens.

joe-job forgery sounds interesting i will give this a read!

To let the user choose the scenario is definatly an way/option i can
imagine.
Thanks a lot for your input Victor i will look into making my mailsystem
to a more friendly place for other mail hosts (and me).


Am 14/11/2017 um 20:18 schrieb Viktor Dukhovni:



On Nov 14, 2017, at 2:02 PM, liquid cooled  wrote:

A spammer is using an ip address which hast thousands of domains registered, 
the apammer uses a botnet to send from his domains but from many different 
source ips.
My customers then receive the spams and a lot of them have forward anything 
rules, the new generated forwarded mails could be rejected by the receiving 
mailhosts through lets say any spamhaus rbl, my mtaout hosts then forge mailer 
daemon mails for the originating source domains which all lead to the same ip 
which does not run a mail service, my fallback hosts then fill up with this 
mailer daemon messages.

So another point is im not allowed to use intransparent mail blocking like rbl 
lists, or oher spam detecting systems, the only thing i use is an user 
configurable spam / virus detection service. So if a user wants spam he gets 
it... And if he forwards it i get into the described dilemma.

I operate a pretty large mail system so i had about 100k of these mailer 
daemons per day or even more.

For about 3 weeks i got a cronjob running which postsupered the mailer daemon 
mails hourly, until i discovered the postfix recipient_a_access feature.

I see, so you're obligated to accept mail that downstream hosts your
users forward to often reject, and then you become a backscatter source,
but some of the backscatter clogs your queue, so you've found a way to
discard it (there must an SMTP hop between the place where the bounce
is generated and the systems that would otherwise queue this mail).

Can't say I'm entirely sympathetic, as lots of other backscatter, that
is not clogging your queue, is still going out, perhaps to various victims
of joe-job forgery.  Doing forwarding without filtering imposes externalities
(costs) on others and is perhaps not a socially responsible thing to do.
Ideally your users would only be able to choose at most one of:

 * Opt out of email filtering via RBLs and anti-spam content filters
 * Enable forwarding to an external mailbox

If they want forwarding, they'd have to accept filtering.

Note that since bounces have a single recipient, REJECT is as effective
as DISCARD here.

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Viktor Dukhovni]

> On Nov 14, 2017, at 2:02 PM, liquid cooled  wrote:
> 
> A spammer is using an ip address which hast thousands of domains registered, 
> the apammer uses a botnet to send from his domains but from many different 
> source ips.
> My customers then receive the spams and a lot of them have forward anything 
> rules, the new generated forwarded mails could be rejected by the receiving 
> mailhosts through lets say any spamhaus rbl, my mtaout hosts then forge 
> mailer daemon mails for the originating source domains which all lead to the 
> same ip which does not run a mail service, my fallback hosts then fill up 
> with this mailer daemon messages.
> 
> So another point is im not allowed to use intransparent mail blocking like 
> rbl lists, or oher spam detecting systems, the only thing i use is an user 
> configurable spam / virus detection service. So if a user wants spam he gets 
> it... And if he forwards it i get into the described dilemma.
> 
> I operate a pretty large mail system so i had about 100k of these mailer 
> daemons per day or even more.
> 
> For about 3 weeks i got a cronjob running which postsupered the mailer daemon 
> mails hourly, until i discovered the postfix recipient_a_access feature.

I see, so you're obligated to accept mail that downstream hosts your
users forward to often reject, and then you become a backscatter source,
but some of the backscatter clogs your queue, so you've found a way to
discard it (there must an SMTP hop between the place where the bounce
is generated and the systems that would otherwise queue this mail).

Can't say I'm entirely sympathetic, as lots of other backscatter, that
is not clogging your queue, is still going out, perhaps to various victims
of joe-job forgery.  Doing forwarding without filtering imposes externalities
(costs) on others and is perhaps not a socially responsible thing to do.
Ideally your users would only be able to choose at most one of:

* Opt out of email filtering via RBLs and anti-spam content filters
* Enable forwarding to an external mailbox

If they want forwarding, they'd have to accept filtering.

Note that since bounces have a single recipient, REJECT is as effective
as DISCARD here.

-- 
-- 
Viktor.

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[liquid cooled]

The problem is as follows:
A spammer is using an ip address which hast thousands of domains
registered, the apammer uses a botnet to send from his domains but from
many different source ips.
My customers then receive the spams and a lot of them have forward anything
rules, the new generated forwarded mails could be rejected by the receiving
mailhosts through lets say any spamhaus rbl, my mtaout hosts then forge
mailer daemon mails for the originating source domains which all lead to
the same ip which does not run a mail service, my fallback hosts then fill
up with this mailer daemon messages.

So another point is im not allowed to use intransparent mail blocking like
rbl lists, or oher spam detecting systems, the only thing i use is an user
configurable spam / virus detection service. So if a user wants spam he
gets it... And if he forwards it i get into the described dilemma.

