0

I'm getting this error in my mail log:

Feb 29 21:06:14 mail postfix/smtpd[29464]: NOQUEUE: reject: RCPT from mail-vi1eur05olkn2106.outbound.protection.outlook.com[40.92.90.106]: 451 4.3.5 nicolo@indst.eu: Recipient address rejected: Server configuration error; from=nicolo.****@hotmail.it to=nicolo@indst.eu proto=ESMTP helo=<EUR05-VI1-obe.outbound.protection.outlook.com>

I recently installed rspamd and postgrey, but if I disable postgrey I get the same error.

This is my postfix config:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

transport_maps = hash:/etc/postfix/transport

# Throttle limit policy mail (global)
smtp_destination_concurrency_limit = 4
polite_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10

# Polite policy
polite_destination_concurrency_limit = 3
polite_destination_rate_delay = 1s
polite_destination_recipient_limit = 10

# Turtle policy
turtle_destination_concurrency_limit = 2
turtle_destination_rate_delay = 1s
turtle_destination_recipient_limit = 10
smtpd_sender_restrictions =
reject_unknown_sender_domain
permit_mynetworks
permit_sasl_authenticated
reject_unknown_reverse_client_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_helo_access hash:/etc/postfix/helo_access
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/indst.eu/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/indst.eu/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

# Virtual domains, users, and aliases

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains
myhostname = mail.indst.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = indst.eu
mydestination = $myhostname, localhost.indst.eu, localhost
relayhost = 
mynetworks = 164.68.123.81 192.168.1.0/24 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
relay_domains = indst.eu
#home_mailbox = Maildir/
mailbox_command = 
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =  permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient,  reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unknown_reverse_client_hostname, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023, permit
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtp_use_tls=yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
mail.indst.eu = mail.indst.eu
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf


maximal_queue_lifetime = 1d
delay_warning_time = 0h
bounce_template_file = /etc/postfix/bounce.cf
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332

Thank you for your help.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
Nicolò
  • 25
  • 1
  • 10
  • Is there any relevant error message being logged during Postfix startup once you restart it? – Anderson Medeiros Gomes Feb 29 '20 at 20:47
  • Welcome to Server Fault. Congrats on finding the solution yourself. Since you found your solution, it would be great if you could post it as an answer with details on how you found & fixed the issue, and then accept the solution. That way, this question won't be "open" indefinitely, and others will see the accepted solution. – David W Mar 01 '20 at 11:41
  • Well if nothing else it can be closed by flagging the post with "should be closed" -> "post is unclear". – Lasse Michael Mølgaard Mar 01 '20 at 18:51

1 Answers1

1

Solved, Postfix wasn't finding hash:/etc/postfix/roleaccount_exceptions.

Removing it from smtpd_recipient_restrictions solved my issue.

Nicolò
  • 25
  • 1
  • 10