 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Nov-2007 | Next-Thread | Next-Msg |
| Subject: | Is this expected reject behavior for foreign IP connect attempt? |
| Group: | Postfix-users |
| From: | Charles Marcus |
| Date: | 28 Nov 2007 |
I run postfix (2.4.5/Gentoo Linux) on a non-public network, which relays
all outgoing mail through our ISP, and only accepts incoming connections
from our outsourced anti-spam provider (mxlogic).
I just saw this this morning in my logs (substituted 'realuser' for the
real users username):
Nov 28 06:10:54 moria postfix/smtpd[12808]: connect from
198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]
Nov 28 06:10:55 moria postfix/smtpd[12808]: NOQUEUE: reject: RCPT from
198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]: 554 5.7.1
<realuser>: Recipient address rejected: Access denied;
from=<eprf> to=<realuser> proto=SMTP
helo=<198.Red-83-34-237.dynamicIP.rima-tde.net>
Nov 28 06:10:56 moria postfix/smtpd[12808]: lost connection after RCPT
from 198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]
Nov 28 06:10:56 moria postfix/smtpd[12808]: disconnect from
198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]
Why the "554 5.7.1 <realuser>: Recipient address
rejected: Access denied" error? Is this the expected reject message if
the connecting IP is outside the acceptable range?
The reason I ask is I monitor my logs consistently, and have never seen
a connection rejection like this, and I'd have thought I'd get a lot of
these if this is how all foreign IP rejections were handled...
Here is postconf -n:
moria postfix # postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases, hash:/usr/local/mailman/data/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib64/postfix
debug_peer_list = mxlogic.com
default_destination_concurrency_limit = 20
home_mailbox = .maildir/
local_destination_concurrency_limit = 2
mail_owner = postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
mydomain = media-brokers.com
myhostname = moria.media-brokers.com
mynetworks = 127.0.0.0/8
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.5/readme
relayhost = [smtp.nuvox.net]
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_client_access cidr:/etc/postfix/client_no_relay.cidr, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions =
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/wildcard.crt
smtpd_tls_key_file = /etc/ssl/wildcard.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/usr/local/mailman/data/virtual-mailman
virtual_gid_maps = static:207
virtual_mailbox_base = /var/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 207
virtual_transport = virtual
virtual_uid_maps = static:207
moria postfix #
and here is content of client_no_relay.cidr:
127.0.0.0/8 permit
208.65.144.0/21 permit_auth_destination
66.179.26.128/26 permit_auth_destination
64.92.205.64/27 permit_auth_destination
66.179.109.160/27 permit_auth_destination
216.183.119.96/27 permit_auth_destination
Maybe I'm not restricting connections to my box properly? Or just not
understanding the reject message?
Tia for any insights...
--
Best regards,
Charles
| Prev-Msg | Prev-Thread | Postfix-users | Nov-2007 | Next-Thread | Next-Msg |