I operate a pretty large mail system so i had about 100k of these mailer
daemons per day or even more.

For about 3 weeks i got a cronjob running which postsupered the mailer
daemon mails hourly, until i discovered the postfix recipient_a_access
feature.

Hope that clears things up!

On 14 Nov 2017 7:20 p.m., "Viktor Dukhovni" 
wrote:

> On Tue, Nov 14, 2017 at 07:11:03PM +0100, flowhosts wrote:
>
> > Yes this is such a decent feature!
> > I use it with the hold action now as this doesn't break things.
> > So bad domains (in my case) which would never accept mails are now kept
> in
> > place, i call it the bad destination hold quarantine.
> > Looking forward to massive discarding soon :)
>
> While DISCARD is clearly not behaving as expected here, I am puzzled
> as to when you might want the expected behaviour.  Is this a
> submission service, and you're trying to discard mail from compromised
> accounts?  What is the use-case for discarding a message one of
> whose recipients has a domain whose MX hosts match some IP address?
>
> --
> Viktor.
>

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Viktor Dukhovni]

> On Nov 14, 2017, at 1:50 PM, Noel Jones  wrote:
> 
> Usually (almost always) REJECT is a more appropriate action for
> unwanted mail.  Is there some reason you can't use REJECT until this
> is fixed?
> 
> I guess you're using this to trap mail your users send to bad/typo
> domains eg. hotmal.com?  In that case, REJECT would be better to
> notify the user of their mistake.

The effect is of course different for multi-recipient mail.
With DISCARD no recipients get the ail, with REJECT only
the "bad" recipients don't get the mail.  If one of the
"good" recipients then uses "Reply-All" the "bad" recipient
might still see the message.

And yet I am still puzzled what the use-case is for
DISCARD in check_recipient_a_access...  I hope the
OP is willing to elaborate on what real-world problem
that solves...

-- 
Viktor.

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Noel Jones]

Usually (almost always) REJECT is a more appropriate action for
unwanted mail.  Is there some reason you can't use REJECT until this
is fixed?

I guess you're using this to trap mail your users send to bad/typo
domains eg. hotmal.com?  In that case, REJECT would be better to
notify the user of their mistake.



  -- Noel Jones


On 11/14/2017 12:11 PM, flowhosts wrote:
> Yes this is such a decent feature!
> I use it with the hold action now as this doesn't break things.
> So bad domains (in my case) which would never accept mails are now
> kept in place, i call it the bad destination hold quarantine.
> Looking forward to massive discarding soon :)
> 
> @Noel Jones, thanks!
> 
> Am 14/11/2017 um 18:52 schrieb @lbutlr:
>> On 14 Nov 2017, at 05:00, flowhosts  wrote:
>>> # main.cf
>>> smtpd_recipient_restrictions =
>>>  reject_non_fqdn_sender
>>>  ...
>>>  check_recipient_a_access
>>> hash:/etc/postfix/lookup/recipient_a_access
>>>  ...
>>>  permit
>>>
>>> # cat /etc/postfix/lookup/recipient_a_access
>>> 185.140.110.3 DISCARD
>> I hope this bug gets fixed soon, because that looks like it might
>> be super useful with a log monitor and blacklist.
>>
> 

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Viktor Dukhovni]

On Tue, Nov 14, 2017 at 07:11:03PM +0100, flowhosts wrote:

> Yes this is such a decent feature!
> I use it with the hold action now as this doesn't break things.
> So bad domains (in my case) which would never accept mails are now kept in
> place, i call it the bad destination hold quarantine.
> Looking forward to massive discarding soon :)

While DISCARD is clearly not behaving as expected here, I am puzzled
as to when you might want the expected behaviour.  Is this a
submission service, and you're trying to discard mail from compromised
accounts?  What is the use-case for discarding a message one of
whose recipients has a domain whose MX hosts match some IP address?

-- 
Viktor.

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[flowhosts]

Yes this is such a decent feature!
I use it with the hold action now as this doesn't break things.
So bad domains (in my case) which would never accept mails are now kept 
in place, i call it the bad destination hold quarantine.

Looking forward to massive discarding soon :)

@Noel Jones, thanks!

Am 14/11/2017 um 18:52 schrieb @lbutlr:

On 14 Nov 2017, at 05:00, flowhosts  wrote:

# main.cf
smtpd_recipient_restrictions =
 reject_non_fqdn_sender
 ...
 check_recipient_a_access hash:/etc/postfix/lookup/recipient_a_access
 ...
 permit

# cat /etc/postfix/lookup/recipient_a_access
185.140.110.3 DISCARD

I hope this bug gets fixed soon, because that looks like it might be super 
useful with a log monitor and blacklist.

