10.8.1 server postfix whitelist

Similar Messages

• 10.6 Email-Server/Postfix Helo command rejected - local SMTP clients won't use FQDN

  Hi,
  I set up a 10.6 server as mail-server which works (more or less) fine. I can send and receive internal and external Emails from various Macs with mail.app and Windows-Boxes with Thunderbird. However, some clients will be rejected due to wrong Helo strings
  e.g. a Windows-Box using Outlook express
  server postfix/smtpd[73194]: NOQUEUE: reject: RCPT from winbox.intranet.example.com[192.168.2.21]: 504 5.5.2 <winbox>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<winbox>
  similar happens with my router sending status-Emails (replace "winbox" with "router")
  finally my stand-alone-fax-machine uses it's ip-address as helo-string (helo=<192.168.2.10>, similar error)
  For now I've commented out
  smtpd_helo_restrictions = reject_invalid_helo_hostname
  #reject_non_fqdn_helo_hostname
  which makes things work. But that's not the right way, I guess, moreover since this entry is "fixed" by Server-Admin ever now and then.
  Does this problem arise from misconfigured boxes or a misconfigured OSX-Server? Hope the latter since there're no options to change this in my router nor my fax-machine...
  Thanks

  Try this.
       Symptoms   Users who use Microsoft Outlook as their email client and whoconnect to an email server running on Mac OS X Server v10.6 may not beable to send mail. The following (or similar) alert is returned toOutlook clients:    The message could not be sent becauseone of the recipients was rejected by the server. The rejected emailaddress was "[email protected]" is subject "example", account:"mail.example.com" , server "mail.example.com", protocol: SMTP, serverresponse: "504 5.5.2 < hostname > : Helo command rejected: needfully qualified host name", port: 25, secure (SSL): no, server error:504, error number: 0x800CCC79.      Products Affected   Mac OS X Server 10.6        Resolution    In Mac OS X Server v10.6, Postfix is configuredto require a fully qualified hostname from SMTP clients. This settingis configurable and the restriction can be removed, however anymodification of a security-related setting should be evaluated prior tomaking the change.   Once you have evaluated the change, you can use the following steps to implement it:   Note: Before proceeding, back up the /etc/postfix/main.cf file as a precaution.  
  In /etc/postfix/main.cf, locate the smtpd_helo_restrictions setting
  Remove "reject_non_fqdn_helo_hostname" from the list of settings.
  Restart the Mail service.

• Lion Server postfix mail not being delivered to mailboxes. "SMTP restriction `reject_invalid_helo_hostname' after `permit' is ignored" and "connect to private/policy: Connection refused" errors.

