Postfix Recipient address rejected: Access denied ErrorPostfix rejects all incoming mail (Client host rejected: Access denied)Postfix forwarding issuePOSTFIX fatal: no SASL authentication mechanismsPostfix: Reject reject_unknown_recipient_domain and receive instant email notificationPostfix: Helo command rejected: Host not foundSMTPD restrictionsSASL authentication failure: Password verification failed (postfix + cyrus + saslauthd)Postfix SMTP recipient filter not filteringpostfix authenticate disable smtp port 25, but 587PostFix 451 4.3.5 Recipient address rejected: Server configuration
What is the difference between a game ban and a VAC ban in Steam?
What should I do about a religious player who refuses to accept the existence of multiple gods in D&D?
Question about IV chord in minor key
What are the problems in teaching guitar via Skype?
What does it mean by "d-ism of Leibniz" and "dotage of Newton" in simple English?
The most awesome army: 80 men left and 81 returned. Is it true?
Beginner's snake game using PyGame
Can I ask a publisher for a paper that I need for reviewing
Is there a way to save this session?
Is American Express widely accepted in France?
Why would Lupin kill Pettigrew?
Explain Ant-Man's "not it" scene from Avengers: Endgame
Creating Fictional Slavic Place Names
Is the world in Game of Thrones spherical or flat?
Can you use a concentration spell while using Mantle of Majesty?
Coding Challenge Solution - Good Range
Are grass strips more dangerous than tarmac?
How did the Zip Chip and RocketChip accelerators work for the Apple II?
How does increase in volume change the speed of reaction in production of NO2?
Strange math syntax in old basic listing
Is there a rule that prohibits us from using 2 possessives in a row?
How can a single Member of the House block a Congressional bill?
Did airlines fly their aircraft slower in response to oil prices in the 1970s?
Do adult Russians normally hand-write Cyrillic as cursive or as block letters?
Postfix Recipient address rejected: Access denied Error
Postfix rejects all incoming mail (Client host rejected: Access denied)Postfix forwarding issuePOSTFIX fatal: no SASL authentication mechanismsPostfix: Reject reject_unknown_recipient_domain and receive instant email notificationPostfix: Helo command rejected: Host not foundSMTPD restrictionsSASL authentication failure: Password verification failed (postfix + cyrus + saslauthd)Postfix SMTP recipient filter not filteringpostfix authenticate disable smtp port 25, but 587PostFix 451 4.3.5 Recipient address rejected: Server configuration
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
6
Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success.
The data:
- MY POSTFIX version 2.6.6
- I'm on Centos 6.5
- I'm trying to use Postfix and Dovecot with Dovecot-sasl
- My users are virtual created
- I'm able to sent mail via telnet on port 25 and 587
- 5000 is my POSTFIX user
- Ips where i'm testing my app (if it help) is listed on bl.spamcannibal.org b.barracudacentral.org pbl.spamhaus.org and zend.spamhaus.org
- My ip server is not listed
Telnet to 587 look like this:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix
ehlo localhost
250-mail.mydomain.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Testing my ssl with:
openssl s_client -starttls smtp -crlf -connect mail.mydomain.com:25
Give me this answer ,last lines (I assume is OK)
Verify return code: 18 (self signed certificate)
---
250 DSN
if you need anything more just ask for that.
I Need to know, if you know, where this error used to came from ,at least.
Jan 13 13:44:16 domainname postfix/smtpd[22902]: NOQUEUE: reject: RCPT from mydomain.com[XX:XX:MY:IP]: 554 5.7.1 <mipersonalemail@hotmail.com>: Recipient address rejected: Access denied; from=<no-replay@mydomain.com> to=<mipersonalemail@hotmail.com> proto=ESMTP helo=<domainname>
My Postfix conf NON DEFAULT (postconf -n) give me this: /postfix/main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.1 xx:xx:xx:xx 127.0.0.0/8
myorigin = $mydomain
queue_directory = /var/spool/postfix
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
relayhost = $mydomain
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = sleep 1,reject_unauth_pipelining,permit_sasl_authenticated
smtpd_delay_reject = yes
smtpd_error_sleep_time = 30
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks permit_tls_clientcerts reject_unauth_pipelining reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_invalid_hostname reject_rbl_client bl.spamcop.net reject_rbl_client b.barracudacentral.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client pbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /path/to/my/domain.crt
smtpd_tls_key_file = /path/to/my/domain.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/lib/postfix/prng_exch
tls_random_source = dev:/dev/urandom
And my master.cf look like this:
smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,permit
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Any suggestion would be good help.