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[@lbutlr]

On 14 Nov 2017, at 05:00, flowhosts  wrote:
> # main.cf
> smtpd_recipient_restrictions =
> reject_non_fqdn_sender
> ...
> check_recipient_a_access hash:/etc/postfix/lookup/recipient_a_access
> ...
> permit
> 
> # cat /etc/postfix/lookup/recipient_a_access
> 185.140.110.3 DISCARD

I hope this bug gets fixed soon, because that looks like it might be super 
useful with a log monitor and blacklist.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[Noel Jones]

On 11/14/2017 6:00 AM, flowhosts wrote:
> Hello,
> 
> as described in the subject i tried to implement the new feature
> check_recipient_a_access
> I have encountered a strange error or maybe an bug.
> 
> The following settings result in an correct action follwed by an
> "4.3.5 Server configuration error" response.
> # main.cf
> smtpd_recipient_restrictions =
>     reject_non_fqdn_sender
>         ...
>     check_recipient_a_access
> hash:/etc/postfix/lookup/recipient_a_access
>         ...
>     permit
> 
> # cat /etc/postfix/lookup/recipient_a_access
> 185.140.110.3 DISCARD
> 
> # maillog
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: discard: RCPT
> from unknown[192.168.xxx.xxx]:53698:
> : Recipient address triggers
> DISCARD action; from=<> to=
> proto=ESMTP helo=
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: restriction
> check_recipient_a_access returns OK for
> vasilnhdgz0sdiminut...@netgooya.com
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: this is not
> allowed for security reasons
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: use DUNNO
> instead of OK if you want to make an exception
> Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: reject: RCPT
> from unknown[192.168.xxx.xxx]:53698: 451 4.3.5 Server configuration
> error; from=<> to= proto=ESMTP
> helo=
> Nov 14 10:53:54 fallback postfix/cleanup[7844]: 3ybjWk29Jhz5vXS:
> message-id=<3ybjwk29jhz5...@smtp.xxx.xx>
> 
> 
> If DISCARD is replaced by HOLD in "recipient_a_access" the error
> won't appear but in fact the sending host also receives an OK
> message like it does above when discarding the mail, which should
> not be allowed if you trust the warning message received.
> 
> So is this a bug when using DISCARD or is it the right behaviour?
> And if it's not a bug then i think HOLD is buggy because it does not
> respond with an "451 4.3.5 Server configuration error".
> 
> Where can i file a bug report?
> Or can someone confirm this behaviour?
> 
> Thanks in advance,
> Patrick
> 


Confirmed (on postfix 3.2-20160730, using an inline: map).

This looks like a bug, consider it reported.  Thanks for finding this.



  -- Noel Jones

check_recipient_a_access DISCARD leads to 451 4.3.5 Server configuration error

[flowhosts]

Hello,

as described in the subject i tried to implement the new feature 
check_recipient_a_access

I have encountered a strange error or maybe an bug.

The following settings result in an correct action follwed by an "4.3.5 
Server configuration error" response.

# main.cf
smtpd_recipient_restrictions =
    reject_non_fqdn_sender
        ...
    check_recipient_a_access 
hash:/etc/postfix/lookup/recipient_a_access

        ...
    permit

# cat /etc/postfix/lookup/recipient_a_access
185.140.110.3 DISCARD

# maillog
Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: discard: RCPT 
from unknown[192.168.xxx.xxx]:53698: 
: Recipient address triggers 
DISCARD action; from=<> to= 
proto=ESMTP helo=
Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: restriction 
check_recipient_a_access returns OK for vasilnhdgz0sdiminut...@netgooya.com
Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: this is not 
allowed for security reasons
Nov 14 10:53:54 fallback postfix/smtpd[7187]: warning: use DUNNO instead 
of OK if you want to make an exception
Nov 14 10:53:54 fallback postfix/smtpd[7187]: NOQUEUE: reject: RCPT from 
unknown[192.168.xxx.xxx]:53698: 451 4.3.5 Server configuration error; 
from=<> to= proto=ESMTP 
helo=
Nov 14 10:53:54 fallback postfix/cleanup[7844]: 3ybjWk29Jhz5vXS: 
message-id=<3ybjwk29jhz5...@smtp.xxx.xx>



If DISCARD is replaced by HOLD in "recipient_a_access" the error won't 
appear but in fact the sending host also receives an OK message like it 
does above when discarding the mail, which should not be allowed if you 
trust the warning message received.


So is this a bug when using DISCARD or is it the right behaviour?
And if it's not a bug then i think HOLD is buggy because it does not 
respond with an "451 4.3.5 Server configuration error".


Where can i file a bug report?
Or can someone confirm this behaviour?