  All, Im stumped. In fact I have been on the phone with Apple Support and this has been escalated to the top engineers, as I think its got them too..
  Anyway, here is my problem..
  I'm running an Mac Mini with OS X 10.7.4 Server. I have had mail running on it for 2 months or so, without any issues. The mail was actually migrated from 10.6 in March, and It actually went smoothly. I have 3 domains which all recieve mail and they all work (or did up until 2 weeks ago)..
  So the story is this.. I can send mail from my domains, without issue.  imap and dovecot must be working.. cause all the stored mail, can be read with the mail IMAP client.. I can even transfer mail messages from one mailbox to another with Mail client. Sending mail is a breeze, it still works and the recipients still recieve their mail. But I noticed I wasnt getting any mail at all from those mailboxes... no mail, no spam, nothing.. which is unusal. I fired up Server admin and checked out the SMTP log, and this is what it showed for every email recieved: (xxxxxx is just me hiding sensitive info)
  Jul 21 14:25:20 xxxxxxxx postfix/postscreen[65857]: CONNECT from [17.158.233.225]:41909
  Jul 21 14:25:26 xxxxxxxx postfix/postscreen[65857]: PASS OLD [17.158.233.225]:41909
  Jul 21 14:25:26 xxxxxxxx postfix/smtpd[65858]: connect from nk11p03mm-asmtp994.mac.com[17.158.233.225]
  Jul 21 14:25:26 xxxxxxxx postfix/smtpd[65858]: warning: restriction `reject_invalid_helo_hostname' after `permit' is ignored
  Jul 21 14:25:27 xxxxxxxx postfix/smtpd[65858]: warning: connect to private/policy: Connection refused
  Jul 21 14:25:27 xxxxxxxx postfix/smtpd[65858]: warning: problem talking to server private/policy: Connection refused
  Jul 21 14:25:28 xxxxxxxx postfix/smtpd[65858]: warning: connect to private/policy: Connection refused
  Jul 21 14:25:28 xxxxxxxx postfix/smtpd[65858]: warning: problem talking to server private/policy: Connection refused
  Jul 21 14:25:28 xxxxxxxx postfix/smtpd[65858]: NOQUEUE: reject: RCPT from nk11p03mm-asmtp994.mac.com[17.158.233.225]: 451 4.3.5 Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<nk11p99mm-asmtpout004.mac.com>
  Jul 21 14:25:28 azathoth postfix/smtpd[65858]: disconnect from nk11p03mm-asmtp994.mac.com[17.158.233.225]
  Ok, now what is odd, is these rejected messages are not even appearing in the mail queue in Server Admin. I have no idea why there are not being delivered
  Ive checked my postfix main.cf file and master.cf files they both look ok.. Ive even replaced them with the main.cf.defualt.10.7 and master.cf.default.10.7 files and to no avail... same problem..
  So in summary
  I can send mail out
  IMAP is working on the client end (thus dovecot is) exsisting stored emails can be accessed, read, moved unread etc..
  mail is coming into the sever, but its being rejected. there is NO rejection email sent back to the sender.
  mail is recieved by postfix, but cyrus isnt doing anything with it.. I have no idea where it goes...
  Could anyone shed light on this...
  my main.cf file:
  # Global Postfix configuration file. This file lists only a subset
  # of all 300+ parameters. See the postconf(5) manual page for a
  # complete list.
  # The general format of each line is: parameter = value. Lines
  # that begin with whitespace continue the previous line. A value can
  # contain references to other $names or ${name}s.
  # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
  # POSTFIX STILL WORKS AFTER EVERY CHANGE.
  # SOFT BOUNCE
  # The soft_bounce parameter provides a limited safety net for
  # testing.  When soft_bounce is enabled, mail will remain queued that
  # would otherwise bounce. This parameter disables locally-generated
  # bounces, and prevents the SMTP server from rejecting mail permanently
  # (by changing 5xx replies into 4xx replies). However, soft_bounce
  # is no cure for address rewriting mistakes or mail routing mistakes.
  # soft_bounce = no
  # LOCAL PATHNAME INFORMATION
  # The queue_directory specifies the location of the Postfix queue.
  # This is also the root directory of Postfix daemons that run chrooted.
  # See the files in examples/chroot-setup for setting up Postfix chroot
  # environments on different UNIX systems.
  queue_directory = /private/var/spool/postfix
  # The command_directory parameter specifies the location of all
  # postXXX commands.
  command_directory = /usr/sbin
  # The daemon_directory parameter specifies the location of all Postfix
  # daemon programs (i.e. programs listed in the master.cf file). This
  # directory must be owned by root.
  daemon_directory = /usr/libexec/postfix
  # QUEUE AND PROCESS OWNERSHIP
  # The mail_owner parameter specifies the owner of the Postfix queue
  # and of most Postfix daemon processes.  Specify the name of a user
  # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
  # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
  # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
  # USER.
  mail_owner = _postfix
  # The default_privs parameter specifies the default rights used by
  # the local delivery agent for delivery to external file or command.
  # These rights are used in the absence of a recipient user context.
  # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
  #default_privs = nobody
  # INTERNET HOST AND DOMAIN NAMES
  # The myhostname parameter specifies the internet hostname of this
  # mail system. The default is to use the fully-qualified domain name
  # from gethostname(). $myhostname is used as a default value for many
  # other configuration parameters.
  #myhostname = host.domain.tld
  #myhostname = virtual.domain.tld
  # The mydomain parameter specifies the local internet domain name.
  # The default is to use $myhostname minus the first component.
  # $mydomain is used as a default value for many other configuration
  # parameters.
  #mydomain = domain.tld
  # SENDING MAIL
  # The myorigin parameter specifies the domain that locally-posted
  # mail appears to come from. The default is to append $myhostname,
  # which is fine for small sites.  If you run a domain with multiple
  # machines, you should (1) change this to $mydomain and (2) set up
  # a domain-wide alias database that aliases each user to
  # [email protected].
  # For the sake of consistency between sender and recipient addresses,
  # myorigin also specifies the default domain name that is appended
  # to recipient addresses that have no @domain part.
  #myorigin = $myhostname
  #myorigin = $mydomain
  # RECEIVING MAIL
  # The inet_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on.  By default,
  azathoth:postfix root#
  azathoth:postfix root# less main.cf
  azathoth:postfix root# more main.cf
  # Global Postfix configuration file. This file lists only a subset
  # of all 300+ parameters. See the postconf(5) manual page for a
  # complete list.
  # The general format of each line is: parameter = value. Lines
  # that begin with whitespace continue the previous line. A value can
  # contain references to other $names or ${name}s.
  # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
  # POSTFIX STILL WORKS AFTER EVERY CHANGE.
  # SOFT BOUNCE
  # The soft_bounce parameter provides a limited safety net for
  # testing.  When soft_bounce is enabled, mail will remain queued that
  # would otherwise bounce. This parameter disables locally-generated
  # bounces, and prevents the SMTP server from rejecting mail permanently
  # (by changing 5xx replies into 4xx replies). However, soft_bounce
  # is no cure for address rewriting mistakes or mail routing mistakes.
  # soft_bounce = no
  # LOCAL PATHNAME INFORMATION
  # The queue_directory specifies the location of the Postfix queue.
  # This is also the root directory of Postfix daemons that run chrooted.
  # See the files in examples/chroot-setup for setting up Postfix chroot
  # environments on different UNIX systems.
  queue_directory = /private/var/spool/postfix
  # The command_directory parameter specifies the location of all
  # postXXX commands.
  command_directory = /usr/sbin
  # The daemon_directory parameter specifies the location of all Postfix
  # daemon programs (i.e. programs listed in the master.cf file). This
  # directory must be owned by root.
  daemon_directory = /usr/libexec/postfix
  # QUEUE AND PROCESS OWNERSHIP
  # The mail_owner parameter specifies the owner of the Postfix queue
  # and of most Postfix daemon processes.  Specify the name of a user
  # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
  # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
  # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
  # USER.
  mail_owner = _postfix
  # The default_privs parameter specifies the default rights used by
  # the local delivery agent for delivery to external file or command.
  # These rights are used in the absence of a recipient user context.
  # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
  #default_privs = nobody
  # INTERNET HOST AND DOMAIN NAMES
  # The myhostname parameter specifies the internet hostname of this
  # mail system. The default is to use the fully-qualified domain name
  # from gethostname(). $myhostname is used as a default value for many
  # other configuration parameters.
  #myhostname = host.domain.tld
  #myhostname = virtual.domain.tld
  # The mydomain parameter specifies the local internet domain name.
  # The default is to use $myhostname minus the first component.
  # $mydomain is used as a default value for many other configuration
  # parameters.
  #mydomain = domain.tld
  # SENDING MAIL
  # The myorigin parameter specifies the domain that locally-posted
  # mail appears to come from. The default is to append $myhostname,
  # which is fine for small sites.  If you run a domain with multiple
  # machines, you should (1) change this to $mydomain and (2) set up
  # a domain-wide alias database that aliases each user to
  # [email protected].
  # For the sake of consistency between sender and recipient addresses,
  # myorigin also specifies the default domain name that is appended
  # to recipient addresses that have no @domain part.
  #myorigin = $myhostname
  #myorigin = $mydomain
  # RECEIVING MAIL
  # The inet_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on.  By default,
  # the software claims all active interfaces on the machine. The
  # parameter also controls delivery of mail to user@[ip.address].
  # See also the proxy_interfaces parameter, for network addresses that
  # are forwarded to us via a proxy or network address translator.
  # Note: you need to stop/start Postfix when this parameter changes.
  #inet_interfaces = all
  #inet_interfaces = $myhostname
  #inet_interfaces = $myhostname, localhost
  # The proxy_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on by way of a
  # proxy or network address translation unit. This setting extends
  # the address list specified with the inet_interfaces parameter.
  # You must specify your proxy/NAT addresses when your system is a
  # backup MX host for other domains, otherwise mail delivery loops
  # will happen when the primary MX host is down.
  #proxy_interfaces =
  #proxy_interfaces = 1.2.3.4