postfix tls smtp-auth starttls
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
|
show 2 more comments
6
Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success.
The data:
- MY POSTFIX version 2.6.6
- I'm on Centos 6.5
- I'm trying to use Postfix and Dovecot with Dovecot-sasl
- My users are virtual created
- I'm able to sent mail via telnet on port 25 and 587
- 5000 is my POSTFIX user
- Ips where i'm testing my app (if it help) is listed on bl.spamcannibal.org b.barracudacentral.org pbl.spamhaus.org and zend.spamhaus.org
- My ip server is not listed
Telnet to 587 look like this:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix
ehlo localhost
250-mail.mydomain.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Testing my ssl with:
openssl s_client -starttls smtp -crlf -connect mail.mydomain.com:25
Give me this answer ,last lines (I assume is OK)
Verify return code: 18 (self signed certificate)
---
250 DSN
if you need anything more just ask for that.
I Need to know, if you know, where this error used to came from ,at least.
Jan 13 13:44:16 domainname postfix/smtpd[22902]: NOQUEUE: reject: RCPT from mydomain.com[XX:XX:MY:IP]: 554 5.7.1 <mipersonalemail@hotmail.com>: Recipient address rejected: Access denied; from=<no-replay@mydomain.com> to=<mipersonalemail@hotmail.com> proto=ESMTP helo=<domainname>
My Postfix conf NON DEFAULT (postconf -n) give me this: /postfix/main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.1 xx:xx:xx:xx 127.0.0.0/8
myorigin = $mydomain
queue_directory = /var/spool/postfix
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
relayhost = $mydomain
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = sleep 1,reject_unauth_pipelining,permit_sasl_authenticated
smtpd_delay_reject = yes
smtpd_error_sleep_time = 30
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks permit_tls_clientcerts reject_unauth_pipelining reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_invalid_hostname reject_rbl_client bl.spamcop.net reject_rbl_client b.barracudacentral.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client pbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /path/to/my/domain.crt
smtpd_tls_key_file = /path/to/my/domain.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/lib/postfix/prng_exch
tls_random_source = dev:/dev/urandom
And my master.cf look like this:
smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,permit
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Any suggestion would be good help.
postfix tls smtp-auth starttls
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
1
THe error came fromsmtpd_recipient_restrictionsonsubmissionservice in master.cf. You only permit a client who authenticated via SASL. Did you set that properly?
– masegaloeh
Jan 13 '15 at 14:34
Also, you should only need to usepermit_sasl_authenticatedonce in thesmtpd_XXX_restrictionsas it won't be setting up multiple sasl connections for each test, and if any of the steps rejects it, it will end up rejected in totality.
– NickW
Jan 13 '15 at 14:38
@masegaloeh I set that according to this wiki wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL except for "permit" at the end of smtpd_client_restrictions in submission just was something I change for testing pourposes, if I replace that permit with as a reject as in the Wiki page now It gives me a "the Client host rejected: Access denied".
– MikZuit
Jan 13 '15 at 16:31
1
@NickW you mean in the main.cf and master.cf ? Could you be more specific?
– MikZuit
Jan 13 '15 at 16:32
2
It's not wrong the way you're doing it, it just makes things harder to read, and to understand where the connection is stopped. BTW, masegaloeh is right, permit sasl authenticated means they are authenticating via SASL, not just making an SSL/TLS connection.
