Postfix: Client host rejected: Access denied

H

h9k

Member
Hallo!
Ich betreibe im Prinzip diegleiche Konfiguration seit Monaten wenn nicht Jahren, doch heute hat mich ein Neukunde auf ein Problem aufmerksam gemacht, weil er von einem speziellen Absender kene Mail bekommt.
Diesbezüglich steht folgendes in den Logs:

Code: 
Nov 18 17:14:41 saturn postfix/smtpd[27145]: connect from mailserver.hupac.ch[212.243.70.23]
Nov 18 17:14:42 saturn postfix/smtpd[27145]: NOQUEUE: reject: RCPT from mailserver.hupac.ch[212.243.70.23]: 554 5.7.1 <mailserver.hupac.ch[212.243.70.23]>: Client host rejected: Access denied; from=<xyz@hupac.ch> to=<foobar@meinkunde.tld> proto=ESMTP helo=<mailserver.hupac.ch>
Nov 18 17:14:42 saturn postfix/smtpd[27145]: disconnect from mailserver.hupac.ch[212.243.70.23]

Es gibt keine Andere Fehlermeldung. Es liegt nicht an Greylisting, nicht an SPF, nicht an DomainKeys, nicht an einer RBL, nicht an SpamAssassin, nicht an irgend ein falsches HELO oder so. Die Mail ist völlig legitim, doch diese "Access denied" Fehlermeldung ist äusserst seltsam.
Die Frage ist jetzt: was kann das sein? Solche Fehlermeldungen kenne ich von Email clients, die sich nicht authentifizieren beim verschicken von emails, aber doch nicht von Mailservern. Verbindet sich vielleicht mailserver.hupac.ch an ein anderes Port ausser 25? Was kann ansonsten das Problem sein?
Bin momentan völlig ratlos...

Ergänzung: hier noch meine main.cf und master.cf-Dateien
Code: 
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file = /etc/dovecot/dovecot.cert.pem
smtpd_tls_key_file = /etc/dovecot/dovecot.key.pem
smtpd_tls_CAfile = /etc/dovecot/dovecot.ca.pem
smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = xxxxxx
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = xxxxxx, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
message_size_limit = 102400000
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
disable_vrfy_command = yes
unverified_sender_reject_code = 550
policy_time_limit = 3600
policyd-spf_time_limit = 3600
address_verify_map = btree:/usr/lib/postfix/verify

smtpd_helo_restrictions =
     permit_sasl_authenticated,
     permit_mynetworks,
     check_helo_access hash:/etc/postfix/helo_access,
     permit

smtpd_sender_restrictions =
     permit_sasl_authenticated,
     permit_mynetworks,
     reject_non_fqdn_sender,
     reject_unknown_sender_domain,
     check_sender_access hash:/etc/postfix/sender_access,
     permit

smtpd_recipient_restrictions =
	permit_sasl_authenticated,
	permit_mynetworks,
	reject_non_fqdn_sender,
	reject_unknown_sender_domain,
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,
	reject_non_fqdn_helo_hostname,
	reject_invalid_helo_hostname,
	reject_unauth_destination,
	check_recipient_access hash:/etc/postfix/recipient_access,
	check_policy_service unix:private/policyd-spf,
	check_policy_service inet:127.0.0.1:60000,
	reject_rbl_client zen.spamhaus.org,
	permit
	
smtpd_data_restrictions =
     reject_unauth_pipelining,
     permit

transport_maps = hash:/etc/postfix/transport
relay_domains = $mydestination, xxxxxx
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Code: 
smtp	inet	n	-	-	-	-	smtpd -o smtpd_sasl_auth_enable=yes
submission	inet	n	-	-	-	-	smtpd -o smtpd_enforce_tls=no -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps	inet	n	-	-	-	-	smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
	-o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
policyd-spf  unix  -       n       n       -       0       spawn
	user=nobody argv=/usr/bin/python /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf
 
Last edited by a moderator:
Vielleicht will er sie verschlüsselt einliefern?
Code: 
[COLOR="Red"]smtps[/COLOR]	inet	n	-	-	-	-	smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=[COLOR="Red"]permit_sasl_authenticated,reject[/COLOR]
 
lol, hab grad das gleiche gedacht, als ich aufm klo war.
wie krass, dass das bisher noch nie aufgefallen ist...
 
You must log in or register to reply here.
Back
Top