I added some options to stop spam with Postfix, but now won't send email to remote domains
Posted
by
willdanceforfun
on Server Fault
See other posts from Server Fault
or by willdanceforfun
Published on 2013-11-12T06:21:29Z
Indexed on
2013/11/12
9:58 UTC
Read the original article
Hit count: 240
I had a working Postfix server, but added a few lines to my main.cf in a hope to block some common spam.
Those lines I added were:
smtpd_helo_required = yes
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
It appears my postfix is now receiving normal emails fine, and blocking spam emails. But when I now try to use this server myself to send to a remote domain (an email not on my server) I get bounced, with maillog saying something like this:
Nov 12 06:19:36 srv postfix/smtpd[11756]: NOQUEUE: reject: RCPT from
unknown[xx.xx.x.xxx]: 450 4.1.2 <[email protected]>: Recipient address
rejected: Domain not found; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<[192.168.1.100]>
Is that saying 'domain not found' for gmail.com? Why is that recipient address rejected?
An output of my postconf-n is:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = primarydomain.net
myhostname = mail.primarydomain.net
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination, primarydomain.net, secondarydomain.org
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
soft_bounce = no
unknown_local_recipient_reject_code = 550
virtual_alias_domains = mail.secondarydomain.org
virtual_alias_maps = hash:/etc/postfix/virtual
Any insight greatly appreciated.
Edit: here is the dig mx gmail.com from the server:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31766
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 14
;; QUESTION SECTION:
;gmail.com. IN MX
;; ANSWER SECTION:
gmail.com. 1207 IN MX 5 gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 10 alt1.gmail-smtp-in.l.google.com.
;; AUTHORITY SECTION:
gmail.com. 109168 IN NS ns1.google.com.
gmail.com. 109168 IN NS ns4.google.com.
gmail.com. 109168 IN NS ns3.google.com.
gmail.com. 109168 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
alt1.gmail-smtp-in.l.google.com. 207 IN A 173.194.70.27
alt1.gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:4001:c02::1b
gmail-smtp-in.l.google.com. 200 IN A 173.194.67.26
gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:400c:c05::1b
alt3.gmail-smtp-in.l.google.com. 207 IN A 74.125.143.27
alt3.gmail-smtp-in.l.google.com. 249 IN AAAA 2a00:1450:400c:c05::1b
alt2.gmail-smtp-in.l.google.com. 207 IN A 173.194.69.27
alt2.gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:4008:c01::1b
alt4.gmail-smtp-in.l.google.com. 207 IN A 173.194.79.27
alt4.gmail-smtp-in.l.google.com. 249 IN AAAA 2607:f8b0:400e:c01::1a
ns2.google.com. 281970 IN A 216.239.34.10
ns3.google.com. 281970 IN A 216.239.36.10
ns4.google.com. 281970 IN A 216.239.38.10
ns1.google.com. 281970 IN A 216.239.32.10
© Server Fault or respective owner