  # The mydestination parameter specifies the list of domains that this
  # machine considers itself the final destination for.
  # These domains are routed to the delivery agent specified with the
  # local_transport parameter setting. By default, that is the UNIX
  # compatible delivery agent that lookups all recipients in /etc/passwd
  # and /etc/aliases or their equivalent.
  # The default is $myhostname + localhost.$mydomain.  On a mail domain
  # gateway, you should also include $mydomain.
  # Do not specify the names of virtual domains - those domains are
  # specified elsewhere (see VIRTUAL_README).
  # Do not specify the names of domains that this machine is backup MX
  # host for. Specify those names via the relay_domains settings for
  # the SMTP server, or use permit_mx_backup if you are lazy (see
  # STANDARD_CONFIGURATION_README).
  # The local machine is always the final destination for mail addressed
  # to user@[the.net.work.address] of an interface that the mail system
  # receives mail on (see the inet_interfaces parameter).
  # Specify a list of host or domain names, /file/name or type:table
  # patterns, separated by commas and/or whitespace. A /file/name
  # pattern is replaced by its contents; a type:table is matched when
  # a name matches a lookup key (the right-hand side is ignored).
  # Continue long lines by starting the next line with whitespace.
  # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
  #mydestination = $myhostname, localhost.$mydomain, localhost
  #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
  #       mail.$mydomain, www.$mydomain, ftp.$mydomain
  # REJECTING MAIL FOR UNKNOWN LOCAL USERS
  # The local_recipient_maps parameter specifies optional lookup tables
  # with all names or addresses of users that are local with respect
  # to $mydestination, $inet_interfaces or $proxy_interfaces.
  # If this parameter is defined, then the SMTP server will reject
  # mail for unknown local users. This parameter is defined by default.
  # To turn off local recipient checking in the SMTP server, specify
  # local_recipient_maps = (i.e. empty).
  # The default setting assumes that you use the default Postfix local
  # delivery agent for local delivery. You need to update the
  # local_recipient_maps setting if:
  # - You define $mydestination domain recipients in files other than
  #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
  #   For example, you define $mydestination domain recipients in   
  #   the $virtual_mailbox_maps files.
  # - You redefine the local delivery agent in master.cf.
  # - You redefine the "local_transport" setting in main.cf.
  # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
  #   feature of the Postfix local delivery agent (see local(8)).
  # Details are described in the LOCAL_RECIPIENT_README file.
  # Beware: if the Postfix SMTP server runs chrooted, you probably have
  # to access the passwd file via the proxymap service, in order to
  # overcome chroot restrictions. The alternative, having a copy of
  # the system passwd file in the chroot jail is just not practical.
  # The right-hand side of the lookup tables is conveniently ignored.
  # In the left-hand side, specify a bare username, an @domain.tld
  # wild-card, or specify a [email protected] address.
  #local_recipient_maps = unix:passwd.byname $alias_maps
  #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
  #local_recipient_maps =
  # The unknown_local_recipient_reject_code specifies the SMTP server
  # response code when a recipient domain matches $mydestination or
  # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
  # and the recipient address or address local-part is not found.
  # The default setting is 550 (reject mail) but it is safer to start
  # with 450 (try again later) until you are certain that your
  # local_recipient_maps settings are OK.
  unknown_local_recipient_reject_code = 550
  # TRUST AND RELAY CONTROL
  # The mynetworks parameter specifies the list of "trusted" SMTP
  # clients that have more privileges than "strangers".
  # In particular, "trusted" SMTP clients are allowed to relay mail
  # through Postfix.  See the smtpd_recipient_restrictions parameter
  # in postconf(5).
  # You can specify the list of "trusted" network addresses by hand
  # or you can let Postfix do it for you (which is the default).
  # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
  # clients in the same IP subnetworks as the local machine.
  # On Linux, this does works correctly only with interfaces specified
  # with the "ifconfig" command.
  # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
  # clients in the same IP class A/B/C networks as the local machine.
  # Don't do this with a dialup site - it would cause Postfix to "trust"
  # your entire provider's network.  Instead, specify an explicit
  # mynetworks list by hand, as described below.
  # Specify "mynetworks_style = host" when Postfix should "trust"
  # only the local machine.
  #mynetworks_style = class
  #mynetworks_style = subnet
  #mynetworks_style = host
  # Alternatively, you can specify the mynetworks list by hand, in
  # which case Postfix ignores the mynetworks_style setting.
  # Specify an explicit list of network/netmask patterns, where the
  # mask specifies the number of bits in the network part of a host
  # address.
  # You can also specify the absolute pathname of a pattern file instead
  # of listing the patterns here. Specify type:table for table-based lookups
  # (the value on the table right-hand side is not used).
  #mynetworks = 168.100.189.0/28, 127.0.0.0/8
  #mynetworks = $config_directory/mynetworks
  #mynetworks = hash:/etc/postfix/network_table
  # The relay_domains parameter restricts what destinations this system will
  # relay mail to.  See the smtpd_recipient_restrictions description in
  # postconf(5) for detailed information.
  # By default, Postfix relays mail
  # - from "trusted" clients (IP address matches $mynetworks) to any destination,
  # - from "untrusted" clients to destinations that match $relay_domains or
  #   subdomains thereof, except addresses with sender-specified routing.
  # The default relay_domains value is $mydestination.
  # In addition to the above, the Postfix SMTP server by default accepts mail
  # that Postfix is final destination for:
  # - destinations that match $inet_interfaces or $proxy_interfaces,
  # - destinations that match $mydestination
  # - destinations that match $virtual_alias_domains,
  # - destinations that match $virtual_mailbox_domains.
  # These destinations do not need to be listed in $relay_domains.
  # Specify a list of hosts or domains, /file/name patterns or type:name
  # lookup tables, separated by commas and/or whitespace.  Continue
  # long lines by starting the next line with whitespace. A file name
  # is replaced by its contents; a type:name table is matched when a
  # (parent) domain appears as lookup key.
  # NOTE: Postfix will not automatically forward mail for domains that
  # list this system as their primary or backup MX host. See the
  # permit_mx_backup restriction description in postconf(5).
  #relay_domains = $mydestination
  # INTERNET OR INTRANET
  # The relayhost parameter specifies the default host to send mail to
  # when no entry is matched in the optional transport(5) table. When
  # no relayhost is given, mail is routed directly to the destination.
  # On an intranet, specify the organizational domain name. If your
  # internal DNS uses no MX records, specify the name of the intranet
  # gateway host instead.
  # In the case of SMTP, specify a domain, host, host:port, [host]:port,
  # [address] or [address]:port; the form [host] turns off MX lookups.
  # If you're connected via UUCP, see also the default_transport parameter.
  #relayhost = $mydomain
  #relayhost = [gateway.my.domain]
  #relayhost = [mailserver.isp.tld]
  #relayhost = uucphost
  #relayhost = [an.ip.add.ress]
  # REJECTING UNKNOWN RELAY USERS
  # The relay_recipient_maps parameter specifies optional lookup tables
  # with all addresses in the domains that match $relay_domains.
  # If this parameter is defined, then the SMTP server will reject
  # mail for unknown relay users. This feature is off by default.
  # The right-hand side of the lookup tables is conveniently ignored.
  # In the left-hand side, specify an @domain.tld wild-card, or specify
  # a [email protected] address.
  #relay_recipient_maps = hash:/etc/postfix/relay_recipients
  # INPUT RATE CONTROL
  # The in_flow_delay configuration parameter implements mail input
  # flow control. This feature is turned on by default, although it
  # still needs further development (it's disabled on SCO UNIX due
  # to an SCO bug).
  # A Postfix process will pause for $in_flow_delay seconds before
  # accepting a new message, when the message arrival rate exceeds the
  # message delivery rate. With the default 100 SMTP server process
  # limit, this limits the mail inflow to 100 messages a second more
  # than the number of messages delivered per second.
  # Specify 0 to disable the feature. Valid delays are 0..10.
  #in_flow_delay = 1s
  # ADDRESS REWRITING
  # The ADDRESS_REWRITING_README document gives information about
  # address masquerading or other forms of address rewriting including
  # username->Firstname.Lastname mapping.
  # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
  # The VIRTUAL_README document gives information about the many forms
  # of domain hosting that Postfix supports.
  # "USER HAS MOVED" BOUNCE MESSAGES
  # See the discussion in the ADDRESS_REWRITING_README document.
  # TRANSPORT MAP
  # See the discussion in the ADDRESS_REWRITING_README document.
  # ALIAS DATABASE
  # The alias_maps parameter specifies the list of alias databases used
  # by the local delivery agent. The default list is system dependent.
  # On systems with NIS, the default is to search the local alias
  # database, then the NIS alias database. See aliases(5) for syntax
  # details.
  # If you change the alias database, run "postalias /etc/aliases" (or
  # wherever your system stores the mail alias file), or simply run
  # "newaliases" to build the necessary DBM or DB file.
  # It will take a minute or so before changes become visible.  Use
  # "postfix reload" to eliminate the delay.
  #alias_maps = dbm:/etc/aliases
  #alias_maps = hash:/etc/aliases
  #alias_maps = hash:/etc/aliases, nis:mail.aliases
  #alias_maps = netinfo:/aliases
  # The alias_database parameter specifies the alias database(s) that
  # are built with "newaliases" or "sendmail -bi".  This is a separate
  # configuration parameter, because alias_maps (see above) may specify
  # tables that are not necessarily all under control by Postfix.
  #alias_database = dbm:/etc/aliases
  #alias_database = dbm:/etc/mail/aliases
  #alias_database = hash:/etc/aliases
  #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
  # ADDRESS EXTENSIONS (e.g., user+foo)
  # The recipient_delimiter parameter specifies the separator between
  # user names and address extensions (user+foo). See canonical(5),
  # local(8), relocated(5) and virtual(5

