Hello, My config is ubuntu 20.04 with ispconfig 3.2.8p1 I run Docker with zulip inside Zulip is sending email from contzainer ip 172.18.0.3 But, my postfix conf refuses it : Code: Apr 26 22:25:14 ns postfix/submission/smtpd[991667]: NOQUEUE: filter: RCPT from unknown[172.18.0.3]: <[email protected]>: Sender address triggers FILTER lmtp:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1ea9e5170a90> Apr 26 22:25:14 ns postfix/submission/smtpd[991667]: NOQUEUE: reject: RCPT from unknown[172.18.0.3]: 450 4.1.1 <[email protected]>: Recipient address rejected: unverified address: connect to 127.0.0.1[127.0.0.1]:10025: Connection refused; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1ea9e5170a90> I check server setting : I would like to keep that setting for security reason. So, I think it should be possible to whitelist that local ip for postfix ? I use postscreen but I am not sure that postcreen whitelist is the right way ? What do you advice ?
Is postfix listening on port 10025? It should have a service definition in master.cf. This won't help the issue in your logs, the reason it was rejected has nothing to do with the client ip. Similarly, postscreen is not rejecting the message, so nothing you whitelist in postscreen can help.
I dig Code: grep -r 10025 /etc/postfix/* /etc/postfix/main.cf:address_verify_virtual_transport = smtp:[127.0.0.1]:10025 /etc/postfix/main.cf:address_verify_transport_maps = static:smtp:[127.0.0.1]:10025 and Code: netstat -tunelp | grep master tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 0 201275 98388/master tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 0 201281 98388/master tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 201260 98388/master tcp6 0 0 :::587 :::* LISTEN 0 201276 98388/master tcp6 0 0 :::465 :::* LISTEN 0 201282 98388/master tcp6 0 0 :::25 :::* LISTEN 0 201261 98388/master ... That part of code is missing in master.cf... Code: 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o address_verify_virtual_transport=$virtual_transport -o address_verify_transport_maps=$transport_maps Thanks a lot for your help
it seems to be amavis ? This should be a setup from ispconfig ? I don't understand I have that : May be something missing in install. I check
I did that Code: php -q update.php and now it is solved ! Don't know why it was not in, right first time ?
Due to all postfix calls, fail2ban banned my ip. I unban it. but now I would like to add 'ignoreip' In /etc/fail2ban/jail.local section [postfix] I want to add ignoreip = 172.18.0.0/28 is that correct ? does it unban 172.18.0.3 in case of future issue with postfix ?
That is the correct item to add in order to whitelist the client; you also need to ensure it is the "postfix" jail that is matching. It ignores future log entries from that cidr range; simply restarting fail2ban might unban it.
If you add your ignoreip to see postfix jail, but it is eg. postfix-sasl which is matching and blocking, you will still get blocked. You can see the name of the jail that matched in fail2ban.log.
