1 Topic by echo5

  • echo5
  • Member
  • Offline
  • Registered: 2016-05-17
  • Posts: 23

Topic: Made spam changes, now I can't send email:

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.3
- Linux/BSD distribution name and version: CentOS 7.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

I made some spam related changes to amavisd and other config files. Now I cannot send legitimate email.

Error received in Roundcube UI when sending an email:

SMTP Error (554): Failed to add recipient "first.last@legitimate.com" (5.7.1 <first.last@legitimate.com>: Relay access denied).

What config file and option controls the above email error?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by echo5

  • echo5
  • Member
  • Offline
  • Registered: 2016-05-17
  • Posts: 23

Re: Made spam changes, now I can't send email:

/var/log/maillog:

Jan 31 10:49:23 mission postfix/submission/smtpd[27365]: warning: hostname localhost does not resolve to address 127.0.0.1: Name or service not known
Jan 31 10:49:23 mission postfix/submission/smtpd[27365]: connect from unknown[127.0.0.1]
Jan 31 10:49:29 mission postfix/submission/smtpd[27365]: NOQUEUE: reject: RCPT from unknown[127.0.0.1]: 554 5.7.1 <chris.kelly@sunstateequip.com>: Relay access denied; from=<me@mydomain> to=<first.last@legitimate.com> proto=ESMTP helo=<mydomain>
Jan 31 10:49:29 mission roundcube: <qid2i5i1> SMTP Error: Failed to add recipient 'first.last@legitimate.com'. 5.7.1 <first.last@legitimate.com>: Relay access denied (Code: 554) in /var/www/roundcubemail-1.1.3/program/lib/Roundcube/rcube.php on line 1708 (POST /mail/?_task=mail&_unlock=loading1485888558852&_lang=en_US&_framed=1?_task=mail&_action=send)
Jan 31 10:49:29 mission postfix/submission/smtpd[27365]: disconnect from unknown[127.0.0.1]

Is removing "127.0.0.1 localhost" going to mess up the internal workings of iRedMail? MariaDB?

3 Reply by echo5

  • echo5
  • Member
  • Offline
  • Registered: 2016-05-17
  • Posts: 23

Re: Made spam changes, now I can't send email:

Postfix main.cf (not working):

smtpd_recipient_restrictions =
    reject_unknown_recipient_domain
    reject_invalid_hostname
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    reject_unauth_pipelining
    reject_unauth_destination
    reject_rbl_client zen.spamhaus.org
#    reject_rbl_client spam.dnsbl.sorbs.net
#    reject_rbl_client dnsbl.sorbs.net
    reject_rbl_client b.barracudacentral.org
    permit_mynetworks
    permit_sasl_authenticated


Postfix main.cf (was working):
smtpd_recipient_restrictions =
    reject_unknown_recipient_domain
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    reject_rbl_client b.barracudacentral.org
    reject_rbl_client zen.spamhaus.org

What change in the top set of options is breaking Roundcube from being able to send mail through postfix?

4 Reply by echo5

  • echo5
  • Member
  • Offline
  • Registered: 2016-05-17
  • Posts: 23

Re: Made spam changes, now I can't send email:

I fixed the Roundcube send error by putting the permit rules back under check policy and above the rbl rules.

  check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    permit_sasl_authenticated


Maybe I am making changes in the wrong place to get stricter spam rbl scrutiny on incoming smtp connections. Any advice on setting more aggressive spam rbl action on inbound smtp connections (not internal roundcube/SOGo connections) is appreciated.

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Made spam changes, now I can't send email:

reject_rbl_client MUST be placed AFTER "reject_unauth_destination".