Thanks in advance,
Patrick

Re: 451 4.3.5 Server configuration error

[Daniel Armando Rodriguez]

>> They are, look like this in main.cf
>>
>> # OpenDKIM
>>   milter_default_action = accept
>>   milter_protocol = 6
>>   smtpd_milters = local:/opendkim/opendkim.sock
>>   non_smtpd_milters = $smtpd_milters
>
> Each parameter definition must start in the *first*
> column of its text line. See
>
>   http://www.postfix.org/postconf.5.html
>
> The general format of the main.cf file is as follows:
>
> • Each logical line is in the form "parameter = value".
>   Whitespace around the "=" is ignored, as is whitespace
>   at the end of a logical line.
>
> • Empty lines and whitespace-only lines are ignored, as are
>   lines whose first non-whitespace character is a `#'.
>
> • A logical line starts with non-whitespace text. A line
>   that starts with whitespace continues a logical line.


That was it, should read first!


Thank you guys






___
Daniel A. Rodriguez
Departamento de Tecnología para la Gestión
Escuela Provincial de Educación Técnica N° 1
Posadas - Misiones - Argentina
(0376) 443-8578
www.epet1.edu.ar

Re: 451 4.3.5 Server configuration error

[Viktor Dukhovni]

> On Aug 30, 2017, at 12:56 PM, Daniel Armando Rodriguez 
>  wrote:
> 
> They are, look like this in main.cf
> 
> # OpenDKIM
>   milter_default_action = accept
>   milter_protocol = 6
>   smtpd_milters = local:/opendkim/opendkim.sock
>   non_smtpd_milters = $smtpd_milters

Each parameter definition must start in the *first*
column of its text line. See

  http://www.postfix.org/postconf.5.html

The general format of the main.cf file is as follows:

• Each logical line is in the form "parameter = value".
  Whitespace around the "=" is ignored, as is whitespace
  at the end of a logical line.

• Empty lines and whitespace-only lines are ignored, as are
  lines whose first non-whitespace character is a `#'.

• A logical line starts with non-whitespace text. A line
  that starts with whitespace continues a logical line. 

-- 
Viktor.

Re: 451 4.3.5 Server configuration error

[Daniel Armando Rodriguez]

2017-08-30 10:16 GMT-03:00 Christian Kivalo :
>
>
> On 2017-08-30 15:07, Daniel Armando Rodriguez wrote:
>>>
>>> On 2017-08-30 14:51, Daniel Armando Rodriguez wrote:


 Hi, I'm getting such message logged after the warning: unknown smtpd
 restriction: "milter_default_action"
>>>
>>>
>>> Note that options in master.cf are without spaces around the "=".
>>
>>
>> yep
>>
 All incoming mail is rejected.

 What I'm trying to achieve is to get dkim validation working,
 following this guide
 https://wiki.debian.org/opendkim
>>>
>>>
>>> It helps to show your configuration.
>>>
>>> See http://www.postfix.org/DEBUG_README.html#mail
>>>
>>> Send the output of
>>> postconf -n
>>
>>
>> #  postconf -n
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> config_directory = /etc/postfix
>> home_mailbox = Maildir/
>> html_directory = /usr/share/doc/postfix/html
>> inet_interfaces = all
>> mailbox_command =
>> mailbox_size_limit = 0
>> mydestination = localhost
>> mydomain = unau.edu.ar
>> myhostname = correo.$mydomain
>> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128,
>> 170.210.45.128/29
>> myorigin = $myhostname
>> policyd-spf_time_limit = 3600
>> readme_directory = /usr/share/doc/postfix
>> recipient_delimiter = +
>> relayhost =
>> smtp_tls_security_level = may
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtpd_banner = $myhostname ESMTP $mail_name
>> smtpd_recipient_restrictions = permit_mynetworks,
>> permit_sasl_authenticated, reject_unauth_destination,
>> check_policy_service unix:private/policyd-spf milter_default_action =
>
>^^
> Maybe just your mailclient, but you seem to be missing newlines here.
>
>> accept milter_protocol = 6 smtpd_milters =
>> local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters
>
> All these milter_* options should be on their own line.


They are, look like this in main.cf

# OpenDKIM
   milter_default_action = accept
   milter_protocol = 6
   smtpd_milters = local:/opendkim/opendkim.sock
   non_smtpd_milters = $smtpd_milters




___
Daniel A. Rodriguez
Departamento de Tecnología para la Gestión
Escuela Provincial de Educación Técnica N° 1
Posadas - Misiones - Argentina
(0376) 443-8578
www.epet1.edu.ar

Re: 451 4.3.5 Server configuration error

[Christian Kivalo]

On 2017-08-30 15:07, Daniel Armando Rodriguez wrote:

On 2017-08-30 14:51, Daniel Armando Rodriguez wrote:


Hi, I'm getting such message logged after the warning: unknown smtpd
restriction: "milter_default_action"


Note that options in master.cf are without spaces around the "=".


yep


All incoming mail is rejected.

What I'm trying to achieve is to get dkim validation working,
following this guide
https://wiki.debian.org/opendkim


It helps to show your configuration.

