554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
tema_mogilev
Posts: 2
Joined: Fri Apr 12, 2019 12:20 pm

554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by tema_mogilev »

Hello to all! Please, help me find a solution...
I have a problem with sending mail to external servers, in local network sending good.
Config: Zimbra ZCS 8.8.11 on CentOS 7.

postconf:

Code: Select all

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 3
debug_peer_list = mail.example.com
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = mail.example.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains =
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated,permit_tls_clientcerts,permit_mynetworks,reject_unauth_pipelining
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unlisted_recipient,reject_non_fqdn_recipient
smtpd_relay_restrictions = permit_sasl_authenticated,permit_tls_clientcerts,permit_mynetworks
smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks,permit_tls_clientcerts
unknown_local_recipient_reject_code = 550
[root@mail conf]#
[root@mail conf]#
[root@mail conf]#
[root@mail conf]#
[root@mail conf]# postconfclear^C
[root@mail conf]# ^C
[root@mail conf]# clear
[root@mail conf]# postconf
2bounce_notice_recipient = postmaster
access_map_defer_code = 450
access_map_reject_code = 554
address_verify_cache_cleanup_interval = 12h
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map = btree:$data_directory/verify_cache
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = ${stress?1}${stress:3}
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_sender_ttl = 0s
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_add_missing_headers = no
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
cyrus_sasl_config_path =
daemon_directory = /usr/libexec/postfix
daemon_table_open_error_is_fatal = no
daemon_timeout = 18000s
data_directory = /var/lib/postfix
debug_peer_level = 3
debug_peer_list = mail.example.com
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_filter_nexthop =
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dnsblog_reply_delay = 0s
dnsblog_service_name = dnsblog
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_default_transport_maps_lookup_key = <>
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = <>
enable_long_queue_ids = no
enable_original_recipient = yes
error_delivery_slot_cost = $default_delivery_slot_cost
error_delivery_slot_discount = $default_delivery_slot_discount
error_delivery_slot_loan = $default_delivery_slot_loan
error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
error_destination_concurrency_limit = $default_destination_concurrency_limit
error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
error_destination_rate_delay = $default_destination_rate_delay
error_destination_recipient_limit = $default_destination_recipient_limit
error_extra_recipient_limit = $default_extra_recipient_limit
error_initial_destination_concurrency = $initial_destination_concurrency
error_minimum_delivery_slots = $default_minimum_delivery_slots
error_notice_recipient = postmaster
error_recipient_limit = $default_recipient_limit
error_recipient_refill_delay = $default_recipient_refill_delay
error_recipient_refill_limit = $default_recipient_refill_limit
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = localhost
inet_protocols = all
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_address_preference = any
lmtp_assume_final = no
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_body_checks =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_delivery_slot_cost = $default_delivery_slot_cost
lmtp_delivery_slot_discount = $default_delivery_slot_discount
lmtp_delivery_slot_loan = $default_delivery_slot_loan
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_dns_resolver_options =
lmtp_enforce_tls = no