  Ok 1st one. The warning restriction message relates to this line in main.cf:
  smtpd_helo_restrictions = permit_sasl_authenticated  permit_mynetworks  check_helo_access hash:/etc/postfix/helo_access  reject_non_fqdn_hostname  reject_invalid_hostname  permit reject_invalid_helo_hostname
  The last reject occurs after the single word "permit" and is ignored.
  However, that's not the problem.
  I'm not exactly sure what's happening, but this might be a clue.
  It would appear that either postfix is not being able to create the socket for private/policy or it's somehow created with the wrong permissions.  You might need to ramp up the debug level to get a better idea.
  You could check if it's being created by "netstat -a | grep private/policy" in terminal.
  My guess is that it's not being created because there is no setup statement in your master.cf file, but I don't understand why postfix would be looking for it if it isn't set up.  Private/policy I think relates to grey listing.  Maybe gives you a hint.

• 10.5.8 server postfix sender domain problem

  Hi,
  I set up my power mac g5 as web and mail server. Everything is working wihout problem except this issue.
  ı configure my webmail as webmail.xxx.com. when i try to send mail from mail server to other servers, i can see my mails in queue , i saw sender mail address as [email protected] if i change webmail adress to example.xxx.com this time i saw [email protected]
  All the mail recipients saw like this. When i first think this must be a postfix configuration prorblem. i cannot see an extra settings about this in server admin panel.
  So i changes the main.conf fie of postfix for smtp settings there are two choise  $mydomain or $myhostname.
  i caned it to mydomain but nothing changed. How can i fix it ?
  Best regards

  Is this a problem that only happens when sending from the webmail (SquirrelMail) client, or from all email client apps (Apple Mail, Outlook, Thunderbird, etc.)??
  SquirrelMail, by default, uses the hostname entered in DNS as the originating address. So if you log in as User_1 and send via SquirrelMail and your email server is desginated as mail1.example.com, the sending address will show as "[email protected]"
  You can over-ride this in the Settings of for each user in SquirrelMail by setting the email address to the proper value, as "[email protected]"
  -Doug

• Xcode updates not caching in Caching Server - non-whitelisted url denied.

  I am running OS X Server 2.2.1 - Build 169.  (Mountain Lion).  I have the caching service enabled and it appears to have been working successfully - as I can see that updates from Apple are coming from my server when applied to multiple Macs.
  There is a new update to XCode 4.6.3 that I have been applying to my Macs - and I am noticing that it is re-downloading from Apple each time - instead of using the cache.
  If I look at the Caching Service log - I see an error for each time that I have applied the 4.6.3 update:
  Request for non-whitelisted URL denied (http:10.0.x.x:50360)   (10.0.x.x is my my server)
  HTTP Server:  Error 400 - Bad Requst (/)
  Is this a problem with the caching server - or are Apple's developer tools intentionally not being cached?  The log does not tell me what url is being requested.

  I have this exact problem too. Interestingly, I have this on my Mini server, then I've setup a caching server on my MacBook Pro and its the same. This log is from my MacBook Pro, its called badgerbookpro.local but its the same on the Mini server. Both are runing 10.8.3
  Jun  1 01:34:22 badgerbookpro.local AssetCache[4811]: Caching server started
  Jun  1 01:34:25 badgerbookpro.local AssetCache[4811]: Registration succeeded.  Resuming server.
  Jun  1 01:37:02 badgerbookpro.local AssetCache[4811]: Request for non-whitelisted URL denied (http://192.168.1.48:62249/)
  Jun  1 01:37:02 badgerbookpro.local AssetCache[4811]: HTTP Server: Error 400 - Bad Request (/)
  Jun  1 01:38:23 badgerbookpro.local AssetCache[4811]: Request for non-whitelisted URL denied (http://192.168.1.48:62249/)
  Jun  1 01:38:23 badgerbookpro.local AssetCache[4811]: HTTP Server: Error 400 - Bad Request (/)
  Jun  1 01:43:51 badgerbookpro.local AssetCache[4811]: HTTPConnection[0x7fdc04b1b900]: responseHasAvailableData: - Sender is not current httpResponse
  Jun  1 01:44:46 badgerbookpro.local AssetCache[4811]: Request for non-whitelisted URL denied (http://192.168.1.48:62249/)
  Jun  1 01:44:46 badgerbookpro.local AssetCache[4811]: HTTP Server: Error 400 - Bad Request (/)
  Jun  1 01:45:05 badgerbookpro.local AssetCache[4811]: Request for non-whitelisted URL denied (http://192.168.1.48:62249/)
  Jun  1 01:45:05 badgerbookpro.local AssetCache[4811]: HTTP Server: Error 400 - Bad Request (/)
  Jun  1 02:51:24 badgerbookpro.local AssetCache[4811]: Request for non-whitelisted URL denied (http://192.168.1.48:62249/)
  Jun  1 02:51:24 badgerbookpro.local AssetCache[4811]: HTTP Server: Error 400 - Bad Request (/)
  Jun  1 03:55:04 badgerbookpro.local AssetCache[4811]: Server shutting down (15)
  Jun  1 03:55:04 badgerbookpro com.apple.launchd[1] (com.apple.AssetCache[4811]): Exited with code: 15