– NickW
Jan 13 '15 at 16:44
|
show 2 more comments
6
6
6
Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success.
The data:
- MY POSTFIX version 2.6.6
- I'm on Centos 6.5
- I'm trying to use Postfix and Dovecot with Dovecot-sasl
- My users are virtual created
- I'm able to sent mail via telnet on port 25 and 587
- 5000 is my POSTFIX user
- Ips where i'm testing my app (if it help) is listed on bl.spamcannibal.org b.barracudacentral.org pbl.spamhaus.org and zend.spamhaus.org
- My ip server is not listed
Telnet to 587 look like this:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix
ehlo localhost
250-mail.mydomain.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Testing my ssl with:
openssl s_client -starttls smtp -crlf -connect mail.mydomain.com:25
Give me this answer ,last lines (I assume is OK)
Verify return code: 18 (self signed certificate)
---
250 DSN
if you need anything more just ask for that.
I Need to know, if you know, where this error used to came from ,at least.
Jan 13 13:44:16 domainname postfix/smtpd[22902]: NOQUEUE: reject: RCPT from mydomain.com[XX:XX:MY:IP]: 554 5.7.1 <mipersonalemail@hotmail.com>: Recipient address rejected: Access denied; from=<no-replay@mydomain.com> to=<mipersonalemail@hotmail.com> proto=ESMTP helo=<domainname>
My Postfix conf NON DEFAULT (postconf -n) give me this: /postfix/main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.1 xx:xx:xx:xx 127.0.0.0/8
myorigin = $mydomain
queue_directory = /var/spool/postfix
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
relayhost = $mydomain
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = sleep 1,reject_unauth_pipelining,permit_sasl_authenticated
smtpd_delay_reject = yes
smtpd_error_sleep_time = 30
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks permit_tls_clientcerts reject_unauth_pipelining reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_invalid_hostname reject_rbl_client bl.spamcop.net reject_rbl_client b.barracudacentral.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client pbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /path/to/my/domain.crt
smtpd_tls_key_file = /path/to/my/domain.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/lib/postfix/prng_exch
tls_random_source = dev:/dev/urandom
And my master.cf look like this:
smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,permit
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Any suggestion would be good help.
postfix tls smtp-auth starttls
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success.
The data:
- MY POSTFIX version 2.6.6
- I'm on Centos 6.5
- I'm trying to use Postfix and Dovecot with Dovecot-sasl
- My users are virtual created
- I'm able to sent mail via telnet on port 25 and 587
- 5000 is my POSTFIX user
- Ips where i'm testing my app (if it help) is listed on bl.spamcannibal.org b.barracudacentral.org pbl.spamhaus.org and zend.spamhaus.org
- My ip server is not listed
Telnet to 587 look like this:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix
ehlo localhost
250-mail.mydomain.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Testing my ssl with:
openssl s_client -starttls smtp -crlf -connect mail.mydomain.com:25
Give me this answer ,last lines (I assume is OK)
Verify return code: 18 (self signed certificate)
---
250 DSN
if you need anything more just ask for that.
I Need to know, if you know, where this error used to came from ,at least.
Jan 13 13:44:16 domainname postfix/smtpd[22902]: NOQUEUE: reject: RCPT from mydomain.com[XX:XX:MY:IP]: 554 5.7.1 <mipersonalemail@hotmail.com>: Recipient address rejected: Access denied; from=<no-replay@mydomain.com> to=<mipersonalemail@hotmail.com> proto=ESMTP helo=<domainname>
My Postfix conf NON DEFAULT (postconf -n) give me this: /postfix/main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.1 xx:xx:xx:xx 127.0.0.0/8
myorigin = $mydomain
queue_directory = /var/spool/postfix
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
relayhost = $mydomain
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = sleep 1,reject_unauth_pipelining,permit_sasl_authenticated
smtpd_delay_reject = yes
smtpd_error_sleep_time = 30
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks permit_tls_clientcerts reject_unauth_pipelining reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_invalid_hostname reject_rbl_client bl.spamcop.net reject_rbl_client b.barracudacentral.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client pbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /path/to/my/domain.crt
smtpd_tls_key_file = /path/to/my/domain.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/lib/postfix/prng_exch
tls_random_source = dev:/dev/urandom
And my master.cf look like this:
smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,permit
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Any suggestion would be good help.