lmtp_extra_recipient_limit = $default_extra_recipient_limit
lmtp_generic_maps =
lmtp_header_checks =
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 998
lmtp_mail_timeout = 300s
lmtp_mime_header_checks =
lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks =
lmtp_per_record_deadline = no
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps =
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_recipient_limit = $default_recipient_limit
lmtp_recipient_refill_delay = $default_recipient_refill_delay
lmtp_recipient_refill_limit = $default_recipient_refill_limit
lmtp_reply_filter =
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_dummy_mail_auth = no
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_skip_quit_response = no
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_block_early_mail_reply = no
lmtp_tls_cert_file =
lmtp_tls_ciphers = export
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_eccert_file =
lmtp_tls_eckey_file = $lmtp_tls_eccert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = !SSLv2
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_delivery_slot_cost = $default_delivery_slot_cost
local_delivery_slot_discount = $default_delivery_slot_discount
local_delivery_slot_loan = $default_delivery_slot_loan
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_extra_recipient_limit = $default_extra_recipient_limit
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_minimum_delivery_slots = $default_minimum_delivery_slots
local_recipient_limit = $default_recipient_limit
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_recipient_refill_delay = $default_recipient_refill_delay
local_recipient_refill_limit = $default_recipient_refill_limit
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20130622
mail_spool_directory = /var/mail
mail_version = 2.10.1
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
master_service_disable =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10240000
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_header_checks =
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
milter_protocol = 6
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
multi_instance_directories =
multi_instance_enable = no
multi_instance_group =
multi_instance_name =
multi_instance_wrapper =
multi_recipient_bounce_reject_code = 550
mydestination = mail.example.com
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
postmulti_control_commands = reload flush
postmulti_start_commands = start
postmulti_stop_commands = stop abort drain quick-stop
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = ignore
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_upstream_proxy_protocol =
postscreen_upstream_proxy_timeout = 5s
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
postscreen_whitelist_interfaces = static:all
prepend_delivered_header = command, file, forward
process_id = 74105
process_id_directory = pid
process_name = postconf
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
proxymap_service_name = proxymap
proxywrite_service_name = proxywrite
qmgr_clog_warn_time = 300s
qmgr_daemon_timeout = 1000s
qmgr_fudge_factor = 100
qmgr_ipc_timeout = 60s
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
reject_tempfail_action = defer_if_permit
relay_clientcerts =
relay_delivery_slot_cost = $default_delivery_slot_cost
relay_delivery_slot_discount = $default_delivery_slot_discount
relay_delivery_slot_loan = $default_delivery_slot_loan
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains =
relay_domains_reject_code = 554
relay_extra_recipient_limit = $default_extra_recipient_limit
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_minimum_delivery_slots = $default_minimum_delivery_slots
relay_recipient_limit = $default_recipient_limit
relay_recipient_maps =
relay_recipient_refill_delay = $default_recipient_refill_delay
relay_recipient_refill_limit = $default_recipient_refill_limit
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
require_home_directory = no
reset_owner_alias = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
retry_delivery_slot_cost = $default_delivery_slot_cost
retry_delivery_slot_discount = $default_delivery_slot_discount
retry_delivery_slot_loan = $default_delivery_slot_loan
retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
retry_destination_concurrency_limit = $default_destination_concurrency_limit
retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
retry_destination_rate_delay = $default_destination_rate_delay
retry_destination_recipient_limit = $default_destination_recipient_limit
retry_extra_recipient_limit = $default_extra_recipient_limit
retry_initial_destination_concurrency = $initial_destination_concurrency
retry_minimum_delivery_slots = $default_minimum_delivery_slots
retry_recipient_limit = $default_recipient_limit
retry_recipient_refill_delay = $default_recipient_refill_delay
retry_recipient_refill_limit = $default_recipient_refill_limit
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix-2.10.1/samples
send_cyrus_sasl_authzid = no
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_default_transport_maps =
sender_dependent_relayhost_maps =
sendmail_fix_line_endings = always
sendmail_path = /usr/sbin/sendmail.postfix
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_address_preference = any
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_bind_address6 =
smtp_body_checks =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_delivery_slot_cost = $default_delivery_slot_cost
smtp_delivery_slot_discount = $default_delivery_slot_discount
smtp_delivery_slot_loan = $default_delivery_slot_loan
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_dns_resolver_options =
smtp_enforce_tls = no
smtp_extra_recipient_limit = $default_extra_recipient_limit
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_header_checks =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 998
smtp_mail_timeout = 300s
smtp_mime_header_checks =
smtp_minimum_delivery_slots = $default_minimum_delivery_slots
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks =
smtp_never_send_ehlo = no
smtp_per_record_deadline = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps =
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_recipient_limit = $default_recipient_limit
smtp_recipient_refill_delay = $default_recipient_refill_delay
smtp_recipient_refill_limit = $default_recipient_refill_limit
smtp_reply_filter =
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_dummy_mail_auth = no
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_block_early_mail_reply = no
smtp_tls_cert_file =
smtp_tls_ciphers = export
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file =
smtp_tls_eckey_file = $smtp_tls_eccert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = !SSLv2
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_protocols = !SSLv2
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions = permit_sasl_authenticated,permit_tls_clientcerts,permit_mynetworks,reject_unauth_pipelining
smtpd_command_filter =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = ${stress?1}${stress:100}
smtpd_log_access_permit_actions =
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_per_record_deadline = ${stress?yes}${stress:no}
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_options =
smtpd_proxy_timeout = 100s
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unlisted_recipient,reject_non_fqdn_recipient
smtpd_reject_footer =
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_relay_restrictions = permit_sasl_authenticated,permit_tls_clientcerts,permit_mynetworks
smtpd_restriction_classes =
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks,permit_tls_clientcerts
smtpd_service_name = smtpd
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = ${stress?10}${stress:300}s
smtpd_timeout = ${stress?10}${stress:300}s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file =
smtpd_tls_ciphers = export
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_eccert_file =
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers =
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_protocols =
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_upstream_proxy_protocol =
smtpd_upstream_proxy_timeout = 5s
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
stress =
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mailbox_ownership = yes
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
tcp_windowsize = 0
tls_append_default_CA = no
tls_daemon_random_bytes = 32
tls_disable_workarounds =
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_legacy_public_key_fingerprints = no
tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_preempt_cipherlist = no
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
tlsproxy_enforce_tls = $smtpd_enforce_tls
tlsproxy_service_name = tlsproxy
tlsproxy_tls_CAfile = $smtpd_tls_CAfile
tlsproxy_tls_CApath = $smtpd_tls_CApath
tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
tlsproxy_tls_cert_file = $smtpd_tls_cert_file
tlsproxy_tls_ciphers = $smtpd_tls_ciphers
tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
tlsproxy_tls_key_file = $smtpd_tls_key_file
tlsproxy_tls_loglevel = $smtpd_tls_loglevel
tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
tlsproxy_tls_protocols = $smtpd_tls_protocols
tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
tlsproxy_tls_security_level = $smtpd_tls_security_level
tlsproxy_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
tlsproxy_use_tls = $smtpd_use_tls
tlsproxy_watchdog_timeout = 10s
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header =
unknown_address_reject_code = 450
unknown_address_tempfail_action = $reject_tempfail_action
unknown_client_reject_code = 450
unknown_helo_hostname_tempfail_action = $reject_tempfail_action
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 450
unverified_recipient_reject_reason =
unverified_recipient_tempfail_action = $reject_tempfail_action
unverified_sender_defer_code = 450
unverified_sender_reject_code = 450
unverified_sender_reject_reason =
unverified_sender_tempfail_action = $reject_tempfail_action
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_delivery_slot_cost = $default_delivery_slot_cost
virtual_delivery_slot_discount = $default_delivery_slot_discount
virtual_delivery_slot_loan = $default_delivery_slot_loan
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_extra_recipient_limit = $default_extra_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_delivery_slots = $default_minimum_delivery_slots
virtual_minimum_uid = 100
virtual_recipient_limit = $default_recipient_limit
virtual_recipient_refill_delay = $default_recipient_refill_delay
virtual_recipient_refill_limit = $default_recipient_refill_limit
virtual_transport = virtual
virtual_uid_maps =
My zmprov:

Code: Select all

# name mail.example.com
cn: mail.example.com
objectClass: zimbraServer
zimbraActiveSyncEhcacheExpiration: 5m
zimbraActiveSyncEhcacheHeapSize: 10485760
zimbraActiveSyncEhcacheMaxDiskSize: 10737418240
zimbraAdminImapImportNumThreads: 20
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraAdminSieveFeatureVariablesEnabled: TRUE
zimbraAdminURL: /zimbraAdmin
zimbraAmavisDSPAMEnabled: FALSE
zimbraAmavisEnableDKIMVerification: TRUE
zimbraAmavisFinalSpamDestiny: D_DISCARD
zimbraAmavisLogLevel: 1
zimbraAmavisMaxServers: 10
zimbraAmavisOriginatingBypassSA: FALSE
zimbraAmavisSALogLevel: 0
zimbraAntispamExtractionBatchDelay: 100
zimbraAntispamExtractionBatchSize: 25
zimbraAttachmentsIndexedTextLimit: 1048576
zimbraAuthTokenNotificationInterval: 60000
zimbraAutoProvPollingInterval: 15m
zimbraBackupAutoGroupedInterval: 1d
zimbraBackupAutoGroupedNumGroups: 7
zimbraBackupAutoGroupedThrottled: FALSE
zimbraBackupMinFreeSpace: 0
zimbraBackupMode: Standard
zimbraBackupReportEmailSubjectPrefix: ZCS Backup Report
zimbraBackupSkipBlobs: FALSE
zimbraBackupSkipHsmBlobs: FALSE
zimbraBackupSkipSearchIndex: FALSE
zimbraBackupTarget: /opt/zimbra/backup
zimbraCBPolicydAccessControlEnabled: FALSE
zimbraCBPolicydAccountingEnabled: FALSE
zimbraCBPolicydAmavisEnabled: FALSE
zimbraCBPolicydBindPort: 10031
zimbraCBPolicydBypassMode: tempfail
zimbraCBPolicydBypassTimeout: 30
zimbraCBPolicydCheckHeloEnabled: FALSE
zimbraCBPolicydCheckSPFEnabled: FALSE
zimbraCBPolicydGreylistingBlacklistMsg: Greylisting in effect, sending server blacklisted
zimbraCBPolicydGreylistingDeferMsg: Greylisting in effect, please come back later
zimbraCBPolicydGreylistingEnabled: FALSE
zimbraCBPolicydGreylistingTrainingEnabled: FALSE
zimbraCBPolicydLogLevel: 3
zimbraCBPolicydMaxRequests: 1000
zimbraCBPolicydMaxServers: 25
zimbraCBPolicydMaxSpareServers: 12
zimbraCBPolicydMinServers: 4
zimbraCBPolicydMinSpareServers: 4
zimbraCBPolicydQuotasEnabled: TRUE
zimbraCBPolicydTimeoutBusy: 120
zimbraCBPolicydTimeoutIdle: 1020
zimbraCalendarCalDavClearTextPasswordEnabled: TRUE
zimbraCalendarCalDavDefaultCalendarId: 10
zimbraCalendarRecurrenceDailyMaxDays: 730
zimbraCalendarRecurrenceMaxInstances: 0
zimbraCalendarRecurrenceMonthlyMaxMonths: 360
zimbraCalendarRecurrenceOtherFrequencyMaxYears: 1
zimbraCalendarRecurrenceWeeklyMaxWeeks: 520
zimbraCalendarRecurrenceYearlyMaxYears: 100
zimbraChatAllowUnencryptedPassword: FALSE
zimbraChatServiceEnabled: TRUE
zimbraChatXmppPort: 5222
zimbraChatXmppSslPort: 5223
zimbraChatXmppSslPortEnabled: FALSE
zimbraClamAVBindAddress: mail.example.com
zimbraClamAVDatabaseMirror: db.us.clamav.net
zimbraClamAVListenPort: 3310
zimbraClamAVMaxThreads: 10
zimbraClamAVSafeBrowsing: no
zimbraClusterType: none
zimbraConfiguredServerIDForBlobDirEnabled: FALSE
zimbraContactHiddenAttributes: dn,vcardUID,vcardURL,vcardXProps,member
zimbraContactRankingTableRefreshInterval: 7d
zimbraContactSearchDecomposition: 2
zimbraConvertPoolTimeout: 60000
zimbraCreateTimestamp: 20190311032232Z
zimbraDNSTCPUpstream: no
zimbraDNSUseTCP: yes
zimbraDNSUseUDP: yes
zimbraDatabaseSlowSqlThreshold: 2s
zimbraEmptyFolderOpTimeout: 3
zimbraExtensionBindPort: 7072
zimbraExternalAccountStatusCheckInterval: 1d
zimbraFeatureContactBackupFrequency: 0
zimbraFeatureContactBackupLifeTime: 15d
zimbraFileUploadMaxSize: 30720000
zimbraFreebusyPropagationRetryInterval: 1m
zimbraHsmAge: 30d
zimbraHsmBatchSize: 10000
zimbraHsmMovePreviousRevisions: FALSE
zimbraHsmPolicy: message,document:before:-30days
zimbraHttpCompressionEnabled: TRUE
zimbraHttpConnectorMaxIdleTimeMillis: 60000
zimbraHttpContextPathBasedThreadPoolBalancingFilterRules: /service:max=80%
zimbraHttpContextPathBasedThreadPoolBalancingFilterRules: /zimbra:max=15%
zimbraHttpContextPathBasedThreadPoolBalancingFilterRules: /zimbraAdmin:max=5%
zimbraHttpDebugHandlerEnabled: TRUE
zimbraHttpDosFilterDelayMillis: -1
zimbraHttpDosFilterMaxRequestsPerSec: 100
zimbraHttpHeaderCacheSize: 512
zimbraHttpMaxFormContentSize: 200000
zimbraHttpNumThreads: 250
zimbraHttpOutputBufferSize: 32768
zimbraHttpRequestHeaderSize: 8192
zimbraHttpResponseHeaderSize: 8192
zimbraHttpSSLNumThreads: 50
zimbraHttpThreadPoolMaxIdleTimeMillis: 10000
zimbraIPMode: ipv4
zimbraImapActiveSessionEhcacheMaxDiskSize: 107374182400
zimbraImapBindOnStartup: TRUE
zimbraImapBindPort: 143
zimbraImapCleartextLoginEnabled: TRUE
zimbraImapDisplayMailFoldersOnly: TRUE
zimbraImapExposeVersionOnBanner: FALSE
zimbraImapInactiveSessionCacheMaxDiskSize: 10737418240
zimbraImapInactiveSessionEhcacheMaxDiskSize: 107374182400
zimbraImapInactiveSessionEhcacheSize: 1048576
zimbraImapLoadBalancingAlgorithm: AccountIdHash
zimbraImapMaxConnections: 200
zimbraImapMaxRequestSize: 10240
zimbraImapNumThreads: 200
zimbraImapProxyBindPort: 0
zimbraImapSSLBindOnStartup: TRUE
zimbraImapSSLBindPort: 993
zimbraImapSSLProxyBindPort: 0
zimbraImapSSLServerEnabled: FALSE
zimbraImapSaslGssapiEnabled: FALSE
zimbraImapServerEnabled: TRUE
zimbraImapShutdownGraceSeconds: 10
zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating: 15
zimbraInvalidLoginFilterMaxFailedLogin: 10
zimbraInvalidLoginFilterMaxSizeOfFailedIpDb: 7000
zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin: 5
zimbraItemActionBatchSize: 1000
zimbraLastPurgeMaxDuration: 30d
zimbraLdapGentimeFractionalSecondsEnabled: TRUE
zimbraLmtpBindOnStartup: FALSE
zimbraLmtpBindPort: 7025
zimbraLmtpExposeVersionOnBanner: FALSE
zimbraLmtpLHLORequired: TRUE
zimbraLmtpNumThreads: 20
zimbraLmtpPermanentFailureWhenOverQuota: FALSE
zimbraLmtpServerEnabled: TRUE
zimbraLmtpShutdownGraceSeconds: 10
zimbraLogToSyslog: FALSE
zimbraLowestSupportedAuthVersion: 2
zimbraMailClearTextPasswordEnabled: TRUE
zimbraMailContentMaxSize: 10240000
zimbraMailDiskStreamingThreshold: 1048576
zimbraMailEmptyFolderBatchSize: 1000
zimbraMailEmptyFolderBatchThreshold: 100000
zimbraMailFileDescriptorBufferSize: 4096
zimbraMailFileDescriptorCacheSize: 1000
zimbraMailKeepOutWebCrawlers: FALSE
zimbraMailLocalBind: FALSE
zimbraMailMode: mixed
zimbraMailPort: 80
zimbraMailProxyMaxFails: 10
zimbraMailProxyPort: 0
zimbraMailProxyReconnectTimeout: 125
zimbraMailPurgeBatchSize: 1000
zimbraMailPurgeSleepInterval: 1m
zimbraMailRedirectSetEnvelopeSender: TRUE
zimbraMailReferMode: reverse-proxied
zimbraMailSSLClientCertMode: Disabled
zimbraMailSSLClientCertOCSPEnabled: TRUE
zimbraMailSSLClientCertPort: 9443
zimbraMailSSLPort: 443
zimbraMailSSLProxyClientCertPort: 3443
zimbraMailSSLProxyPort: 0
zimbraMailURL: /
zimbraMailUncompressedCacheMaxBytes: 1073741824
zimbraMailUncompressedCacheMaxFiles: 5000
zimbraMailUseDirectBuffers: FALSE
zimbraMailboxMoveFailedCleanupTaskInterval: 20m
zimbraMailboxMoveSkipBlobs: FALSE
zimbraMailboxMoveSkipHsmBlobs: FALSE
zimbraMailboxMoveSkipSearchIndex: FALSE
zimbraMailboxMoveTempDir: /opt/zimbra/backup/tmp/mboxmove
zimbraMailboxThrottleReapInterval: 60s
zimbraMailboxdSSLProtocols: SSLv2Hello
zimbraMailboxdSSLProtocols: TLSv1
zimbraMailboxdSSLProtocols: TLSv1.1
zimbraMailboxdSSLProtocols: TLSv1.2
zimbraMailboxdSSLRenegotiationAllowed: TRUE
zimbraMemcachedBindPort: 11211
zimbraMemcachedClientBinaryProtocolEnabled: FALSE
zimbraMemcachedClientExpirySeconds: 86400
zimbraMemcachedClientHashAlgorithm: KETAMA_HASH
zimbraMemcachedClientTimeoutMillis: 10000
zimbraMessageCacheSize: 2000
zimbraMessageChannelEnabled: FALSE
zimbraMessageChannelPort: 7285
zimbraMilterBindPort: 7026
zimbraMilterMaxConnections: 20000
zimbraMilterNumThreads: 100
zimbraMilterServerEnabled: FALSE
zimbraMobileMaxMessageSize: 10240000
zimbraMobileMetadataRetentionPolicy: 180:30:1
zimbraMtaAddressVerifyNegativeRefreshTime: 10m
zimbraMtaAddressVerifyPollCount: ${stress?3}${stress:5}
zimbraMtaAddressVerifyPollDelay: 3s
zimbraMtaAddressVerifyPositiveRefreshTime: 12h
zimbraMtaAliasMaps: lmdb:/etc/aliases
zimbraMtaAlwaysAddMissingHeaders: yes
zimbraMtaAntiSpamLockMethod: flock
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mail.example.com
zimbraMtaAuthPort: 7073
zimbraMtaAuthTarget: TRUE
zimbraMtaBounceNoticeRecipient: postmaster
zimbraMtaBounceQueueLifetime: 5d
zimbraMtaBrokenSaslAuthClients: yes
zimbraMtaCanonicalMaps: proxy:ldap:/opt/zimbra/conf/ldap-canonical.cf
zimbraMtaCommandDirectory: /opt/zimbra/common/sbin
zimbraMtaDaemonDirectory: /opt/zimbra/common/libexec
zimbraMtaDefaultProcessLimit: 100
zimbraMtaDelayWarningTime: 0h
zimbraMtaDnsLookupsEnabled: TRUE
zimbraMtaEnableSmtpdPolicyd: FALSE
