Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
... It is easier for others to help if exact error messages are shown (copy/paste, or write the exact message you see in a dialog). Without this critical data, we're left guessing, and this makes it less likely anyone will actually help, or do so quickly and efficiently. Certainly there is more of a message than "timeout".
Post #34 is exactly what is necessary. It gives the important information such as the postfix service smtpd, and now we can see it was a message from a remote host that was rejected.
There is no way to know with certainty which mail is "genuine". What about the message makes it genuine? The sender's hostname? The sending client's IP? The HELO hostname? Or perhaps it is something in the content?
It appears you have may have a reject_unknown_client_hostname in your smtpd_recipient_restrictions (or reject_unknown_client in postfix < 2.3). This can lead to false positive rejections.
Now it is time to show output of postconf -n so we can evaluate the cause and inspect your restrictions.
FYI: I saw your post #33, and didn't respond. Frankly, being an exact repost of post #31, and not posting the entire log line as was requested, I didn't think we were going to go any further. It is more productive when one puts more energy and due-diligence into the helping process.
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_lock = fcntl, dotlock
mailbox_delivery_lock = fcntl, dotlock
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:127.0.0.1:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debug_peer_list = 127.0.0.1
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
invalid_hostname_reject_code = 554
local_recipient_maps = unixasswd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 152400000000 <<< 142 gig for a mailbox! That's rather large.
mailq_path = /usr/bin/mailq.sendmail
manpage_directory = /usr/local/man
maximal_queue_lifetime = 2d
message_size_limit = 15240000000 <<< 142 gig for a message is insane.
mydestination = $myhostname, localhost.localdomain, $mydomain,
mydomain = xxxxxxxx.com
myhostname = xxxxx.xxxxxxxx.com
mynetworks = 192.168.1.0/24, 127.0.0.0/8, xxx.xx.xxx.xxx, . . . . . .
newaliases_path = /usr/bin/newaliases.sendmail
non_fqdn_reject_code = 554
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains =
relay_domains_reject_code = 554
sendmail_path = /usr/sbin/sendmail.sendmail
setgid_group = postdrop
smtpd_error_sleep_time = 0
smtpd_helo_required = yes
Below, let's clear out smtpd_{helo,client,sender}_restictions,
and move these restrictions into smtpd_recipient_checks
to simplify your configuration. Your new smtpd_recipient_checks
would look like:
smtpd_helo_restrictions =
smtpd_client_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unlisted_recipient
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unknown_sender_domain
reject_non_fqdn_hostname <<< in postfix >= 2.3, use reject_non_fqdn_helo_hostname
reject_non_fqdn_helo_hostname <<< in postfix < 2.3, use reject_non_fqdn_hostnmame instead
<<< But note: either of these may have many false positives, depending upon where you
<<< place this restriction, as many Windows MUAs do not have FQDN helo's. Place this
<<< after permit_mynetworks is probably OK.
reject_invalid_hostname <<< in postfix >= 2.3, use reject_invalid_helo_hostname
reject_invalid_helo_hostname <<< in postfix < 2.3, use reject_invalid_hostname instead
reject_unknown_client <<< this with your changed reject code below will lose mail
reject_unknown_recipient_domain <<< Remove: this when placed after reject_unauth_destination will only reject
<<< *your own systems* when DNS errors occur
reject_rbl_client zen.spamhaus.org=127.0.0.10
reject_rbl_client zen.spamhaus.org=127.0.0.1 <<< these two are superfluous with the plain reject_rbl_client
reject_rbl_client zen.spamhaus.org <<< here
smtpd_data_restrictions =
reject_unauth_pipelining
permit
The reject_unauth_pipelining restrictions only make sense in smtpd_data_restrictions, so I've moved it there.
soft_bounce = no
strict_rfc821_envelopes = yes
unknown_client_reject_code = 554 <<< this is dangerous - you will perm reject mail when DNS errors occur
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unverified_sender_reject_code = 554
Don't change the above reject codes until you are fully aware of the consequences.
Leave them at their defaults. Otherwise, you are likely to reject good mail.
You haven't responded with what exactly makes the mail rejected in post 31 and 33 actually considered "genuine"; until we know that, we can't indicate what form of access control to advise.
