reject: RCTP from xxx 554 5.7.1 Recipient addressd: Access denied

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

reject: RCTP from xxx 554 5.7.1 Recipient addressd: Access denied

xiedeacc
Hi, all
my postfix now can send/recive mail from my own domain, and can send out
mail to external mail server like gmail, but cannot recive mail from
external mail server, mail.log said reject: RCTP from xxx 554 5.7.1
Recipient addressd: Access denied

smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipient_access, permit_auth_destination,
reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, check_policy_service
unix:/var/spool/postfix/var/run/postgrey/socket, reject

even I changed smtpd_recipient_restrictions to smtpd_recipient_restrictions
= permit, it still didn't work



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: reject: RCTP from xxx 554 5.7.1 Recipient addressd: Access denied

Wietse Venema
xiedeacc:

> Hi, all
> my postfix now can send/recive mail from my own domain, and can send out
> mail to external mail server like gmail, but cannot recive mail from
> external mail server, mail.log said reject: RCTP from xxx 554 5.7.1
> Recipient addressd: Access denied
>
> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix/recipient_access, permit_auth_destination,
> reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
> reject_non_fqdn_recipient, reject_unknown_recipient_domain,
> reject_unauth_destination, check_policy_service
> unix:/var/spool/postfix/var/run/postgrey/socket, reject
>
> even I changed smtpd_recipient_restrictions to smtpd_recipient_restrictions
> = permit, it still didn't work

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.
Reply | Threaded
Open this post in threaded view
|

Re: reject: RCTP from xxx 554 5.7.1 Recipient addressd: Access denied

xiedeacc
thanks, I have read all those docs, and I find fix it, but after do some
tries, I find out config
 wrong smtpd_relay_restrictions parameters , and ask another question, will
master.cf inherit parameters from main.cf like smptd_recipient_restrictions?



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: reject: RCTP from xxx 554 5.7.1 Recipient addressd: Access denied

Viktor Dukhovni
In reply to this post by xiedeacc
On Sat, Sep 02, 2017 at 06:34:35AM -0700, xiedeacc wrote:


Note the below reformatting of the text you sent to show one logical
restrictin per line.  When asking for help it is polite to make it
easier for others to help you.  Try to not send a jumble of text
that others have to tease apart.

I've also numbered the restrictions to make it easier to make the
point below.

> smtpd_recipient_restrictions =
> 1.    check_recipient_access hash:/etc/postfix/recipient_access,
> 2.    permit_auth_destination,
> 3.    reject_unauth_pipelining
> 4.    permit_mynetworks,
> 5.    permit_sasl_authenticated,
> 6.    reject_non_fqdn_recipient,
> 7.    reject_unknown_recipient_domain,
> 8.    reject_unauth_destination,
> 9.    check_policy_service unix:/var/spool/postfix/var/run/postgrey/socket,
> 10.   reject

After restriction (2), all of your inbound domains are allowed,
and only outbound mail to remote domains is subject to further
checks.

After restriction (8), all remote domains are rejected.  And so
if this arrangement is intentional, and not a temporary attempt
to avoid rejecting email, then (9) can never be reached.

And likely adding (10) makes little sense after a greylisting policy
at (9), because I'd expect (9) to only ever "DEFER" or "DUNNO",
which means that nothing can get past (9) + (10).  I'd surprised
to find that "postgrey" returns "OK" and not "DUNNO" when greylisting
passes.

--
        Viktor.