Is this expected reject behavior for foreign IP connect attempt?

From: Charles Marcus (no email)
Date: Wed Nov 28 2007 - 06:37:46 EST

  • Next message: Michael Tokarev: "Re: Is this expected reject behavior for foreign IP connect attempt?"

    Hi,

    I run postfix (2.4.5/Gentoo Linux) on a non-public network, which relays
    all outgoing mail through our ISP, and only accepts incoming connections
    from our outsourced anti-spam provider (mxlogic).

    I just saw this this morning in my logs (substituted 'realuser' for the
    real users username):

    Nov 28 06:10:54 moria postfix/smtpd[12808]: connect from
    198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]
    Nov 28 06:10:55 moria postfix/smtpd[12808]: NOQUEUE: reject: RCPT from
    198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]: 554 5.7.1
    <>: Recipient address rejected: Access denied;
    from=<> to=<> proto=SMTP
    helo=<198.Red-83-34-237.dynamicIP.rima-tde.net>
    Nov 28 06:10:56 moria postfix/smtpd[12808]: lost connection after RCPT
    from 198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]
    Nov 28 06:10:56 moria postfix/smtpd[12808]: disconnect from
    198.Red-83-34-237.dynamicIP.rima-tde.net[83.34.237.198]

    Why the "554 5.7.1 <>: Recipient address
    rejected: Access denied" error? Is this the expected reject message if
    the connecting IP is outside the acceptable range?

    The reason I ask is I monitor my logs consistently, and have never seen
    a connection rejection like this, and I'd have thought I'd get a lot of
    these if this is how all foreign IP rejections were handled...

    Here is postconf -n:

    moria postfix # postconf -n
    alias_database = hash:/etc/mail/aliases
    alias_maps = hash:/etc/mail/aliases, hash:/usr/local/mailman/data/aliases
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/lib64/postfix
    debug_peer_list = mxlogic.com
    default_destination_concurrency_limit = 20
    home_mailbox = .maildir/
    local_destination_concurrency_limit = 2
    mail_owner = postfix
    manpage_directory = /usr/share/man
    message_size_limit = 51200000
    mydomain = media-brokers.com
    myhostname = moria.media-brokers.com
    mynetworks = 127.0.0.0/8
    owner_request_special = no
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.4.5/readme
    relayhost = [smtp.nuvox.net]
    smtpd_client_restrictions =
    smtpd_helo_restrictions =
    smtpd_recipient_limit = 100
    smtpd_recipient_restrictions = permit_sasl_authenticated,
    check_client_access cidr:/etc/postfix/client_no_relay.cidr, reject
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options = noanonymous
    smtpd_sender_restrictions =
    smtpd_tls_auth_only = yes
    smtpd_tls_cert_file = /etc/ssl/wildcard.crt
    smtpd_tls_key_file = /etc/ssl/wildcard.key
    smtpd_tls_loglevel = 1
    smtpd_use_tls = yes
    transport_maps = hash:/etc/postfix/transport
    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
    hash:/usr/local/mailman/data/virtual-mailman
    virtual_gid_maps = static:207
    virtual_mailbox_base = /var/virtual
    virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
    virtual_mailbox_limit = 51200000
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
    virtual_minimum_uid = 207
    virtual_transport = virtual
    virtual_uid_maps = static:207
    moria postfix #

    and here is content of client_no_relay.cidr:

    127.0.0.0/8 permit
    208.65.144.0/21 permit_auth_destination
    66.179.26.128/26 permit_auth_destination
    64.92.205.64/27 permit_auth_destination
    66.179.109.160/27 permit_auth_destination
    216.183.119.96/27 permit_auth_destination

    Maybe I'm not restricting connections to my box properly? Or just not
    understanding the reject message?

    Tia for any insights...

    -- 
    Best regards,
    Charles
    

  • Next message: Michael Tokarev: "Re: Is this expected reject behavior for foreign IP connect attempt?"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD