debian – Postfix rejects all incoming emails

My mail server was working well so far, but for unknown reasons, possibly after setting up a forced TLS connection, I am no longer able to receive emails; I did, however, test it during the TLS setup, and I'm pretty sure it worked at the time. The sending still works just like the connection and use of Roundcube.

If I tried to clean both my master.cf and my main.cf but to no avail, and I can not understand what is happening. What bothers me is that it seems that the list of restrictions used by postfix is ‚Äč‚Äčthat of the relay and not that of the recipient and I can not understand why it would not use that of the recipient .

Postfix version: 2.11.3

The log file (debugging enabled):

Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=reject_unknown_sender_domain status=0
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): >>> END Sender address RESTRICTIONS <<<
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): >>> START Recipient address RESTRICTIONS <<<
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=permit_mynetworks
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): permit_mynetworks: mail-il1-f172.google.com 209.85.166.172
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostname: mail-il1-f172.google.com ~? 127.0.0.0/8
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostaddr: 209.85.166.172 ~? 127.0.0.0/8
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostname: mail-il1-f172.google.com ~? (::ffff:127.0.0.0)/104
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostaddr: 209.85.166.172 ~? (::ffff:127.0.0.0)/104
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostname: mail-il1-f172.google.com ~? (::1)/128
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostaddr: 209.85.166.172 ~? (::1)/128
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostname: mail-il1-f172.google.com ~? 88.191.5.85/32
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_hostaddr: 209.85.166.172 ~? 88.191.5.85/32
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_list_match: mail-il1-f172.google.com: no match
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): match_list_match: 209.85.166.172: no match
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=permit_mynetworks status=0
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=reject_unauth_destination
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): reject_unauth_destination: me@myaddress.com
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): permit_auth_destination: me@myaddress.com
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): ctable_locate: move existing entry key me@myaddress.com
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=reject_unauth_destination status=0
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=permit_sasl_authenticated
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=permit_sasl_authenticated status=0
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=reject
## ERROR HERE ## Nov 13 00:08:01 sd-123 postfix/smtpd(6005): NOQUEUE: reject: RCPT from mail-il1-f172.google.com(209.85.166.172): 554 5.7.1 : Recipient address rejected: Access denied; from= to= proto=ESMTP helo=
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): generic_checks: name=reject status=2
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): >>> END Recipient address RESTRICTIONS <<<
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): report recipient to all milters (flags=0x1)
Nov 13 00:08:01 sd-123 postfix/smtpd(6005): > mail-il1-f172.google.com(209.85.166.172): 554 5.7.1 : Recipient address rejected: Access denied

Here is the release of postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
debug_peer_list = 209.85.166.0/24 ## Debugging purpose for gmail
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 1280000000
milter_connect_macros = i j {daemon_name} v {if_name} _
milter_default_action = accept
milter_protocol = 6
mydestination = myaddress.com mail.myaddress.com, sd-123.host.com, localhost.host.fr, localhost
myhostname = mail.myaddress.com
mynetworks = 127.0.0.0/8 (::ffff:127.0.0.0)/104 (::1)/128 some.random.ip/32
myorigin = /etc/mailname
non_smtpd_milters = unix:/opendkim/opendkim.sock,unix:/opendmarc/opendmarc.sock
policyd-spf_time_limit = 3600
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /etc/letsencrypt/live/mail.myaddress.com/fullchain.pem
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = unix:/spamass/spamass.sock,unix:/opendkim/opendkim.sock,unix:/opendmarc/opendmarc.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_unauth_destination, permit
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.myaddress.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.myaddress.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.myaddress.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

Relevant master.cf submission conf:

submission inet n - - - - smtpd                                                                                                                                                                                     
 -o syslog_name=postfix/submission                                                                                                                                                                                  
 -o smtpd_tls_security_level=encrypt                                                                                                                                                                                
 -o smtpd_sasl_auth_enable=yes                                                                                                                                                                                      
 -o smtpd_sasl_type=dovecot                                                                                                                                                                                         
 -o smtpd_sasl_path=private/auth                                                                                                                                                                                    
 -o smtpd_sasl_security_options=noanonymous                                                                                                                                                                         
 -o smtpd_sender_login_maps=mysql:/etc/postfix/mysql-email2email.cf                                                                                                                                                 

 #-o smtpd_sender_restrictions=reject_sender_login_mismatch -- ORIGINAL // new value was extracted from main.cf                                                                                                     
 -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_tls_clientcerts,reject_non_fqdn_sender,reject_unknown_sender_domain                                                                

 -o smtpd_sasl_local_domain=$myhostname                                                                                                                                                                             
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject                                                                                                                                                      
#-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject ;; original value, but main.cf should be better

Relevant conf of main.cf:

smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject
smtpd_recipient_restrictions =                                                                                                                                                                                      
                             permit_sasl_authenticated,                                                                                                                                                             
                             permit_mynetworks,                                                                                                                                                                     
                             check_policy_service unix:private/policyd-spf,                                                                                                                                         
                             reject_unauth_pipelining,                                                                                                                                                              
                             reject_invalid_hostname,                                                                                                                                                               
                             reject_non_fqdn_sender,                                                                                                                                                                
                             reject_unknown_sender_domain,                                                                                                                                                          
                             reject_non_fqdn_recipient,                                                                                                                                                             
                             reject_unknown_recipient_domain,                                                                                                                                                       
                             reject_rbl_client bl.spamcop.net,                                                                                                                                                      
                             reject_rbl_client zen.spamhaus.org,                                                                                                                                                    
                             reject_rbl_client dnsbl.sorbs.net,                                                                                                                                                     
                             reject_unauth_destination,                                                                                                                                                             
                             permit
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = encrypt
smtp_tls_security_level = may
smtpd_sasl_security_options = noanonymous

Incoming emails not Google in my Gmail inbox

If I create a Gmail account with a school address other than Google, do I receive emails sent to this address in my Gmail inbox?

Thank you

macOS VPS: How to allow incoming connections if it is an OpenVPN client?

When I use OpenVPN as a client on a macOS VPS, the connection is broken and I can not connect via SSH or VNC anymore. How can I avoid such a problem?

graphs and networks – How to list incoming links to a node

Suppose I have the edges defined below. From there, can we generate a list of all the nodes in connection with all the other nodes? For example, 17 nodes are connected to node 5 (that is, 17 nodes are referred to as node 5 as a directed link) and {27,23,22,21,4,25,7,24,30,15,18,19,29,3,8,9,10}. How can I generate a set like this (a set of entries) for all the nodes of the chart?

edges = {5 -> 27, 27 -> 5, 5 -> 23, 23 -> 5, 27 -> 23, 23 -> 27,     5
-> 22, 22 -> 5, 27 -> 22, 22 -> 27, 5 -> 21, 21 -> 5, 27 -> 21,     21 -> 27, 5 -> 4, 4 -> 5, 27 -> 4, 4 -> 27, 5 -> 25, 25 -> 5,     27 -> 25, 25 -> 27, 5 -> 7, 7 -> 5, 5 -> 24, 24 -> 5, 27 -> 26,     26 ->
 27, 27 -> 24, 24 -> 27, 24 -> 20, 5 -> 30, 30 -> 5, 15 -> 5,     5 ->
 18, 18 -> 5, 5 -> 19, 19 -> 5, 15 -> 18, 18 -> 15, 18 -> 19,     19 ->
 18, 29 -> 5, 5 -> 29, 29 -> 27, 27 -> 29, 29 -> 1, 1 -> 29,     29 ->
 18, 18 -> 29, 29 -> 15, 15 -> 29, 28 -> 29, 29 -> 30,     30 -> 29, 5
 -> 11, 18 -> 16, 16 -> 18, 18 -> 17, 56 -> 18,     15 -> 12, 12 -> 15, 15 -> 13, 13 -> 15, 15 -> 14, 14 -> 15, 5 -> 3,
     3 -> 5, 5 -> 8, 8 -> 5, 5 -> 9, 9 -> 5, 5 -> 10, 10 -> 5, 5 -> 31,
     27 -> 31, 5 -> 32, 27 -> 32, 5 -> 33, 27 -> 33, 5 -> 34, 27 -> 34,
     5 -> 35, 27 -> 35, 5 -> 36, 27 -> 36, 5 -> 37, 27 -> 37, 5 -> 38,     27 -> 38, 5 -> 39, 27 -> 39, 5 -> 40, 27 -> 40, 21 -> 41, 42 -> 9,    
 1 -> 6, 6 -> 1};

multithreading – Best way to take multiple TCP connections, read incoming data and send it back to Golang's main thread?

I want to take data from my gorutines and add them to the main thread / goroutine. The problem is that I need the gorutines to remain open because the data can go through the connection at any time of the program.

I can think of two ways to do it eventually …

  1. Use the channels somehow. I'm not sure how to proceed that way, but I feel that there might be a way to do it.

  2. In each goroutine, add yourself to a queue and read it in the main thread. Make sure to lock the queue whenever someone adds / reads from it. In addition, you must find out how to make the main thread continue to work when the gorutines also continue to run in the background.

Which option do you think is the best? Also, how would you go about solving the problem? If there is another better way, do not hesitate to let me know.

Thank you!

Honeypot stores the IP address of the gateway of the VM instead of the incoming one

There is a virtual box (Virtual Box) managed by OS Xubuntu and a kippo (ssh-trap) on it. NATs have been adjusted in the VM configurations with port forwarding as follows: ssh tcp 195.xxx 22 10.0.2.15 22 (name of the rule – protocol – current host – host port – IP of the virtual machine – VM port). The honeypot logs all login attempts but writes the IP address of the virtual machine gateway instead of the incoming addresses. Can any one explain how to solve this problem?

wi fi – Android 9 on Sony Xperia XA2 not accepting any incoming connection over WiFi

I had an XA2 and made all the updates, which gave me Android 9. I have a few other Android devices, but all on versions 6 through 8.

I regularly use FTP servers on Android devices to transfer files to it. And it has always worked – but on this one, does not work. I launch WiFi FTP and it indicates that it started but that the PC can not connect to it.

After some forum tips, to see if the problem concerns the FTP protocol, I have installed Asus File Manager, which accepts HTTP connections for remote file transfer. Still no connection.

Moreover, even a ping does not pass!

However, the phone uses the Internet correctly via the WiFi connection. It is also listed in the list of connected devices on the router, although it is not associated with a host name, while other Android devices have host names.

So, how can I get that Android 9 (on Sony Xperia XA2) accepts incoming connections on WiFi / FTP servers? Or is it just perma-disabled in Android 9 and / or in Sony's mod?

seo – Does having a lot of incoming links from websites with low domain reputation will help to increase mine?

I have the opportunity to increase my inbound links from sites such as physician sites, local retail stores and all people with low or no domain reputation. Should I do this or Google would frown? Would it increase mine or decrease it? These are not spammed sites, but they are not known either. Thank you

azure – AKS incoming rules are reset periodically

On AKS, I have a LoadBalancer type service with 2 defined ports, one for general access (and two-way authentication) and one for the other. Exclusive access from a Service Fabric cluster also on Azure. So, to get exclusive access, I changed the incoming rule on virtual machines to only allow access to the SF cluster.
I often see that the rule is reset by default, probably because of a deployment that modifies the AKS service from Azure DevOps (although the LoadBalancer object never changes)

The configuration of LoadBalancer looks like this:

    apiVersion: v1
    kind: Service
    metadata:
      name: myservice-loadbalancer
    spec:
      ports:
      - name: public-port
        port: 1234
        targetPort: public-port
      - name: service-fabric-port
        port: 4321
        targetPort: service-fabric-port
      selector:
        app: myservice
      type: LoadBalancer

One possible solution is to add the allowed IP address to the LoadBalancer object, as recommended here: https://github.com/Azure/AKS/issues/570#issuecomment-413299212, but in my case, this will also limit the public port. .

I can not think of another solution than to split the ports into 2 LoadBalancers, but this is not a clean workaround, because the service is only identical via 2 different ports, I would have two IP addresses . In addition, as mentioned on the link above, changes to incoming rules must be persistent.

Thanks a lot for your help.

How to delete inbound links created without my consent?

Hello friends,

I want to know that How to remove inbound links created without my consent?

Love Marriage Problem Solution India | Solution problem problem husband wife wife | Tantrik Bangali Babaji | Problem of love solution | Vashikaran Mantra For Love | Specialist Vashikaran Baba ji

.