• Lion server postfix errors (and mail is NOT configured to run)

  I rebooted my Lion 10.7.1 server today and the logs (kernel and server) started filling up with the following:
  10/8/11 3:46:48.434 PM postfix/master: fatal: fe80::1%lo0:submission: valid hostname or network address required
  10/8/11 3:46:49.000 PM kernel: nstat_lookup_entry failed: 2
  10/8/11 3:46:49.000 PM kernel: nstat_lookup_entry failed: 2
  10/8/11 3:46:49.435 PM com.apple.launchd: (org.postfix.master[490]) Exited with code: 1
  10/8/11 3:46:49.435 PM com.apple.launchd: (org.postfix.master) Throttling respawn: Will start in 9 seconds
  Mail is not configured to run on my server, I've changed nothing on my system, yet the logs are getting bloated with these messages as they repeat every 10 seconds.
  I've checked the LaunchAgents and LaunchServices directories (and the plists in side), StartupItems, etc. I cannot figure out why postfix is constantly attempting to start by itself. It is running for short periods of time because if I time it right, "sudo postfix stop" returns a "stopping postfix"
  Pointers?

  "Instead of hard-coding 127.0.0.1 and ::1 loopback addresses in master.cf, specify
  "inet_interfaces = loopback-only" in main.cf. This way you can use the same master.cf file regardless of whether or not Postfix will run on an IPv6-enabled system."
  Postfix IPv6 Support

• Server postfix/cyrus - mail setup bug

  Found a bug in GUI setup for mail service.
  Then changing Database in Server Admin - Mail - Advanced to different from /var/imap. There is no changes apply to /etc/postfix/main.cf in
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
  So if Database changes to /var/imap2
  value of virtual_transport in main.cf must look like
  virtual_transport = lmtp:unix:/var/imap2/socket/lmtp
  Maybe someone found this helpful =)

  Mr. Davis,
  I looked at my DNS settings, I have 127.0.0.1 and 75.75.75.75. I'm not very familiar with DNS and I'm assuming giving it 75.75.75.75 as a DNS is only for HTTP and not MX. Any suggestions would be greatly apreciated.
  Thank you for your response.

• Download email from External Postfix Server to Leopard Mail Server?

  Any pointers to specific articles, much appreciated.
  We presently have our website and mail servers (postfix) hosted on surftown, which has squirrelmail for webmail.
  We do not have a static IP and use dyndns.
  The domain on surftown is xxxx.com
  We also run an intranet with a couple of Leopard Servers behind a VPN,with our own local DNS on intranet.xxxx.com
  I would like to take the emailserver inside the VPN and onto a Leopard Server, but leave the website on surftown.
  Is it possible to have postfix on a Leopard Server log onto the postfix server at surftown and draw the email off?
  Users would then access their email via the Leopard Server.
  If they are in the office LAN or in a satellite office connected VPN, then they will use POP/IMAP within Mail.
  If they are outside the VPN they can use Webmail via a logon with a Netgear SSL312.
  Does anyone have any experience of using the Leopard Server postfix to tap an external postfix service? It would certainly be cheaper than paying DynDNS to do a mailhop and trap.

  Look for discussions of [imapsync|http://freshmeat.net/projects/imapsync> as one potential starting point for your quest and as keyword fodder for your searches.
  This is usually one of two general classes of problem. Presuming this is a technical limitation out at your ISP (eg: they don't "do" static addresses) and not a budget-targetting effort (implying that you probably won't want to spend on a tunnel), setting up an IPv6 tunnel over IPv4 might be an alternative.

• Leopard Server Mail - Postfix or Cyrus?

  After reading and rereading Leopard manuals on Leopard website, I am
  still confused:
  Is the Mail Service in Leopard Server Postfix or Cyrus?
  Have found some excellent books on Postfix setup etc, but none on Cyrus.
  Any suggestions on where to get background and info on best practices.
  BTW -- Our mail server on 10.4.10 running fine -- migrating soon to Leopard
  by way of erase and install.
  Thanks in advance

  Both!
  The MTA (SMTP) is Postfix. The IMAP/POP server is Cyrus.
  Details here:
  http://osx.topicdesk.com/content/view/129/1/

• 10.4 Server TLS errors and other errors

  My mail server is giving me a variety of errors that I haven't been able to figure out how to fix.
  TLS server engine: cannot load cert/key data
  Feb 11 16:35:45 Mail-Server imap[421]: error initializing TLS
  Feb 11 16:35:45 Mail-Server imap[421]: TLS server engine: cannot load CA data
  Feb 11 16:35:45 Mail-Server imap[421]: unable to get certificate from '/etc/certificates/Default.crt'
  Feb 11 16:35:45 Mail-Server imap[421]: TLS server engine: cannot load cert/key data
  Feb 11 16:35:45 Mail-Server imap[421]: error initializing TLS
  DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: skiplist recovery /var/imap/user/f/frances.seen: 0240 should be ADD or DELETE
  Feb 11 16:52:15 Mail-Server imap[373]: DBERROR: opening /var/imap/user/f/frances.seen: cyrusdb error
  I'm using Plain authentication without SSL. I just bought a new MacBook Pro with 10.9.1, and whenever I send an email it says that Authentication fails, but sends the email anyway, and I'm not sure if that's something I should worry about or not.
  Feb 11 17:00:00 Mail-Server postfix/smtpd[626]: warning: AOD: Authentication failed for user rstilley. (Open Directroy error: -14090)
  Feb 11 17:00:00 Mail-Server postfix/smtpd[626]: warning: 24-178-136-163.dhcp.crtn.ga.charter.com[24.178.136.163]: SASL PLAIN authentication failed
  I haven't been able to find much out about this Open Directory error (odd that Directory is misspelled...)
  Any help anyone can give me would be most appreciated. I'll be glad to post any log files.
  Here is my postconf -n output:
  Mail-Server:/var/log root# postconf -n
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  always_bcc =
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  debug_peer_level = 2
  delay_warning_time = 1h
  disable_vrfy_command = yes
  enable_server_options = yes
  inet_interfaces = all
  luser_relay =
  mail_owner = postfix
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  maps_rbl_domains =
  maximal_queue_lifetime = 2d
  message_size_limit = 0
  mydestination = $myhostname,localhost.$mydomain,times-georgian.com
  mydomain_fallback = localhost
  myhostname = times-georgian.com
  mynetworks = 127.0.0.1/32,10.1.6.0/24
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  owner_request_special = no
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpd_client_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,permit
  smtpd_enforce_tls = no
  smtpd_helo_required = yes
  smtpd_helo_restrictions = permit_sasl_authenticated,permit_mynetworks,check_helo_access hash:/etc/postfix/helo_access,reject_non_fqdn_hostname,reject_invalid_hostname, permit
  smtpd_pw_server_security_options = plain
  smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
  smtpd_sasl_auth_enable = yes
  smtpd_tls_loglevel = 0
  smtpd_use_pw_server = yes
  smtpd_use_tls = no
  unknown_local_recipient_reject_code = 550
  Thanks in advance.

