Package: postfix
Version: 2.11.1.2z
At log level 5, postfix reports relay restrictions as recipient restrictions.
This makes it difficult to track down configuration issues.
For example:
* given this stanza in master.cf:
465 inet n - n - - smtpd
-o content_filter=scan:[127.0.0.1]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
* and given debug level set to 5 for the peer from which test emails are
originating (in main.cf):
debug_peer_list = testing.example.com
debug_peer_level = 5
* then, upon receiving a message on port 465 from testing.example.com, the
following appears in the log:
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: >>> START Recipient
address RESTRICTIONS <<<
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: generic_checks:
name=permit_sasl_authenticated
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: generic_checks:
name=permit_sasl_authenticated status=0
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: generic_checks: name=reject
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: NOQUEUE: reject: RCPT from
testing.example.com [192.0.2.1]: 554 5.7.1 <[email protected]>:
Recipient address rejected: Access denied; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<testing.example.com>
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: generic_checks:
name=reject status=2
Apr 1 18:41:58 myserver postfix/smtps/smtpd[20737]: >>> END Recipient address
RESTRICTIONS <<<
Although the log reports “Recipient address RESTRICTIONS,” modifying the
smtpd_relay_restrictions in master.cf demonstrates that in fact the relay
restrictions are being logged.
For example, when smtp_relay_restrictions is changed to:
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination
then, upon receiving a message on port 465 from testing.example.com, the
following appears in the log:
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: >>> START Recipient address
RESTRICTIONS <<<
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: generic_checks:
name=permit_sasl_authenticated
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: generic_checks:
name=permit_sasl_authenticated status=0
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: generic_checks:
name=reject_unauth_destination
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: reject_unauth_destination:
[email protected]
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: permit_auth_destination:
[email protected]
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: ctable_locate: leave
existing entry key [email protected]
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: generic_checks:
name=reject_unauth_destination status=0
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: >>> END Recipient address
RESTRICTIONS <<<
Clearly, relay restrictions are being logged as recipient restrictions.
To correct this issue, I suggest that relay restrictions to be logged between
delimiters looking something like:
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: >>> START Relay RESTRICTIONS
[log messages here]
Apr 3 00:17:56 myserver postfix/smtps/smtpd[1182]: >>> END Relay RESTRICTIONS
I am using Linux version 3.13.0-43-generic (buildd@tipua) (gcc version 4.8.2
(Ubuntu 4.8.2-19ubuntu1) ) #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