See http://www.postfix.org/DEBUG_README.html#mail

Send the output of
postconf -n


#  postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_command =
mailbox_size_limit = 0
mydestination = localhost
mydomain = unau.edu.ar
myhostname = correo.$mydomain
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128, 
170.210.45.128/29

myorigin = $myhostname
policyd-spf_time_limit = 3600
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_policy_service unix:private/policyd-spf milter_default_action =

   ^^
Maybe just your mailclient, but you seem to be missing newlines here.


accept milter_protocol = 6 smtpd_milters =
local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters

All these milter_* options should be on their own line.

smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/unau.edu.ar/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/unau.edu.ar/privkey.pem
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual_aliases
virtual_mailbox_domains = $mydomain
virtual_transport = lmtp:unix:private/dovecot-lmtp


postconf -Mf


postconf -Mf
smtp   inet  n   -   -   -   -   smtpd
-o content_filter=spamassassin
submission inet  n   -   -   -   -   smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=spamassassin
smtps  inet  n   -   -   -   -   smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=spamassassin
pickup unix  n   -   -   60  1   pickup
cleanupunix  n   -   -   -   0   cleanup
qmgr   unix  n   -   n   300 1   qmgr
tlsmgr unix  -   -   -   1000?   1   tlsmgr
rewriteunix  -   -   -   -   -   
trivial-rewrite

bounce unix  -   -   -   -   0   bounce
defer  unix  -   -   -   -   0   bounce
trace  unix  -   -   -   -   0   bounce
verify unix  -   -   -   -   1   verify
flush  unix  n   -   -   1000?   0   flush
proxymap   unix  -   -   n   -   -   proxymap
proxywrite unix  -   -   n   -   1   proxymap
smtp   unix  -   -   -   -   -   smtp
relay  unix  -   -   -   -   -   smtp
showq  unix  n   -   -   -   -   showq
error  unix  -   -   -   -   -   error
retry  unix  -   -   -   -   -   error
discardunix  -   -   -   -   -   discard
local  unix  -   n   n   -   -   local
virtualunix  -   n   n   -   -   virtual
lmtp   unix  -   -   -   -   -   lmtp
anvil  unix  -   -   -   -   1   anvil
scache unix  -   -   -   -   1   scache
maildrop   unix  -   n   n   -   -   pipe 
flags=DRhu

user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp   unix  -   n   n   -   -   pipe 
flags=Fqhu

user=uucp argv=uu

Re: 451 4.3.5 Server configuration error

[Daniel Armando Rodriguez]

> On 2017-08-30 14:51, Daniel Armando Rodriguez wrote:
>>
>> Hi, I'm getting such message logged after the warning: unknown smtpd
>> restriction: "milter_default_action"
>
> Note that options in master.cf are without spaces around the "=".

yep

>> All incoming mail is rejected.
>>
>> What I'm trying to achieve is to get dkim validation working,
>> following this guide
>> https://wiki.debian.org/opendkim
>
> It helps to show your configuration.
>
> See http://www.postfix.org/DEBUG_README.html#mail
>
> Send the output of
> postconf -n

#  postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_command =
mailbox_size_limit = 0
mydestination = localhost
mydomain = unau.edu.ar
myhostname = correo.$mydomain
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128, 170.210.45.128/29
myorigin = $myhostname
policyd-spf_time_limit = 3600
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_policy_service unix:private/policyd-spf milter_default_action =
accept milter_protocol = 6 smtpd_milters =
local:/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/unau.edu.ar/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/unau.edu.ar/privkey.pem
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual_aliases
virtual_mailbox_domains = $mydomain
virtual_transport = lmtp:unix:private/dovecot-lmtp

> postconf -Mf

postconf -Mf
smtp   inet  n   -   -   -   -   smtpd
-o content_filter=spamassassin
submission inet  n   -   -   -   -   smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=spamassassin
smtps  inet  n   -   -   -   -   smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=spamassassin
pickup unix  n   -   -   60  1   pickup
cleanupunix  n   -   -   -   0   cleanup
qmgr   unix  n   -   n   300 1   qmgr
tlsmgr unix  -   -   -   1000?   1   tlsmgr
rewriteunix  -   -   -   -   -   trivial-rewrite
bounce unix  -   -   -   -   0   bounce
defer  unix  -   -   -   -   0   bounce
trace  unix  -   -   -   -   0   bounce
verify unix  -   -   -   -   1   verify
flush  unix  n   -   -   1000?   0   flush
proxymap   unix  -   -   n   -   -   proxymap
proxywrite unix  -   -   n   -   1   proxymap
smtp   unix  -   -   -   -   -   smtp
relay  unix  -   -   -   -   -   smtp
showq  unix  n   -   -   -   -   showq
error  unix  -   -   -   -   -   error
retry  unix  -   -   -   -   -   error
discardunix  -   -   -   -   -   discard
local  unix  -   n   n   -   -   local
virtualunix  -   n   n   -   -   virtual
lmtp   unix  -   -   -   -   -   lmtp
anvil  unix  -   -   -   -   1   anvil
scache unix  -   -   -   -   1   scache
maildrop   unix  -   n   n   -   -   pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp   unix  -   n   n   -   -   pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix  -   n   n   -   -   pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp  unix  -   n 

Re: 451 4.3.5 Server configuration error

[Christian Kivalo]

On 2017-08-30 14:51, Daniel Armando Rodriguez wrote:

Hi, I'm getting such message logged after the warning: unknown smtpd
restriction: "milter_default_action"

Note that options in master.cf are without spaces around the "=".