postfix tls smtp-auth starttls
postfix tls smtp-auth starttls
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
edited Jan 15 '15 at 21:22
MikZuit
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
asked Jan 13 '15 at 13:55
MikZuitMikZuit
1411515
1411515
1
THe error came fromsmtpd_recipient_restrictionsonsubmissionservice in master.cf. You only permit a client who authenticated via SASL. Did you set that properly?
– masegaloeh
Jan 13 '15 at 14:34
Also, you should only need to usepermit_sasl_authenticatedonce in thesmtpd_XXX_restrictionsas it won't be setting up multiple sasl connections for each test, and if any of the steps rejects it, it will end up rejected in totality.
– NickW
Jan 13 '15 at 14:38
@masegaloeh I set that according to this wiki wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL except for "permit" at the end of smtpd_client_restrictions in submission just was something I change for testing pourposes, if I replace that permit with as a reject as in the Wiki page now It gives me a "the Client host rejected: Access denied".
– MikZuit
Jan 13 '15 at 16:31
1
@NickW you mean in the main.cf and master.cf ? Could you be more specific?
– MikZuit
Jan 13 '15 at 16:32
2
It's not wrong the way you're doing it, it just makes things harder to read, and to understand where the connection is stopped. BTW, masegaloeh is right, permit sasl authenticated means they are authenticating via SASL, not just making an SSL/TLS connection.
– NickW
Jan 13 '15 at 16:44
|
show 2 more comments
1
THe error came fromsmtpd_recipient_restrictionsonsubmissionservice in master.cf. You only permit a client who authenticated via SASL. Did you set that properly?
– masegaloeh
Jan 13 '15 at 14:34
Also, you should only need to usepermit_sasl_authenticatedonce in thesmtpd_XXX_restrictionsas it won't be setting up multiple sasl connections for each test, and if any of the steps rejects it, it will end up rejected in totality.
– NickW
Jan 13 '15 at 14:38
@masegaloeh I set that according to this wiki wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL except for "permit" at the end of smtpd_client_restrictions in submission just was something I change for testing pourposes, if I replace that permit with as a reject as in the Wiki page now It gives me a "the Client host rejected: Access denied".
– MikZuit
Jan 13 '15 at 16:31
1
@NickW you mean in the main.cf and master.cf ? Could you be more specific?
– MikZuit
Jan 13 '15 at 16:32
2
It's not wrong the way you're doing it, it just makes things harder to read, and to understand where the connection is stopped. BTW, masegaloeh is right, permit sasl authenticated means they are authenticating via SASL, not just making an SSL/TLS connection.
– NickW
Jan 13 '15 at 16:44
1
1
THe error came from
smtpd_recipient_restrictions on submission service in master.cf. You only permit a client who authenticated via SASL. Did you set that properly?– masegaloeh
Jan 13 '15 at 14:34
THe error came from
smtpd_recipient_restrictions on submission service in master.cf. You only permit a client who authenticated via SASL. Did you set that properly?– masegaloeh
Jan 13 '15 at 14:34
Also, you should only need to use
permit_sasl_authenticated once in the smtpd_XXX_restrictions as it won't be setting up multiple sasl connections for each test, and if any of the steps rejects it, it will end up rejected in totality.– NickW
Jan 13 '15 at 14:38
Also, you should only need to use
permit_sasl_authenticated once in the smtpd_XXX_restrictions as it won't be setting up multiple sasl connections for each test, and if any of the steps rejects it, it will end up rejected in totality.– NickW
Jan 13 '15 at 14:38
@masegaloeh I set that according to this wiki wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL except for "permit" at the end of smtpd_client_restrictions in submission just was something I change for testing pourposes, if I replace that permit with as a reject as in the Wiki page now It gives me a "the Client host rejected: Access denied".