  UPDATE: My VPN is now running!
  Through a series of Firewall configuration changes, I am now able to connect and access files on the server through VPN. I still have some small details to work-out (i.e., I can't browse the Windows environment under the Network tab of My Computer). I can however map to the drive directly using the IP address.
  Windows 7 and Vista clients connect via L2TP using shared secret.

• Make your own Fax Server with Automator! (Pagesender solution for Mavericks)

  I have been scouring these discussion boards for some time now looking for a suitable substitute to PageSender, an awesome fax solution for the Mac from SmileOnMyMac LLC, which for some inexplicable reason stopped development and updates after OS 10.6.8. The result is that many small business office users who still rely on fax (and yes...no matter what they tell you, most of the business world DOES still use fax because it's legally binding and more secure than email for the transmission of legal documents or healthcare records, and does not rely on database integration accross different systems, which is sadly but very realistically still a long ways off), and no longer have a way to integrate faxes into a paperless or digital workflow office system.
  I suspect like many folks who receive faxes, those who used PageSender, used a very powerful feature to forward faxes by email, thereby turning your Mac into a Fax server that could distribute your faxes to other workstations and staff throughout the business via email. Presumably, if you have your own email server (Exchange, Kerio, AppleMail server, PostFix enabler etc.) you could distribute faxes on your own internal network, securely behind a firewall, and effectively create a digitial/paperless workflow for your faxes.
  Even if you have a USB modem or multifunction printer that allows you to recieve a Fax to your desktop (Apple's internal fax via printer preferences, and some HP models like the HP MFP 127fw) for example will allow you to recieve a Fax to a desktop folder or forward to a single email address. But the former is of limited functionaliy and the later only lets you send to an email address out over the internet with a registered public domain, which means you give up all control of privacy and means you can't process it through a private mail server to create a digital workflow for your office...
  ...Until now!!!
  I am happy to report that I have finally discovered a very easy and useable feature that will save a lot of time, money, and headaches for those looking to create a digital workflow and fax server system for a small office system. (I don't think there is any limit to scale here, but I suspect offices with more than 10 employees probably have a BizHub, or HP MFP/digital sender that can create the same process directly from the printer, but of course these come with a price tag of $2000 and up...).
  To accomplish this however, you will need some basic requirements which are as follows:
  1) A USB modem from either US Robotics or Zoom Modem. These are readily available from Amazon, MacMall or any number of other online vendors and work very well and seemlessly with all Macs running OSX right up through Mavericks
  OR
  A Multifunction printer that is capable of receiving faxes to a desktop Mac like the HP 127 fw. Other models exist from other manufacturers as well, but you will have to do a bit of research and probably check with the vendor or user manual directly to confirm that Fax to desktop is supported for Mac and OS 10.9.
  2) A dedicated Mail Server (MSFT Exchange, Kerio, MacOSX server with mail server enabled, or PostFix enalber or MailServe from Cutedge Systems)
  You will need to set up an email account on your server that is the parent for all incoming faxes from which the faxes will be sent out as part of your digital workflow. This is beyond the scope of this discussion but if you've come this far and you're still reading, you probably know  how to do this already. I recommend setting this up as a POP account, not IMAP. This way, the attatchments (your faxes) will always remain on your server as a back up, until you delete them from the server.
  3) Now simply go to System preferences and select "Printers and Scanners". Select either the Fax printer for your multifunction printer, or add a fax printer/reviever using the + button and select "Fax" if you are using a USB modem. You must have the USB modem attatched to the computer in order to use the built-in Apple Fax feature for the latter option.
  4) Now click on the receive options. Select "Recieve faxes to this computer" and set your ring answer settings. Check "Save to" and select the designated folder (either Faxes or Shared Faxes on your computer) or create a new folder. Depending on the volume of faxes, and your back up systems, you may want to designate a separate folder on a separate drive, exclusively for your Faxes. This is where all your faxes will be stored.
  5) Now launch "Automator" in your applications folder and create a new workflow. You will be presented with several options. Select "Folder Action".
  6) At the top right of the window space you will see "Folder Action receives files and folders added to" . Select the Fax folder you created in step 4.
  7)On the left hand side of the "Actions" menu select "Mail"
  8) From the list of actions select "New Mail Message" this will take the latest Fax added to your Fax folder and attach it as a PDF to a new outgoing mail. In the "TO" address put the email address that belongs to the parent account your created for the Faxes on your mail server eg. [email protected].  In the subject field you can put "Fax Workflow" or any other generic subject that will identify to all reciptients that this is an email that contains a Fax/PDF attatchment.
  Under "account" use the SMTP account you set up on your mail server to handle the routing of internal emails. In most cases, this will be the same as the parent account created above. (Effectively, this account is sending and receiving emails to itself).
  9) From the list of actions, select "Send outgoing messages".
  10) Save the Automator workflow with a name like "FaxDistribution" or "FaxFlow".
  11) Go back to the Fax folder you created in step 4. Right click or option click on the folder and scroll down the options menu and select "Folder Actions Setup". You will see a list of scripts including the Automator workflow you just created. Choose it.
  That's it!! From now on, when you get a fax, it will get dumped into the designated fax folder, and this will automatically trigger the workflow to atttach and send it as an email to anyone in your office that is set up to receive emails with the "faxserver" address. You now have a paperless fax digital workflow server system for distributing your faxes digitally to anyone in your office who needs to review your faxes. Good luck!

  Thank you for this interesting posting.

• Postfix error after update to 10.6.8

  Dear readers and admins
  After I did update SLS from 10.6.7 to 10.6.8, I got a problem with postfix smtp server.
  I did google around and found some note, that it is a problem, that a launchd org.postfix.master is running and thath's why the com.apple.postfix....... can't start up. I did then use Lingon to desable the System deamon. Now it's working.
  Was this realy the solution or is it only a luck punch?
  Thank you for anyones replay.
  Below you will see the log entries.
  Jul  4 12:14:29 server postfix/postfix-script[204]: starting the Postfix mail system
  Jul  4 12:14:31 server postfix/master[205]: daemon started -- version 2.5.5, configuration /usr/local/cutedge/postfix/etc
  Jul  4 12:21:07 server postfix/master[1904]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
  Jul  4 12:21:17 server postfix/master[1917]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
  Jul  4 12:21:27 server postfix/master[1930]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
  Jul  4 12:21:37 server postfix/master[1953]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable

  Here comes the/my solution:
  Remove Sophos Antivirus
  Thanks to boojum's remarks in https://discussions.apple.com/message/15480849#15480849 !
  Don't forget to use Sophos' deinstall package: /Macintosh HD/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg
  Nevertheless, some settings have been re-initialized (no complete list!):
  - Dock
  - Language has been reset to English only
  - Expose & Spaces
  (- probably all personal settings?)

