• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Client mail rejected

Z

zszymczyk

New Pleskian
Hi,

My client wants to send an email to me but he is receiving a message from MAILER-DAEMON :

Subject: Failure notice
XX.XX.XX.XX failed on DATA command.
Remote host said: / Zdalny host odpowiedzial: 550 5.7.1 Command rejected SSL (def)

My maillog:
/var/log/maillog:5058:Feb 16 11:49:13 host postfix/smtpd[10450]: AB4D42242B: milter-reject: DATA from 5E9892C6.static.tld.pl[94.152.146.198]: 550 5.7.1 Command rejected; from=<xxx@xxx> to=<yyy@yyy> proto=ESMTP helo=<5E9892C6.static.tld.pl>

Adding 94.152.146.198/32 to whitelist is not helping.

My configuration after postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 26214400
mydestination = localhost.$mydomain, localhost, localhost.localdomain
myhostname = XXX
mynetworks = , hash:/var/spool/postfix/plesk-pop/poplock, 94.152.146.198/32
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters =
plesk_virtual_destination_recipient_limit = 1
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.11.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.11.5/samples
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client sbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org
smtpd_milters = inet:127.0.0.1:12768
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_timeout = 3600s
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_medium_cipherlist = HIGH:!aNULL:!MD5
tls_ssl_options = NO_COMPRESSION
transport_maps = , hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:30
 
Hello zszymczyk,

Did you see Mail rejected when greylisting is turned on: 550 5.7.1 Command rejected ? As I see, external mail server has domain `5E9892C6.static.tld.pl` and contain word "static" in the name; it is not good PTR-record for mail-server.

I checked blacklist with the patch from the KB:
Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dsl|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up
Click to expand...

So, I suggest changing PTR-record for the remote server if it possible because of it the best solution.
Otherwise, add to whitelist remote mail-server by the domain name (or change pattern with "static" from blacklist).
 
Thanks @Mark Muyskens and @AYamshanov.

I did what you suggested but the problem is still there. Greylisting is enabled and client domain is added to the whitelist.
So I still don't know what to change to allow mail server without reverse DNS.
 
You must log in or register to reply here.

Similar threads

B
Resolved no SASL authentication mechanisms
2
Replies
21
Views
5K
bork
B
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
P
Resolved Use PLESK/Postfix mailservice in combination with Office 365 - Problems sending mails to same domain (from local to office)
Replies
3
Views
3K
Jargon
J
Abdelkarim Mateos
Question 454 4.7.1 Relay access denied. Please check the recipient and try again.
Replies
2
Views
3K
Abdelkarim Mateos
Abdelkarim Mateos
R
Resolved Plesk behind HAProxy
Replies
5
Views
3K
razertechDE
R
Back
Top