Client host rejected: Access denied

Wed Jun 14 12:08:57 CEST 2017

Hello.

My MTA (Debian Lenny with postfix+amavisd-new+spamassassin+clamav) rejected an SMTP connection from Yahoo:

Jun 13 17:04:01 av7 postfix/smtpd[25250]: NOQUEUE: reject: RCPT from sonic317-25.consmr.mail.ir2.yahoo.com[87.248.110.215]: 554 5.7.1 <sonic317-25.consmr.mail.ir2.yahoo.com[87.248.110.215]>: Client host rejected: Access denied; from=<xxx at yahoo.it> to=<yyy at example.com> proto=ESMTP helo=<sonic317-25.consmr.mail.ir2.yahoo.com>

I can't figure out why. Here my postfix config:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
append_dot_mydomain = no
biff = no
bounce_size_limit = 1
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 31457280
mydestination = xxx.example.com, localhost.example.com, , localhost
myhostname = xxx.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
proxy_read_maps = proxy:mysql:/etc/postfix/mysql-relay-recipients.cf proxy:mysql:/etc/postfix/mysql-relay-domains.cf proxy:mysql:/etc/postfix/mysql-check-sender-access.cf proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf proxy:mysql:/etc/postfix/mysql-check-client-access.cf proxy:unix:passwd.byname proxy:mysql:/etc/postfix/mysql-virtual-transports.cf
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/mysql-relay-domains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-relay-recipients.cf
relayhost =
smtp_host_lookup = native
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 40
smtpd_client_message_rate_limit = 50
smtpd_client_recipient_rate_limit = 250
smtpd_error_sleep_time = 0s
smtpd_hard_error_limit = 10
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031 permit_sasl_authenticated check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unlisted_sender reject_unlisted_recipient reject_unknown_sender_domain reject_invalid_hostname reject_rbl_client psbl.surriel.com, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:2501
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf check_recipient_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf check_recipient_access proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
smtpd_soft_error_limit = 5
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual-transports.cf

As you can see ' smtpd_client_restrictions' is not used.

Could someone explain the reason of the rejection?

Regards,

RS