• Spam Email Server Account Hijacked

  Hello everyone,
  I've been having a lot of trouble with one particular email server. I've posted a couple of questions but nobody has answered me so I went and re-installed the whole server by changing it's static IP and adding an Airport Extreme in between so that the server only does DNS, Open Directory, File Sharing and Email.
  Everything it's been going well until one user started receiving email notifications about mail returned messages.
  I've tried several things:
  - Removed the non SSL website so I only left the Webmail on 443
  - Changed to more secure passwords
  - Lock the account after 10 bad passwords (the user gets blocked every couple of hours)
  - Deactivate the POP protocol as nobody is using it, we are only using
  - Tried blocking some Russian IPs because I noticed that all the emails are Reply To the domain ngs.ru but from the logs it looks like it's going through locally.
  My user has only Macs and iOS products so even though it's a mixed environment I don't think there could be a Malware doing this.
  I don't know what else can I do, I really want to avoid the server getting blacklisted and I've been looking for help so I would really appreciate if someone can provide me some guidance.
  Here's the postconf -n:
  server:~ administrator$ sudo postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debug_peer_level = 2
  enable_server_options = yes
  header_checks = pcre:/etc/postfix/custom_header_checks
  html_directory = /usr/share/doc/postfix/html
  inet_interfaces = all
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailbox_transport = dovecot
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  maps_rbl_domains =
  message_size_limit = 0
  mydestination = $myhostname, localhost.$mydomain, localhost, ecogenia.ca, server.ecogenia.ca, localhost.localdomain, $mydomain
  mydomain = ecogenia.ca
  mydomain_fallback = localhost
  mynetworks = 127.0.0.0/8,192.168.1.0/24,207.115.108.190
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpd_client_restrictions = hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
  smtpd_enforce_tls = no
  smtpd_helo_required = yes
  smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
  smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
  smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks  reject_unauth_destination check_policy_service unix:private/policy permit
  smtpd_sasl_auth_enable = yes
  smtpd_tls_CAfile = /etc/certificates/server.ecogenia.ca.B9BEBCFA9A643188A6A20932B602BC15FBEB0C4F.c hain.pem
  smtpd_tls_cert_file = /etc/certificates/server.ecogenia.ca.B9BEBCFA9A643188A6A20932B602BC15FBEB0C4F.c ert.pem
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  smtpd_tls_key_file = /etc/certificates/server.ecogenia.ca.B9BEBCFA9A643188A6A20932B602BC15FBEB0C4F.k ey.pem
  smtpd_use_pw_server = yes
  smtpd_use_tls = yes
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  virtual_alias_domains = $virtual_alias_maps hash:/etc/postfix/virtual_domains
  virtual_alias_maps = hash:/etc/postfix/virtual_users
  These are some of the logs I've been seeing:
  Dec  4 04:06:51 server postfix/smtpd[19291]: NOQUEUE: reject: RCPT from unknown[95.65.176.14]: 554 5.7.1 Service unavailable; Client host [95.65.176.14] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=95.65.176.14; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[95.65.176.14]>
  Dec  4 04:08:54 server postfix/smtp[19353]: 7897321698B: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=10/0/0/10, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=17722-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as F0C1121699B)
  Dec  4 05:08:14 server postfix/smtp[21213]: 43A6E216C47: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=11/0.02/0/5.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=17722-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as A6914216C55)
  Dec  4 05:16:28 server postfix/smtp[21479]: 6A7D8216CB8: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=11/0.02/0.01/5.6, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=17723-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B435E216CC4)
  Here is an example of the emails returned that the user has never sent:
  From: "Mail Delivery System" <[email protected]>
  Subject: Undelivered Mail Returned to Sender
  Date: 3 December, 2012 1:08:42 PM EST
  To: [email protected]
  Nous sommes desoles de vous informer que votre message n a pas
  pu etre remis a un ou plusieurs de ses destinataires.
  Ceci est un message automatique genere par le serveur mwinf5d38.orange.fr.
  Merci de ne pas y repondre. This is the mail system at host mwinf5d38.orange.fr.
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients.                  The mail system <[email protected]>: host mail.ru[94.100.176.20] said: 550
  spam message discarded. Please visit http://mail.ru/notspam/abuse?c=dK3Cqtwc2M_u_NHfPpZdr5kaLTUE1R6jDAAAAPoyAAATz4o6 or report details to [email protected]. Error code: AAC2AD74CFD81CDCDFD1FCEEAF5D963E352D1A99A31ED504. ID: 0000000C000032FA3A8ACF13.  
  From: Вера Краснова <[email protected]>
  Subject: Кредит под конец года каждому, успевайте оставить заявку на кредит в декабре.
  Date: 3 December, 2012 12:59:23 PM EST
  To: Дина <[email protected]>
  Reply-To: Вера Краснова <[email protected]>
  Доброе время суток, в четвертом квартале 2012 года Вы проявляли интерес к нашим кредитным программам, сообщаем Вам, что Ваша заявка получила одобрение от службы безопасности нескольких банков и мы просим заполнить заявку на кредит на сайтеhttp://renessanscapital.ru/ 
  С уважением, Вера Краснова
  т. +7 (913) 574-24-76
  skype: credit.skype
  ICQ: 6573118
  Внимание! Для того, чтобы отписаться от рассылки нужно один раз отправить заявку на получение кредита на странице http://renessanscapital.ru/ после чего на Ваш e-mail больше не будут отправляться письма.
  I'll really appreciate anyone's help.

  I've been getting a lot of bounce backs from the same SMTP server as you to our email domain as well.
  The offending server mwinf5d55.orange.fr is sending "backscatter" spam which should be simply dropped by them instead of bouncing back to the "FROM" address.
  Because of this problem of bounced emails, I've tweaked our SPF (Sender Policy Framework) DNS TXT entry for our email domain to help receiving mailservers know what our legitimate OUTBOUND smtp mail servers actually are.  This should allow correctly configured email servers to drop any email from mwinf5d55.orange.fr because it is not a valid source of email for our domain.
  (See http://www.openspf.org/SPF_Record_Syntax for some syntax)
  Some details that I've dug up:
  The SMTP server at orange.fr is accepting mail based on forged FROM: addresses which bounce back to you by the receiving target TO: address mailservers. 
  Eg. From your email bounce back message:  host mail.ru[94.100.176.20] said: 550 spam message discarded.
  I'm not sure if the spammer is using the mwinf5d55.orange.fr smtp server as an open relay or if it's using someone else's smtp username and password to send mail.
  If you look at the email headers of the original bounced (spam) email that caused the backscatter it shows for example (from one of our bounces that I've received):
  Received: from Unknown ([92.46.248.56])
  by mwinf5d55 with ME
  id 7XfA1l00l1Dkwus03XfJsw; Mon, 04 Mar 2013 20:39:43 +0100
  X-ME-IP: 92.46.248.56
  X-ME-Entity: ofr
  When you look up the IP address source of that email it shows that it is coming from "JSC Kazakhtelecom, West Kazakhstan Affiliate".
  http://en.utrace.de/whois/92.46.248.56
  If you lookup the original source email and find that it's from your original user's computer then you have a problem.  If it's from a compromised machine overseas that's sending forged spam on your user's behalf, then there's not too much you can do about it short of publishing a correct SPF record.
  Hope that helps.