You haven't responded with what exactly makes the mail rejected in post 31 and 33 actually considered "genuine"; until we know that, we can't indicate what form of access control to advise.
Ok, I'll explain. One of our clients complained that mails sent to mydomain users are getting rejected. I asked their ID and while asked them to send mail once again for me to check. They sent the mail and I got the message(in post34) from my maillog. That is why I told that the mail is genuine. This was the only message in my log corresponding to their domain name.
Now, I have made changes as you suggested. Tried sending and recieving mails which is working very fine. I can see that the problem is solved.
Many Many Thanks to everyone who helped me. Special thanks to Mr.C for tolerating me and replying to my queries promptly and pointing errors in my posts.
Let me start up with a new issue ?
Straight away I 'll explain my queries.
I am trying to integrate SASL to my postfix, so that my users out of my network can configure mail clients to send mails.
Following "The Book of Postfix", I upgraded my existing postfix and configured. All configurations are done as given in the book. (If you need step by step procedure, I will explain. Please let me know).
SASL related entries currently in my main.cf are :
Yesterday, I have changed my main.cf as per your suggestions in post #37. But today my users are complaining that spam mails have increased and they got some 10-20 spams just by a day. Please see the configuration below:
Yesterday, I have changed my main.cf as per your suggestions in post #37. But today my users are complaining that spam mails have increased and they got some 10-20 spams just by a day. Please see the configuration below:
There's no data here to indicate the nature of the problem. Your going to have to dig into the spam messages to see what is being passed that should be caught as spam. Show message headers, and log lines for passed messages that should be caught as spam.
There's no data here to indicate the nature of the problem. Your going to have to dig into the spam messages to see what is being passed that should be caught as spam. Show message headers, and log lines for passed messages that should be caught as spam.
Message Header
PHP Code:
Return-Path: <JarvisbelleHouse@christopherreeve.org> X-Original-To: philix@MYDOMAIN.com Delivered-To: philix@MYDOMAIN.com Received: from localhost (MYHOST.MYDOMAIN.com [127.0.0.1]) by MYHOST.MYDOMAIN.com (Postfix) with ESMTP id ACF4DF78004 for <philix@MYDOMAIN.com>; Mon, 27 Oct 2008 02:41:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at MYDOMAIN.com X-Spam-Flag: NO X-Spam-Score: 6.025 X-Spam-Level: ****** X-Spam-Status: No, score=6.025 tagged_above=2 required=6.2 tests=[BAYES_50=0.001, DATE_IN_PAST_06_12=1.069, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501, URIBL_SBL=1.499] Received: from MYHOST.MYDOMAIN.com ([127.0.0.1]) by localhost (MYHOST.MYDOMAIN.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jkvqysvhMA3f for <philix@MYDOMAIN.com>; Mon, 27 Oct 2008 02:41:48 -0700 (PDT) Received: from yourw04gtxld67.espeedusa.com (static-72-90-79-82.syrcny.fios.verizon.net [72.90.79.82]) by MYHOST.MYDOMAIN.com (Postfix) with SMTP id 1289AF78003 for <philix@MYDOMAIN.com>; Mon, 27 Oct 2008 02:41:47 -0700 (PDT) Received: (from tomcat@localhost) by 163.151.164.121 (8.12.8/8.12.8/Submit) id j5CHmn6V915905 for philix@MYDOMAIN.com; Mon, 27 Oct 2008 05:40:41 +0500 Date: Mon, 27 Oct 2008 05:40:41 +0500 Message-ID: <703m977a.0298252@christopherreeve.org> X-Mailer: Mediacomm Communicator 1.11 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - lebensraum.christopherreeve.org X-AntiAbuse: Original Domain - christopherreeve.org X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [16 75] X-AntiAbuse: Sender Address Domain - christopherreeve.org X-Source: X-Source-Args: X-Source-Dir: X-Auth: 3-DES X-Auth-bits: 53833593899265092358883169 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: <philix@MYDOMAIN.com> From: "Cole Pace" <JarvisbelleHouse@christopherreeve.org> Subject: play free win real money Status:
Message Body :
Quote:
Truly the best action on the internet.
1800 USD in cash bonus and EVERYY game imdgiqable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.