– MikZuit
Jan 13 '15 at 16:31
@masegaloeh I set that according to this wiki wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL except for "permit" at the end of smtpd_client_restrictions in submission just was something I change for testing pourposes, if I replace that permit with as a reject as in the Wiki page now It gives me a "the Client host rejected: Access denied".
– MikZuit
Jan 13 '15 at 16:31
1
1
@NickW you mean in the main.cf and master.cf ? Could you be more specific?
– MikZuit
Jan 13 '15 at 16:32
@NickW you mean in the main.cf and master.cf ? Could you be more specific?
– MikZuit
Jan 13 '15 at 16:32
2
2
It's not wrong the way you're doing it, it just makes things harder to read, and to understand where the connection is stopped. BTW, masegaloeh is right, permit sasl authenticated means they are authenticating via SASL, not just making an SSL/TLS connection.
– NickW
Jan 13 '15 at 16:44
It's not wrong the way you're doing it, it just makes things harder to read, and to understand where the connection is stopped. BTW, masegaloeh is right, permit sasl authenticated means they are authenticating via SASL, not just making an SSL/TLS connection.
– NickW
Jan 13 '15 at 16:44
|
show 2 more comments
1 Answer
1
active
oldest
votes
9
In this line:
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
You are rejecting not authenticated messages from submission port. You need change the test, to authenticate (AUTH command) or replace reject to reject_unauth_destination
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f659135%2fpostfix-recipient-address-rejected-access-denied-error%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
9
In this line:
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
You are rejecting not authenticated messages from submission port. You need change the test, to authenticate (AUTH command) or replace reject to reject_unauth_destination
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
add a comment |
9
In this line:
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
You are rejecting not authenticated messages from submission port. You need change the test, to authenticate (AUTH command) or replace reject to reject_unauth_destination
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
add a comment |
9
9
9
In this line:
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
You are rejecting not authenticated messages from submission port. You need change the test, to authenticate (AUTH command) or replace reject to reject_unauth_destination
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
In this line:
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
You are rejecting not authenticated messages from submission port. You need change the test, to authenticate (AUTH command) or replace reject to reject_unauth_destination
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
edited May 17 at 19:00
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
answered Jan 14 '15 at 11:28
Reinaldo GilReinaldo Gil
54127
54127
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
add a comment |
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
Sorry for not come here before , was busy . This is actually what I do and everything looks fine since then. Thanks anyway and I'm going to accept this answer because is what I already have done.
– MikZuit
Jan 15 '15 at 21:15
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
this comment saved my development enviroment, thank you
– MiPnamic
Nov 23 '15 at 16:37
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f659135%2fpostfix-recipient-address-rejected-access-denied-error%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
THe error came from
smtpd_recipient_restrictionsonsubmissionservice in master.cf. You only permit a client who authenticated via SASL. Did you set that properly?– masegaloeh
Jan 13 '15 at 14:34
Also, you should only need to use
permit_sasl_authenticatedonce in thesmtpd_XXX_restrictionsas it won't be setting up multiple sasl connections for each test, and if any of the steps rejects it, it will end up rejected in totality.– NickW
Jan 13 '15 at 14:38
@masegaloeh I set that according to this wiki wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL except for "permit" at the end of smtpd_client_restrictions in submission just was something I change for testing pourposes, if I replace that permit with as a reject as in the Wiki page now It gives me a "the Client host rejected: Access denied".
– MikZuit
Jan 13 '15 at 16:31
1
@NickW you mean in the main.cf and master.cf ? Could you be more specific?
– MikZuit
Jan 13 '15 at 16:32
2
It's not wrong the way you're doing it, it just makes things harder to read, and to understand where the connection is stopped. BTW, masegaloeh is right, permit sasl authenticated means they are authenticating via SASL, not just making an SSL/TLS connection.
– NickW
Jan 13 '15 at 16:44