Postfix reject connections

Discussion in 'Server Operation' started by gabrix, Jan 12, 2007.

  1. gabrix

    gabrix New Member

    Postfix allow logins but rejects extra lan connections for 2 diferent reasons looking at logs,first log a connection from gmail me sending a test mail:
    Code:
    Jan 12 06:39:04 mail postfix/smtpd[10109]: connect from ug-out-1314.google.com[66.249.92.175]
    Jan 12 06:39:12 mail postfix/smtpd[10109]: NOQUEUE: reject: RCPT from ug-out-1314.google.com[66.249.92.175]: 554 <gabrix@gabrix.ath.cx>: Relay access denied; from=<sickuser@gmail.com> to=<gabrix@gabrix.ath.cx> proto=ESMTP helo=<ug-out-1314.google.com>
    Jan 12 06:39:14 mail postfix/smtpd[10109]: disconnect from ug-out-1314.google.com[66.249.92.175]
    the other kind of reject:
    Code:
    Jan 12 07:21:36 mail postfix/smtp[10968]: 962EF1BF80: to=<gabrix@gabrix.ath.cx>, relay=none, delay=1879, status=deferred (connect to gabrix.ath.cx[82.61.94.18]: Connection refused
    I'm not using any kind of fancy configuration option keeping configuration as minimum as possible this is a postconf -n:
    Code:
    root@mail:~# postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    append_dot_mydomain = no
    biff = no
    config_directory = /etc/postfix
    delay_warning_time = 4h
    home_mailbox = Maildir/
    inet_interfaces = all
    mailbox_size_limit = 0
    mydestination = mail.gabrix.ath.cx, localhost.gabrix.ath.cx, argo, localhost
    myhostname = mail.gabrix.ath.cx
    mynetworks = 192.168.1.1/32,192.168.1.0/24,192.168.0.0/24,127.0.0.1/8
    myorigin = /etc/mailname
    recipient_delimiter = +
    relayhost =
    smtpd_banner = $myhostname ESMTP $mail_name
    Thanks for help !
     
  2. gabrix

    gabrix New Member

    I got my mail system working this is the main.cf
     
  3. gabrix

    gabrix New Member

    False allarm ! Maybe i hoped it was sorted but never say cat if it's not in the sac ... ? whatever ... Looking at logs the error is always a name resolution for interfaces i suppose , that smtpd_peer_init !
    The main.cf is the one you see in the previous post above do you want me to post the /etc/hosts of the mail server or the gateway machine ?They are basically the same:
     
  4. martinfst

    martinfst HowtoForge Supporter

    Did you setup a DNS server for your local lan 192.168.*.*? Looks like the name resolving and Reverse Name resolving is causing you problems.

    Personally, I use a local DNS server to manage a xxxx.loc domain on a 172.16 IP range. It also serves rDNS requests to keep several packages happy that "require" valid responses to a rDNS request. I believe the smtpd deamon of postfix is such a program.
     
  5. gabrix

    gabrix New Member

    Sure i do use dnsmasq ... serving names on the lan interface ...
     
  6. falko

    falko Super Moderator

    Please try this:
    Code:
    postconf -e 'disable_dns_lookups = yes'
    and restart Postfix.
     
  7. gabrix

    gabrix New Member

    Great falko ... i was right thinking to something like that i will let you know if it worked !
     
  8. gabrix

    gabrix New Member

    Bad news still same error ... dns are set and i'm generally suffering of slow internet even browsing.
    There is a problem apart from postfix i think:
    I'm using as dns the opendns service could it be the cause ?
     
  9. falko

    falko Super Moderator

  10. gabrix

    gabrix New Member

    No it's not ... !
    I have set opendns as my main dnsservers and they are located in london and i'm south italy.That's for privacy reasons they garantee don't record dns queries and anyway are in an another country , different laws and all that! They have powerfull computers but offcourse alice dnses are closer and my browsing is faster when i'm on alice dns.For my inside lan computers in /etc/resolv.conf file i have set my dnsmasq as first dns which is listening on eth1 gateway machine and opendsnes after .The gateway machine has opendns as first in resolv.conf.I have been changing the order too many times what do you think would be the right order ? What do you think of opendns ?
     
  11. falko

    falko Super Moderator

    As long as there are valid nameservers in /etc/resolv.conf the order of the nameservers doesn't matter much.

    Do you have SPf records for your domains?
    If you are sure you're not blacklisted, I'd contact Gmail and ask why your emails are blocked.
     
  12. gabrix

    gabrix New Member

    SPf ???? Spam .... and than ? I got to the site you linked and tiped my domain name in the ip address box ... what ip can be blaklisted if dynamic ... ?
     
  13. gabrix

    gabrix New Member

    I defenitly found out that gmail but also libero.it and a friend of mine who registred at my site didn't get password sent from my site on his hotmail.com account .I have sent few minutes ago some mails to mailing lists like the or-talk and bleeding-snort and i got mails from them they delivered mine .But this just after the last changes i gave to main.cf resolving (finger crossed!) the smtp_peer_init businnes i'm regulary receiving mail reports from logcheck on the gateway machine.
    My question is , the directive relayhost = smtp.big.provider would sort this problem out ?How do i set it ?If i choose gmail shall i use the exact gmail smtp address (???) or would be all right a more generic smtp.gmail.com ?Or any other way ????
    logs update:
    There is something wrong anyway ....
     
    Last edited: Jan 18, 2007
  14. falko

    falko Super Moderator

    Take a look here: http://www.howtoforge.com/forums/showthread.php?t=72&highlight=relayhost
     
  15. gabrix

    gabrix New Member

    You know what ! I'm been running a mixmaster remailer for a little while recently , but i stopped it and removed it ... If i'm in a blacklist it's for this reason i supposed , cause wherever i send a mail it doesn't get delivered ,hotmail,ecn.org,virgilio,gmail ecc. It's really few where my mail does get through.That's really bad ! How can i get over this ?
    I contacted the mtoolbox people and i'm waiting to see they can do ...
     
    Last edited: Jan 20, 2007
  16. gabrix

    gabrix New Member

    I'm getting mail delivered but i don't know of much of it get removed . Looking at logs the score is not encouraging :
    as well as:
    That's my actual main.cf:
     
  17. falko

    falko Super Moderator

    It must be
    Code:
    mynetworks = 192.168.1.0/24,192.168.0.0/24,127.0.0.[B][COLOR="Red"]0[/COLOR][/B]/8
    Please change it and restart Postfix.
     
  18. gabrix

    gabrix New Member

    Ok,done!What about the variable inet_interfaces shall i use the main eth0 ip 192.168.1.6 instead of ' all ' ?This way maybe the above change is going to be useless .... attached there is the last mail log.
     

    Attached Files:

    Last edited: Jan 21, 2007
  19. falko

    falko Super Moderator

    Code:
    inet_interfaces = all
    is ok.

    What's in /etc/hosts?

    If you are not blacklisted you should ask email.it why your server is blocked by them.
     
  20. gabrix

    gabrix New Member

    /etc/hosts on the postfix machine (mail):
    What about email.it?It's an email provider !What could they do ?Maybe relay ?Actually i cannot send anywhere in the internet all my mail get bounced .
     
    Last edited: Jan 22, 2007

Share This Page