All incoming mail is rejected.

What I'm trying to achieve is to get dkim validation working,
following this guide
https://wiki.debian.org/opendkim

It helps to show your configuration.

See http://www.postfix.org/DEBUG_README.html#mail

Send the output of
postconf -n
postconf -Mf





regards in advance


--
 Christian Kivalo

451 4.3.5 Server configuration error

[Daniel Armando Rodriguez]

Hi, I'm getting such message logged after the warning: unknown smtpd
restriction: "milter_default_action"

All incoming mail is rejected.

What I'm trying to achieve is to get dkim validation working,
following this guide
https://wiki.debian.org/opendkim




regards in advance

Re: 451 4.3.5 Server configuration error

[Wietse Venema]

Dino Edwards:
> Hello,
> 
> Having a strange issue with a server. Multiple times a day I get the 
> following errors in mail.log:
> 
> 451 4.3.5 Server configuration error; from= 
> to= proto=ESMTP helo=

The error is logged BEFORE this line.

Wietse

451 4.3.5 Server configuration error

[Dino Edwards]

Hello,

Having a strange issue with a server. Multiple times a day I get the following 
errors in mail.log:

451 4.3.5 Server configuration error; from= 
to= proto=ESMTP helo=

I also get the following email in my admin mailbox:

From: Mail Delivery System 
Subject: Postfix SMTP server: errors from localhost[::1]
To: postmas...@domain.tld 

Transcript of session follows.

 Out: 220 server.domain.tld 
 In:  ehlo server.domain.tld
 Out: 250- server.domain.tld
 Out: 250-PIPELINING
 Out: 250-SIZE 52428800
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  mail FROM: size=527
 Out: 250 2.1.0 Ok
 In:  rcpt TO:
 Out: 451 4.3.5 Server configuration error
 In:  rset
 Out: 250 2.0.0 Ok

Session aborted, reason: lost connection

For other details, see the local mail logfile

So, it looks like some process is trying to send email from 
r...@server.domain.tld to root@localhost but I don't know what process it is or 
how to make it stop.

It doesn't seem to affect the server otherwise. Other email flows in and out as 
normal except for these errors.

I would appreciate some insight on where to look to get this resolved.

Thanks

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[Lester Montilla]

Certainly, I have already corrected them

Thanks for all Postfix Family

2017-03-19 11:26 GMT-04:00 Viktor Dukhovni :

>
> > On Mar 19, 2017, at 11:19 AM, Wietse Venema 
> wrote:
> >
> > There are some other typos as well - multiple reject_rbl_client.
>
> And bare RBL domain names with no reject_rbl_client or similar.
>
> --
> Viktor.
>
>


-- 
*Lester Montilla*
CEO
*Oficina.* 809-957-5764
*Móvil* . 829-766-3570
*E-mail* :lest...@gmail.com
*Skype:* lestraw
*Whatsaap*: 829-766-3570




*Pagad a todos lo que debáis: al que impuesto, impuesto; al que tributo,
tributo; al que temor, temor; al que honor, honor.*
*Romanos 13:17*

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[Viktor Dukhovni]

> On Mar 19, 2017, at 11:19 AM, Wietse Venema  wrote:
> 
> There are some other typos as well - multiple reject_rbl_client.

And bare RBL domain names with no reject_rbl_client or similar.

-- 
Viktor.

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[Wietse Venema]

lestraw:
> Mar 18 21:03:27 server postfix/smtpd[26211]: warning: unknown smtpd
> restriction: "combined.rbl.msrbl.net"

You forgot to have 'reject_rbl_client' before 'combined.rbl.msrbl.net'

> smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
> permit_tls_all_clientcerts reject_rbl_client reject_rbl_client
> reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client
> reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net
> combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client ...

There are some other typos as well - multiple reject_rbl_client.