• Server does not send mails

  I have a problem with the mail server.
  He sends some mails not to other mail servers.
  I get back the message with the error:
  host mail.domain.de [...IP...] said: 554 5.7.1
  <unknown [...IP...]>: Client host rejected: <-- please use SMTP-AUTH
  for mail delivery, POP-before-SMTP support has been expired
  The SMTP Logfile:
  Jan 14 12:04:23 server postfix/smtp[77846]: 81FD09116D: to=<[email protected]>, relay=mail.domain.de[…IP…]:25, delay=0.12, delays=0/0.01/0.08/0.04, dsn=5.7.1, status=bounced (host mail.domain.de[…IP…] said: 554 5.7.1 <unknown[...IP...]>: Client host rejected: <-- please use SMTP-AUTH for mail delivery, POP-before-SMTP support has been expired --- bitte nutzen Sie SMTP-AUTH zum Mailversand, POP-before-SMTP wird nicht mehr unterstuetzt: <a class="jive-link-external-small" href="http://">http://smtp-auth.info --> (in reply to RCPT TO command))
  Jan 14 12:04:27 server postfix/cleanup[77842]: A5F9A91170: message-id=<[email protected]>
  Jan 14 12:04:27 server postfix/bounce[77847]: 81FD09116D: sender non-delivery notification: A5F9A91170
  Jan 14 12:04:27 server postfix/qmgr[77776]: A5F9A91170: from=, size=3504, nrcpt=1 (queue active)
  Jan 14 12:04:27 server postfix/qmgr[77776]: 81FD09116D: removed
  postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  header_checks = pcre:/etc/postfix/customheaderchecks
  html_directory = /usr/share/doc/postfix/html
  inet_interfaces = all
  localrecipientmaps =
  mail_owner = _postfix
  mailboxsizelimit = 0
  mailbox_transport = dovecot
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  messagesizelimit = 10485760
  mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  mydomain = home.de
  mydomain_fallback = localhost
  mynetworks = 127.0.0.0/8,192.168.112.0/24
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpsasl_authenable = no
  smtpsasl_passwordmaps =
  smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
  smtpdenforcetls = no
  smtpdhelorequired = yes
  smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname
  smtpdpw_server_securityoptions = gssapi,cram-md5,login,plain
  smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
  smtpdsasl_authenable = yes
  smtpdtlsCAfile = /etc/certificates/server.home.de.2348FC1580BA9FB417961D5931800EFA6B331800.chain .pem
  smtpdtls_certfile =
  smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
  smtpdtls_keyfile =
  smtpdtlsloglevel = 0
  smtpduse_pwserver = yes
  smtpdusetls = no
  unknownlocal_recipient_rejectcode = 550
  virtualaliasdomains = $virtualaliasmaps
  virtualaliasmaps =
  What is wrong?
  Message was edited by: kadametz
  Message was edited by: kadametz

  If you want your mail delivered properly the Official Host Name of the sending server should match the PTR (reverse DNS) of the sending IP Address, and there should be an "A" record that matches the OHN as well.
  Example:
  mail.yourdomain.com (Official Host Name) on 123.123.123.123
  PTR for 123.123.123.123 should match mail.yourdomain.com
  There should be an A record in yourdomain.com pointing to 123.123.123.123
  Kostas

• Postfix did not reject as it should

  Not sure what happened here. The mail should have been rejected by postfix. Server is configured to reject mail for addressed that don't exist. But this one got through.
  Jan 16 22:31:19 server postfix/smtpd[25246]: BBE9222C452: client=h97.183.28.71.ip.alltel.net[71.28.183.97]
  Jan 16 22:31:20 server postfix/cleanup[25212]: BBE9222C452: message-id=<000b01c739be$0a7b4a10$00000000@computer1>
  Jan 16 22:31:20 server postfix/smtpd[25192]: disconnect from ns2.e-mango.com[217.33.105.151]
  Jan 16 22:31:20 server postfix/qmgr[24717]: BBE9222C452: from=<[email protected]>, size=11532, nrcpt=1 (queue active)
  Jan 16 22:31:20 server postfix/smtpd[25246]: disconnect from h97.183.28.71.ip.alltel.net[71.28.183.97]
  Jan 16 22:31:44 server postfix/smtpd[25250]: connect from localhost[127.0.0.1]
  Jan 16 22:31:44 server postfix/smtpd[25250]: 2B1D922C475: client=localhost[127.0.0.1]
  Jan 16 22:31:44 server postfix/cleanup[25212]: 2B1D922C475: message-id=<000b01c739be$0a7b4a10$00000000@computer1>
  Jan 16 22:31:44 server postfix/qmgr[24717]: 2B1D922C475: from=<[email protected]>, size=12299, nrcpt=1 (queue active)
  Jan 16 22:31:44 server postfix/smtpd[25250]: disconnect from localhost[127.0.0.1]
  Jan 16 22:31:44 server postfix/smtp[25213]: BBE9222C452: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=25, status=sent (250 2.6.0 Ok, id=24794-05, from MTA: 250 Ok: queued as 2B1D922C475)
  Jan 16 22:31:44 server postfix/qmgr[24717]: BBE9222C452: removed
  Jan 16 22:31:48 server postfix/pipe[25253]: 2B1D922C475: to=<[email protected]>, relay=cyrus, delay=4, status=bounced (data format error. Command output: admin: Mailbox does not exist )
  Jan 16 22:31:48 server postfix/cleanup[25212]: 6C0AF22C477: message-id=<[email protected]>
  Jan 16 22:31:48 server postfix/qmgr[24717]: 6C0AF22C477: from=, size=14059, nrcpt=1 (queue active)
  Jan 16 22:31:48 server postfix/qmgr[24717]: 2B1D922C475: removed
  Jan 16 22:31:56 server postfix/smtp[25258]: 6C0AF22C477: to=<[email protected]>, relay=pop.edata.com.br[66.98.198.69], delay=8, status=bounced (host pop.edata.com.br[66.98.198.69] said: 550 sorry, no mailbox here by that name. (#5.7.17) (in reply to RCPT TO command))
  Jan 16 22:31:56 server postfix/qmgr[24717]: 6C0AF22C477: removed

  Presumably you mean: [email protected] does not exist? Do other non-existent recipients get a straight 550 reject? (try one to test if needed).
  We'll also need the output from Terminal command "postconf -n".
  -david