From: Noel Jones (no email)
Date: Thu Aug 24 2006 - 13:53:50 EDT
At 12:25 PM 8/24/2006, Forrest Aldrich wrote:
>[ postconf -n ]
>bounce_size_limit = 800000
That seems awfully big. The default 50000 should be quite
adequate.
>inet_interfaces = 127.0.0.1, 192.168.1.21, 192.168.2.21
Should probably set proxy_interfaces to your external address.
http://www.postfix.org/postconf.5.html#proxy_interfaces
>local_recipient_maps = $alias_maps
You only want to receive mail for users listed in
alias_maps? This is not automatically wrong, but unusual.
>mydestination = $mydomain
>mydomain = domain.com
>relay_domains = $mydestination, domain.com
is domain.com mail that is delivered locally on *this*
machine? Then set "relay_domains =" (empty). Or is
domain.com mail relayed to another box for final
delivery? Then it must not be included in mydestination,
and you must list valid recipients in relay_recipient_maps.
http://www.postfix.org/ADDRESS_CLASS_README.html
>sender_canonical_maps =
>hash:/usr/local/etc/postfix/sender_canonical
It is generally a mistake to use
{sender,recipient}_canonical_maps. Usually those entries
really belong in canonical_maps. Make sure you understand this.
>show_user_unknown_table_name = no
This can make debugging much more difficult. Set it back
to "yes" until you are sure everything is working.
>smtpd_client_restrictions = check_client_access
>hash:/usr/local/etc/postfix/access check_
>client_access
>hash:/usr/local/etc/postfix/spammers reject_rbl_client
>bl.spamcop.net re
>ject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client
>dnsbl.njabl.org reject_unauth_p
>ipelining
Ok.
>smtpd_helo_restrictions = permit_mynetworks
>reject_non_fqdn_hostname reject_invalid_ho
>stname hash:/usr/local/etc/postfix/spammers
Here you're using your "spammers" table as a
check_helo_access map. Earlier you used it as a
check_client_access map. So which is it?
>smtpd_recipient_restrictions = check_recipient_access
>hash:/usr/local/etc/postfix/recipient
> hash:/usr/local/etc/postfix/spammers
and here "spammers" is used as a check_recipient_access
map. So which is it?
Generally it's a bad idea to use access tables as the first
items in smtpd_recipient_restrictions. These should
probably go below reject_unauth_destination.
>permit_mynetworks
>reject_unauth_destination
>check_sender_access hash:/usr/local/etc/postfix/access
>check_client_access hash:/usr/loc
>al/etc/postfix/access reject_non_fqdn_recipient
And here you're using "access" as both a
check_sender_access and check_client_access map. So which
is it?
Also note that "reject_non_fqdn_recipient" is unlikely to
do anything when it's after
"reject_unauth_destination". Remove it.
>smtpd_sender_restrictions = check_sender_access
>hash:/usr/local/etc/postfix/access reject
>_non_fqdn_sender reject_unknown_sender_domain
>hash:/usr/local/etc/postfix/spammers
Duplicate "access" map check, remove it.
>Aug 24 13:15:45 mail1 postfix/smtpd[33065]: connect from
>host1.domain.com[192.168.1.10]
>Aug 24 13:16:09 mail1 postfix/smtpd[33065]: NOQUEUE:
>reject: RCPT from host1.domain.com[192.168.1.10]: 550
>5.1.1 <>: Recipient address rejected:
>User unknown; from=<>
>to=<> proto=SMTP helo=<ourhost.com>
All these look as if they log "User unknown" because the
recipient doesn't exist in your aliases table.
-- Noel Jones
|
|
|