Had a bit of an issue ...
I'm using Kopano. Everything was working fine until I installed the Greylisting addon to postfix to try and restrict the amount of garbage coming though.
All works fine when sending from a machine connected to my local network - except for iPhone/Exchange, which kept generating kopano-spooler errors saying 'Recipient address rejected: Greylisting for ...' etc., and 'No valid recipients' .. which is odd because the recipient in question was actually my gmail account (that I use as a fail-safe measure).
I only see(saw) the problem from the iPhone using an Exchange account - a setup that worked quite happily until I added the Greylisting. Stop Geylisting and it all kicks into life again.
Fixed it by adding 'localhost' to 'postgrey_whitelist_clients.local'.
Hope that won't have any knock on effects ...?
Odd though.
I'm using Kopano. Everything was working fine until I installed the Greylisting addon to postfix to try and restrict the amount of garbage coming though.
All works fine when sending from a machine connected to my local network - except for iPhone/Exchange, which kept generating kopano-spooler errors saying 'Recipient address rejected: Greylisting for ...' etc., and 'No valid recipients' .. which is odd because the recipient in question was actually my gmail account (that I use as a fail-safe measure).
I only see(saw) the problem from the iPhone using an Exchange account - a setup that worked quite happily until I added the Greylisting. Stop Geylisting and it all kicks into life again.
Fixed it by adding 'localhost' to 'postgrey_whitelist_clients.local'.
Hope that won't have any knock on effects ...?
Odd though.
In Kopano Basic
Share this post:
Responses (5)
-
Accepted Answer
That s weird. I don't use Kopano on a proper server, just a test one. Normally Greylisting runs on the inbound SMTP server and acts on the external IP address, so before the message gets passed onto Kopano.
When it is enabled you should see a parameter, smtpd_recipient_restrictions, in /etc/postfix/main.cf. Mine is:
From the same file, mynetworks is:smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org
So it should permit anything from localhost anyway as it goes through the line in parameter order and works with the first match.mynetworks = 127.0.0.0/8, [::1]/128, $clearglassnetwork, 172.17.0.0/22
-
Accepted Answer
-
Accepted Answer
Mine has some added bits, but I am worried about yours. In my test system mine reads:
and that is basic. enabling graylisting adds the greylisting bit. The rest of it was my anti-spam tweaks.smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
I have a feeling that without 'reject_unauth_destination' you may become an open relay. Bad news. Can I suggest you disable greylisting, set your parameter like my my test system then re-enable greylisting? -
Accepted Answer
's ok; I did that as soon as I read your post.
It's odd as my system was completely locked down until I added greylisting!
Strange though!
I'm hoping that somewhere I've an old backup (using the predecessor of kopano .. can't think what it was called off-hand) that I can look back at .. that was solidly locked down .. as was this build(!) before the disk corruption (it's a VM) that screwed it completely (which is what prompted me to expand the BMB system to create backups over a number of days - I backup the entire VM so I can reinstate with no downtime). -
Accepted Answer
Nick Howitt wrote:
Mine has some added bits, but I am worried about yours. In my test system mine reads:
and that is basic. enabling graylisting adds the greylisting bit. The rest of it was my anti-spam tweaks.smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
I have a feeling that without 'reject_unauth_destination' you may become an open relay. Bad news. Can I suggest you disable greylisting, set your parameter like my my test system then re-enable greylisting?
My main.cf has the following and i'm using greylist and kopano for a long time.
# Mail restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:/var/spool/postfix/postgrey/socket
mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128
Hope this helps
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »