flashingcurser |
04-25-2007 12:23 PM |
Post rejecting connections on 127.0.0.1 on localhost
I took the plunge and updated sarge to etch and now it rejects localhost proxy connections from spamassassin, postgrey, clamsmtp.
Other clues: outgoing works fine. It is queueing up the mail just fine, because I am not getting any bounces when I sent to addresses on that machine. It is also unable to deliver admin system messages.
Main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
myhostname = webservices1.firstdomain.us
myorigin = /etc/mailname
mydestination = webservices1.firstdomain.us, mail.firstdomain.us, lists.firstdomain.us, firstdomain.us, mail.seconddomain.org, etc....
mynetworks = 127.0.0.0/8 192.168.2.0/24 192.168.1.0/24
smtpd_sasl_local_domain =
## $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
virtual_alias_maps = hash:/etc/postfix/virtual, hash:/var/lib/mailman/data/aliases
##, hash:/var/lib/mailman/data/aliases
##virtual_maps = hash:/var/lib/mailman/data/virtual-mailman
relayhost =
## mailmain stuff
relay_domains = lists.fistdomain.us, lists.seconddomain.org
transport_maps = hash:/etc/postfix/transport
mailmain_destination_recipient_limit = 1
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
regexp:/etc/postfix/helo.regexp,
permit
smtpd_recipient_limit = 20
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 10
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:60000,
check_recipient_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/helo_client_exceptions,
check_sender_access hash:/etc/postfix/sender_checks,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_sender,
reject_unauth_pipelining,
check_client_access hash:/etc/postfix/rbl_client_exceptions,
permit
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_client_reject_code = 554
smtpd_sender_restrictions =
permit_mynetworks,
reject_rhsbl_sender dsn.rfc-ignorant.org,
permit_sasl_authenticated,
reject_sender_login_mismatch,
hash:/etc/postfix/access,
permit
content_filter = scan:[127.0.0.1]:10025
home_mailbox = Maildir/
A snipit of a typical error message:
Code:
Apr 25 09:59:27 webservices1 postfix/smtp[20814]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10025)
The above is the outgoing connection from antivirus proxy on 10025
Thanks
dan
|