Problems with postfix from some ips

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problems with postfix from some ips

Francesc Peñalvez
I ve the last postfix server with tls and sasl.I find that from some ips also with postfix servers do not get to connect properly.the syslog only i see this:

Jun 14 12:02:10 ns postfix/smtpd[23322]: connect from x.x.x.x.x[x.x.x.x]
Jun 14 12:02:11 ns postfix/smtpd[23322]: disconnect from  x.x.x.x. [x.x.x.x.]]
Jun 14 12:02:13 ns postfix/smtpd[23322]: connect from x.x.x.x.x.[x.x.x.x]
Jun 14 12:02:13 ns postfix/smtpd[23322]: disconnect from x.x.x.x.x.x[x.x.x.x.]
Jun 14 12:02:17 ns postfix/smtpd[23322]: connect from x.x.x.x.[x.x.x..x.x]
Jun 14 12:02:17 ns postfix/smtpd[23322]: disconnect from x.x.x.x.[x.x.x.x.]


Only happens to me from two of my vps, from the rest I recived mails with normality.

My main.cnf:

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

#readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/archive/almogavers.net/fullchain2.pem
smtpd_tls_key_file = /etc/letsencrypt/archive/almogavers.net/privkey2.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

mydomain = almogavers.net
myhostname = ns.almogavers.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 dynamicip.rima-tde.net
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination permit_inet_interfaces reject_unknown_reverse_client_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
#smtpd_helo_restrictions = permit_mynetworks,     reject_invalid_hostname,     permit
smtpd_hard_error_limit = 20
inet_protocols = ipv4
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = high
allow_untrusted_routing = yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = encrypt
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts check_client_access hash:/etc/postfix/access
smtpd_helo_required = yes
fallback_relay =
mynetworks_style = class
notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
masquerade_domains = almogavers.net
relayhost =
inet_interfaces = all
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_recipient_restrictions =
            reject_invalid_hostname,
            reject_unknown_recipient_domain,
            reject_unauth_pipelining,
            permit_mynetworks,
            reject_unauth_destination,
            reject_rbl_client all.s5h.net,
            reject_rbl_client bl.spamcannibal.org,
            reject_rbl_client web.dnsbl.sorbs.net,
            reject_rbl_client b.barracudacentral.org,
            reject_rbl_client multi.uribl.com,
            reject_rbl_client dsn.rfc-ignorant.org,
            reject_rbl_client dul.dnsbl.sorbs.net,
#            reject_rbl_client dnsbl.sorbs.net,
            reject_rbl_client list.dsbl.org,
            reject_rbl_client sbl-xbl.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client ix.dnsbl.manitu.net,
            reject_rbl_client combined.rbl.msrbl.net,
            reject_rbl_client rabl.nuclearelephant.com,
            check_relay_domains,
            permit


smtpd_relay_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, check_relay_domains, reject_rbl_client $
postscreen_bare_newline_enable = no
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no

Any Ideas?




Enviat amb Mailtrack
Loading...