Wietse

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[lestraw]

*Problem solved
*

It turns out that in *smtpd_client_restrictions =*

I was missing the *permit_sasl_authenticated sentence*


Thanks for everything 



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89536.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[lestraw]

I put the result of postconf -n

I will put it back, I will also place the most detailed result of the
postfix log

*
Postfix LOG:*

Mar 18 21:03:27 server postfix/smtpd[28381]: warning: unknown[DD.D.D.DD]:
SASL LOGIN authentication failed: AAA
Mar 18 21:03:27 server postfix/smtpd[26211]: warning: unknown smtpd
restriction: "combined.rbl.msrbl.net"
*Mar 18 21:03:27 server postfix/smtpd[26211]: NOQUEUE: reject: RCPT from
unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error;
from= to= proto=ESMTP
helo=<[DD.D.D.DD]>*
Mar 18 21:03:27 server postfix/smtpd[28381]: lost connection after AUTH from
unknown[DD.D.D.DD]
Mar 18 21:03:27 server postfix/smtpd[28381]: disconnect from
unknown[DD.D.D.DD]
Mar 18 21:03:28 server postfix/cleanup[30157]: C1077620DF6:
message-id=<20170319010328.c1077620...@a.com>



*Postconf - N: *

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
bounce_queue_lifetime = 30m
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 776
default_destination_recipient_limit = 776
default_process_limit = 776
delay_warning_time = 2h
fast_flush_purge_time = 30m
fast_flush_refresh_time = 15m
home_mailbox = Maildir/
html_directory = no
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 1000s
maximal_queue_lifetime = 2h
message_size_limit = 0
minimal_backoff_time = 300s
mydestination = /etc/postfix/mydestination
mydomain = .AAA
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
qmgr_message_active_limit = 4
qmgr_message_recipient_limit = 4
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relay_domains = $mydestination, bonofull.com, maillion.net, unityfull.com
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_connection_cache_on_demand = no
smtp_destination_concurrency_limit = 400
smtp_mx_session_limit = 776
smtp_use_tls = yes
smtpd_banner = $mydomain
smtpd_client_connection_count_limit = 400
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
permit_tls_all_clientcerts reject_rbl_client reject_rbl_client
reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client
reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net
combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client
reject_rbl_client reject_rhsbl_client bl.spamcannibal.org
smtpd_peername_lookup = no
smtpd_recipient_limit = 776
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
permit_inet_interfaces check_relay_domains reject_sender_login_mismatch
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = !DDD.DD.DD.D, DDD.DDD.D.D/DD
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
smtpd_tls_CAfile = /home/maillion/ssl.ca
smtpd_tls_cert_file = /home//ssl.cert
smtpd_tls_key_file = /home//ssl.key
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual


Please, help me



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89535.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[Wietse Venema]

lestraw:
> Hi postfix familiy,
> 
> I'm using thunderbird as a email client, and when sending an email is giving
> me the following error on /var/log/maillog:
> 
> Mar 18 19:54:39 server postfix/smtpd[21712]: NOQUEUE: reject: RCPT from
> unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error;
> from= to= proto=ESMTP
> helo=<[DD.D.D.DD]>

That text is sent to the remote client, and therefore it has no
configuration details.

Instead, Postfix logs internal details BEFORE replying to the client.

Wietse

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[lestraw]

Hi postfix familiy,

I'm using thunderbird as a email client, and when sending an email is giving
me the following error on /var/log/maillog:

Mar 18 19:54:39 server postfix/smtpd[21712]: NOQUEUE: reject: RCPT from
unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error;
from= to= proto=ESMTP
helo=<[DD.D.D.DD]>

Postconf - n shows the following:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
bounce_queue_lifetime = 30m
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 776
default_destination_recipient_limit = 776
default_process_limit = 776
delay_warning_time = 2h
fast_flush_purge_time = 30m
fast_flush_refresh_time = 15m
home_mailbox = Maildir/
html_directory = no
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 1000s
maximal_queue_lifetime = 2h
message_size_limit = 0
minimal_backoff_time = 300s
mydestination = /etc/postfix/mydestination
mydomain = .AAA
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
qmgr_message_active_limit = 4
qmgr_message_recipient_limit = 4
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relay_domains = $mydestination, bonofull.com, maillion.net, unityfull.com
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_connection_cache_on_demand = no
smtp_destination_concurrency_limit = 400
smtp_mx_session_limit = 776
smtp_use_tls = yes
smtpd_banner = $mydomain
smtpd_client_connection_count_limit = 400
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
permit_tls_all_clientcerts reject_rbl_client reject_rbl_client
reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client
reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net
combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client
reject_rbl_client reject_rhsbl_client bl.spamcannibal.org
smtpd_peername_lookup = no
smtpd_recipient_limit = 776
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
permit_inet_interfaces check_relay_domains reject_sender_login_mismatch
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = !DDD.DD.DD.D, DDD.DDD.D.D/DD
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
smtpd_tls_CAfile = /home/maillion/ssl.ca
smtpd_tls_cert_file = /home//ssl.cert
smtpd_tls_key_file = /home//ssl.key
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual


