I have a user who installed vpn/ip masking software for web browsing. It appears to also affect thunderbird. He can’t send email. I’m running Ubuntu 16, postfix, and dovecot. I’d prefer to keep postfix locked down so it can’t be used by random people as a relay. How can I allow the user to send email when his ip address is changing randomly?
No one else is affected.
Hello,
Can you please describe the issue that the user is experiencing with more details? Is he receiving any error messages when trying to use Thunderbird or the messages? Also when you say that postfix is locked down, do you mean that you need to whitelist IPs in order for someone to connect and send their emails?
Looking forward to your reply.
Alex
Postfix main.cf
e See /usr/share/postfix/main.cf.dist for a commented, more complete version 20120805 set relayhost to mail.marchreport.com to get aroun arin 20121011 undo above change 20160825 RS add greylisting using postgrey (check_policy 20180603 RS temp tuen off mailman Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname Moved the queue!queuedirectory = /usr/local/postfix
smtpdbanner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
defaultdestinationrecipientlimit = 80
defaultdestinationconcurrencylimit = 60
localdestinationconcurrencylimit = 10
smtpmxsessionlimit=75
smtpdestinationconcurrency_limit = 75
bouncequeuelifetime = 12h
maximalqueuelifetime =1d
minimalbackofftime = 300s
maximalbackofftime = 1000s
qmgrmessageactivelimit = 50000
qmgrmessagerecipientlimit = 50000
disablednslookups = no
ownerrequestspecial = no
localrecipientmaps = proxy:unix:passwd.byname $aliasmaps
smtpdhelorequired = yes
disablevrfycommand = yes
strictrfc821_envelopes = yes
relaydomainsrejectcode = 554
unknownaddressrejectcode = 550
unknownclientrejectcode = 554
unknownhostnamerejectcode = 550
unknownlocalrecipientrejectcode = 554
unknownrelayrecipientrejectcode = 554
nonfqdnrejectcode = 554
invalidhostnamerejectcode = 554
multirecipientbouncerejectcode = 554
unknownvirtualaliasrejectcode = 554
unknownvirtualmailboxrejectcode = 554
unverifiedsenderreject_code = 554
home_mailbox = Maildir/
Max size of any message with envelope - extra big for mailing those logs Probably shouldn’t be mailing them. Rachel 1/12/08 increased 3^?20121230 by RSmessagesizelimit = 30960000
Size of a mailbox or mailfile - must be smaller than above numbermailboxsizelimit = 40960000
Adjusted to fight dos 1/27/13smtpdclientconnectionratelimit = 100
smtpdclientconnectioncountlimit = 50
smtpdclientconnectionlimitexceptions = $mynetworks,.sgeinc.com,localhost
defaultprocesslimit = 50defaultprocesslimit = 150
appending .domain is the MUA’s job.appenddotmydomain = no
Uncomment the next line to generate “delayed mail” warnings delaywarningtime = 12h Slow down bad sitessmtpdsofterrorlimit = 10
smtpdharderrorlimit = 20
smtpderrorsleep_time = 1s
smtpdtlscertfile=/usr/lib/ssl/certs/dovecot.pem
smtpdtlskeyfile=/usr/lib/ssl/private/dovecot.pem
smtpdusetls=yes
smtpdtlsauthonly=no
smtpdtlssessioncachedatabase = btree:$queuedirectory/smtpdtlscache
smtptlssessioncachedatabase = btree:$queuedirectory/smtpscache
myhostname = sge.sgeinc.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
,hash:/usr/local/mailman/data/aliases virt domain stuff here - spgvirtualaliasdomains = hash:/etc/postfix/virtualaliasdomains
virtualaliasmaps = hash:/etc/postfix/virtualaliasmaps
myorigin = /etc/mailname
mydomain = sgeinc.com
mydestination = sge.sgeinc.com, $mydomain, localhost.$mydomain localhost
relayhost =
mynetworks = 159.89.179.40,127.0.0.0/8,192.168.0.0/16,100.4.219.205,89.187.178.196
89.187.178.196 100.4.219.205 rmarczak See above mailbox limit mailboxsizelimit = 0recipientdelimiter = +
inet_interfaces = all
smtpdsenderrestrictions =
permitmynetworks,
rejectnonfqdnsender,
rejectunknownsender_domain,
permit
smtpdrelayrestrictions =
smtpdclientrestrictions =
2015-11-14 RS add header checks via pcre (Perl regular expressions) 2018-06-03 RS remove temporarily headerchecks = pcre:/etc/postfix/headerchecks.pcresmtpdrecipientrestrictions =
#permitmynetworks,
#rejectnonfqdnrecipient,
rejectinvalidhostname,
rejectunauthpipelining,
checkclientaccess hash:/var/lib/pop-before-smtp/hosts,
rejectunknownsenderdomain,
rejectunknownrecipientdomain,
permitmynetworks,
checkclientaccess hash:/etc/postfix/internalnetworks,
checksenderaccess hash:/etc/postfix/notourdomainassender,
rejectunauthdestination,
checkrecipientaccess hash:/etc/postfix/roleaccountexceptions,
checkheloaccess hash:/etc/postfix/helochecks,
#rejectnonfqdnhostname,
rejectinvalidhostname,
checksendermxaccess cidr:/etc/postfix/bogusmx,
#rejectrblclient bl.spamcop.net,
rejectrhsblsender dsn.rfc-ignorant.org,
rejectrblclient combined.rbl.msrbl.net,
rejectrblclient multi.uribl.com,
#rejectrblclient dul.dnsbl.sorbs.net,
rejectrblclient sbl-xbl.spamhaus.org,
#rejectrblclient dnsbl.sorbs.net,
rejectrblclient cbl.abuseat.org,
rejectrblclient ix.dnsbl.msrbl.net,
rejectrblclient rabl.nuclearelephant.com,
# The following checks the greylist
checkpolicyservice inet:127.0.0.1:10023,
#rejectunverified_sender,
permit
relay_domains=lists.sgeinc.com
relayrecipientmaps =hash:/var/lib/mailman/data/virtual-mailmantransport_maps = hash:/etc/postfix/transport
mailmandestinationrecipient_limit = 1smtpdrestrictionclasses =
hasourdomainassender
hasourdomainassender =
checksenderaccess hash:/etc/postfix/ourdomainas_sender
reject
smtpdtlsexclude_ciphers = EXPORT
Maybe the problem is with dovecot not recording the pop-before-smtp stuff. Might be lost when I changed to DO.
