Just post a log snippet for one of the rejected e-mails between code tags.

You may also need to investigate postfix logging. It can be made much more verbose and you can restrict it to one or a few IP's.

the first e-mail arrives a couple of minutes later after They send.

Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log

Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute.
I could not add my log file becuse of I am not allowed to upload txt or .log file

the first e-mail arrives a couple of minutes later after They send.

Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log

Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute.

the first e-mail arrives a couple of minutes later after They send.

Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log

Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute.

the first e-mail arrives a couple of minutes later after They send.

Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log

Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute.

What are your mail logs showing for these e-mails.

Note that postgrey will give at least 5 min delay for the first sender/sender IP/recipient combination it receives unless the sender is whitelisted. It depends how often the sending server waits until it tries sending again after postgrey tells it to wait a bit.

Are the mails still bouncing back mentioning SORBS?

still I could not solve my dnsbl.sorbs.net problem. It is still running
I tested then I saw that some e-mails from yahoo.com or gmail.com have not reached.
I don't understand for example I sent 5 emails from yahoo. I got 4 of 5. after a couple of minutes i tried more 5 emails. 2 of 5 have been reached.
I need to disable sorbs in ClearOS.

In your main.cf you've specified in mynetworks "192.168.2.3, 192.168.2.12, 192.168.2.14". If one of those is a mailserver trying to relay through postfix then it will work as you have "permit_mynetworks" before the "reject_unauth_destination", so the permit takes precedence.

Hi,

Graylisting is running. I have ClearOS 7.x installed with 2 MultiWAN which one of them stays offline because of unresolved problem
I have added lines

"smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"

then restarted postfix service. Good luck for me
but I have mail server in my network. are this settings correct according to my network and servers?

Thank You.

That looks like you've just pinched my smtpd_recipient_restrictions line which you can't do directly. You need to enable the Greylisting app first then make the change. Also you now have an open relay which is a disaster (or may stop postfix from loading?).

If you want to use my line and have ClearOS 7.x, please also add a line:

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

or with ClearOS 6.x or 7.x add reject_unauth_destination before the reject_rbl_client zen.spamhaus.org line. Either one will stop the open relay.

Hi,

Here is the output of postconf -n after I updated main.cf as you mentioned
Note: Graylisting service is running but I did not change default settings of it. I am not sure how it works or It's related to dnsbl.sorbs.net ?

[root@gateway ~]# service postfix reload

Redirecting to /bin/systemctl reload  postfix.service

[root@gateway ~]# postconf -n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

bounce_queue_lifetime = 6h

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

content_filter = mailprefilter

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = ipv4

local_recipient_maps = $alias_maps $virtual_alias_maps

luser_relay =

mail_owner = postfix

mailbox_size_limit = 102400000

mailbox_transport = mailpostfilter

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 51200000

message_strip_characters = \0

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mydomain = aysis.lcl

myhostname = aysis.lcl

mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128, 192.168.2.3, 192.168.2.12, 192.168.2.14

myorigin = $mydomain

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

recipient_delimiter = +

relay_domains = $mydestination, aysis.org, cumhurata.eu, posta.aysis.org, mail.cumhurata.eu, standartkatiatik.com.tr

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $mydomain

smtpd_sasl_security_options = noanonymous

smtpd_tls_cert_file = /etc/postfix/cert.pem

smtpd_tls_key_file = /etc/postfix/key.pem

smtpd_tls_loglevel = 1

smtpd_use_tls = yes

transport_maps = hash:/etc/postfix/transport

unknown_local_recipient_reject_code = 550

virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf

[root@gateway ~]#

It is still in your lower clock of code! Or is that what it was originally? My original one was:

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

I would suggest you generally don't do spam blocking in smtpd_recipient_restrictions as it is black and white. I would leave it to spamassassin where you can give each blocklist a score. Have a look at how Joe Slow did it here, but note the post is old and not all the blocklists work any more. Also, if you look at his main.cf, be wary of some of the restrictions because I have found some of them to be over-tight.

My smtpd_recipient_restrictions read:

smtpd_recipient_restrictions = 	permit_mynetworks,

								permit_sasl_authenticated, 

								reject_non_fqdn_hostname, 

								reject_non_fqdn_sender, 

								reject_non_fqdn_recipient, 

								reject_invalid_hostname, 

								check_policy_service unix:/var/spool/postfix/postgrey/socket, 

								reject_unauth_pipelining, 

								reject_unknown_recipient_domain, 

								reject_rbl_client zen.spamhaus.org

Note I've activated greylisting but I've changed the ordering. I only trust absolutely zen.spamhaus.org. Everything else is left to spamassassin.

After you think you've removed sorbs from main.cf and reloaded postfix, can you give the output to "postconf -n"

Hi,

I have removed sorbs record from my main.cf then restarted the postfix service but nothing is changed.
I still do not know what to do

Orijinal Code

#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client dnsbl.sorbs.net, permit

CHANGED to THIS

smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_invalid_hostname,reject_unauth_pipelining,reject_rbl_client zen.spamhaus.org,reject_rbl_client truncate.gbudb.net,reject_rbl_client dnsbl.njabl.orgreject_rbl_client cbl.abuseat.orgreject_rbl_client bl.spamcop.net,reject_rbl_client dnsbl.sorbs.net,sleep 1,permit

Firstly this was a necro-bump of a thread nearly three years old and a very different subject. Really it would have been better to have started a new thread, so I've split it out.

The attachment is showing you are rejecting the e-mail because the sender was on a blacklist. This is correct. Can I suggest you do a blacklist check? It is up to Google to get the IP delisted.

If you want to open up your server you could change your spam policy not to discard spam.

I am not sure what is causing the SORBS check to happen as I have modified configs. I'll try and hunt it down.