*What is wrong with this configuration?*



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89533.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[Wietse Venema]

lestraw:
> Hello Postfix Familty, 
> 
> I have configured it according to the postfix manuals a Postfix SASL e-mail
> server with Dovecot. And I'm having the following error, when I'm going to
> send an email from a client
> 
> *451 4.3.5 Server configuration error *
> 
> Postfix version 2.6.6 + Dovecot Version 2.0.9 
> 
> 
> ### ~> Postfix main.cf CENTOS6_X64
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> 
> mydomain = domain.example
> myorigin = $mydomain
> unknown_local_recipient_reject_code = 550
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> home_mailbox = Maildir/
> smtpd_banner = $mydomain
> debug_peer_level = 2
> debugger_command =
>PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
>xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail.postfix
> newaliases_path = /usr/bin/newaliases.postfix
> mailq_path = /usr/bin/mailq.postfix
> setgid_group = postdrop
> html_directory = no
> manpage_directory = /usr/share/man
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> 
> #sasl autentication start
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> smtpd_sasl_local_domain = $myhostname
> broken_sasl_auth_clients = yes
> relay_domains = $mydestination, second.example, domain.example
> smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
> permit_inet_interfaces check_relay_domains reject_sender_login_mismatch 
> #sasl autentication end
> 
> delay_warning_time = 2h
> fast_flush_refresh_time = 15m
> fast_flush_purge_time = 30m
> smtpd_recipient_limit = 776
> bounce_queue_lifetime = 30m
> maximal_queue_lifetime = 2h
> mailbox_size_limit = 0
> message_size_limit = 0
> smtp_connection_cache_on_demand = no
> smtpd_peername_lookup = no
> default_process_limit = 776
> qmgr_message_active_limit = 4
> qmgr_message_recipient_limit = 4
> default_destination_concurrency_limit = 776
> default_destination_recipient_limit = 776
> smtp_mx_session_limit = 776
> smtpd_client_connection_count_limit = 400
> smtp_destination_concurrency_limit = 400
> maximal_backoff_time = 1000s
> minimal_backoff_time = 300s
> virtual_alias_maps = hash:/etc/postfix/virtual
> sender_bcc_maps = hash:/etc/postfix/bcc
> mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
> mydestination = /etc/postfix/mydestination
> allow_percent_hack = no
> recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
> 
> # TLS parameters start
> smtpd_tls_key_file = /home/maillion/ssl.key
> smtpd_tls_CAfile = /home/maillion/ssl.ca
> smtpd_tls_cert_file = /home/maillion/ssl.cert
> smtp_use_tls = yes
> smtpd_tls_security_level = may
> # TLS parameters end
> 
> smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
> permit_tls_all_clientcerts reject_rbl_client reject_rbl_client
> reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client
> reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net
> combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client
> reject_rbl_client reject_rhsbl_client bl.spamcannibal.org
> mynetworks = 127.0.0.0/8
> 
> 
> *
> There is any error?*
> 
> Please help me!!

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

NOQUEUE: reject: ... 451 4.3.5 Server configuration error

[lestraw]

Hello Postfix Familty, 

I have configured it according to the postfix manuals a Postfix SASL e-mail
server with Dovecot. And I'm having the following error, when I'm going to
send an email from a client

*451 4.3.5 Server configuration error *

Postfix version 2.6.6 + Dovecot Version 2.0.9 


### ~> Postfix main.cf CENTOS6_X64
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix

mydomain = domain.example
myorigin = $mydomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
smtpd_banner = $mydomain
debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

#sasl autentication start
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
relay_domains = $mydestination, second.example, domain.example
smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
permit_inet_interfaces check_relay_domains reject_sender_login_mismatch 
#sasl autentication end

delay_warning_time = 2h
fast_flush_refresh_time = 15m
fast_flush_purge_time = 30m
smtpd_recipient_limit = 776
bounce_queue_lifetime = 30m
maximal_queue_lifetime = 2h
mailbox_size_limit = 0
message_size_limit = 0
smtp_connection_cache_on_demand = no
smtpd_peername_lookup = no
default_process_limit = 776
qmgr_message_active_limit = 4
qmgr_message_recipient_limit = 4
default_destination_concurrency_limit = 776
default_destination_recipient_limit = 776
smtp_mx_session_limit = 776
smtpd_client_connection_count_limit = 400
smtp_destination_concurrency_limit = 400
maximal_backoff_time = 1000s
minimal_backoff_time = 300s
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mydestination = /etc/postfix/mydestination
allow_percent_hack = no
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

# TLS parameters start
smtpd_tls_key_file = /home/maillion/ssl.key
smtpd_tls_CAfile = /home/maillion/ssl.ca
smtpd_tls_cert_file = /home/maillion/ssl.cert
smtp_use_tls = yes
smtpd_tls_security_level = may
# TLS parameters end

smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
permit_tls_all_clientcerts reject_rbl_client reject_rbl_client
reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client
reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net
combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client
reject_rbl_client reject_rhsbl_client bl.spamcannibal.org
mynetworks = 127.0.0.0/8


*
There is any error?*

Please help me!!




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530.html
Sent from the Postfix Users mailing list archive at Nabble.com.