zimbraMtaHeaderChecks: pcre:/opt/zimbra/conf/postfix_header_checks
zimbraMtaHopcountLimit: 50
zimbraMtaInFlowDelay: 1s
zimbraMtaLmdbMapSize: 16777216
zimbraMtaLmtpConnectionCacheTimeLimit: 4s
zimbraMtaLmtpHostLookup: dns
zimbraMtaLmtpTlsCiphers: export
zimbraMtaLmtpTlsLoglevel: 0
zimbraMtaLmtpTlsMandatoryCiphers: medium
zimbraMtaLmtpTlsMandatoryProtocols: !SSLv2, !SSLv3
zimbraMtaLmtpTlsProtocols: !SSLv2, !SSLv3
zimbraMtaLmtpTlsSecurityLevel: may
zimbraMtaMailqPath: /opt/zimbra/common/sbin/mailq
zimbraMtaManpageDirectory: /opt/zimbra/common/share/man
zimbraMtaMaxUse: 100
zimbraMtaMaximalBackoffTime: 4000s
zimbraMtaMaximalQueueLifetime: 5d
zimbraMtaMilterCommandTimeout: 30s
zimbraMtaMilterConnectTimeout: 30s
zimbraMtaMilterContentTimeout: 300s
zimbraMtaMilterDefaultAction: tempfail
zimbraMtaMinimalBackoffTime: 300s
zimbraMtaMyDestination: mail.example.com
zimbraMtaMyNetworks: 127.0.0.0/8
zimbraMtaNewaliasesPath: /opt/zimbra/common/sbin/newaliases
zimbraMtaNotifyClasses: resource
zimbraMtaNotifyClasses: software
zimbraMtaPolicyTimeLimit: 3600
zimbraMtaPostscreenAccessList: permit_mynetworks
zimbraMtaPostscreenBareNewlineAction: ignore
zimbraMtaPostscreenBareNewlineEnable: no
zimbraMtaPostscreenBareNewlineTTL: 30d
zimbraMtaPostscreenBlacklistAction: ignore
zimbraMtaPostscreenCacheCleanupInterval: 12h
zimbraMtaPostscreenCacheRetentionTime: 7d
zimbraMtaPostscreenCommandCountLimit: 20
zimbraMtaPostscreenDnsblAction: ignore
zimbraMtaPostscreenDnsblMaxTTL: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
zimbraMtaPostscreenDnsblMinTTL: 60s
zimbraMtaPostscreenDnsblTTL: 1h
zimbraMtaPostscreenDnsblThreshold: 1
zimbraMtaPostscreenDnsblTimeout: 10s
zimbraMtaPostscreenDnsblWhitelistThreshold: 0
zimbraMtaPostscreenGreetAction: ignore
zimbraMtaPostscreenGreetTTL: 1d
zimbraMtaPostscreenNonSmtpCommandAction: drop
zimbraMtaPostscreenNonSmtpCommandEnable: no
zimbraMtaPostscreenNonSmtpCommandTTL: 30d
zimbraMtaPostscreenPipeliningAction: enforce
zimbraMtaPostscreenPipeliningEnable: no
zimbraMtaPostscreenPipeliningTTL: 30d
zimbraMtaPostscreenWatchdogTimeout: 10s
zimbraMtaPostscreenWhitelistInterfaces: static:all
zimbraMtaPropagateUnmatchedExtensions: canonical
zimbraMtaQueueDirectory: /opt/zimbra/data/postfix/spool
zimbraMtaQueueRunDelay: 300s
zimbraMtaRelayHost: mail.example.com:587
zimbraMtaRestriction: permit_sasl_authenticated,permit_mynetworks,reject_invalid_helo_hostname,reject_non_fqdn_sender,reject_unlisted_recipient
zimbraMtaSaslAuthEnable: yes
zimbraMtaSaslSmtpdMechList: LOGIN
zimbraMtaSaslSmtpdMechList: PLAIN
zimbraMtaSendmailPath: /opt/zimbra/common/sbin/sendmail
zimbraMtaSmtpCnameOverridesServername: no
zimbraMtaSmtpDnsSupportLevel: enabled
zimbraMtaSmtpHeloName: $myhostname
zimbraMtaSmtpSaslAuthEnable: no
zimbraMtaSmtpSaslPasswordMaps: lmdb:/opt/zimbra/conf/relay_password
zimbraMtaSmtpSaslSecurityOptions: noanonymous
zimbraMtaSmtpTlsCiphers: export
zimbraMtaSmtpTlsDaneInsecureMXPolicy: dane
zimbraMtaSmtpTlsLoglevel: 0
zimbraMtaSmtpTlsMandatoryCiphers: medium
zimbraMtaSmtpTlsMandatoryProtocols: !SSLv2, !SSLv3
zimbraMtaSmtpTlsProtocols: !SSLv2, !SSLv3
zimbraMtaSmtpTlsSecurityLevel: may
zimbraMtaSmtpTransportRateDelay: $default_transport_rate_delay
zimbraMtaSmtpdBanner: $myhostname ESMTP $mail_name
zimbraMtaSmtpdClientAuthRateLimit: 0
zimbraMtaSmtpdClientPortLogging: no
zimbraMtaSmtpdClientRestrictions: permit_sasl_authenticated,permit_mynetworks,reject
zimbraMtaSmtpdDataRestrictions: reject_unauth_pipelining
zimbraMtaSmtpdErrorSleepTime: 1s
zimbraMtaSmtpdHardErrorLimit: 20
zimbraMtaSmtpdHeloRequired: yes
zimbraMtaSmtpdProxyTimeout: 100s
zimbraMtaSmtpdRejectUnlistedRecipient: yes
zimbraMtaSmtpdRejectUnlistedSender: yes
zimbraMtaSmtpdSaslAuthenticatedHeader: no
zimbraMtaSmtpdSaslSecurityOptions: noanonymous
zimbraMtaSmtpdSaslTlsSecurityOptions: $smtpd_sasl_security_options
zimbraMtaSmtpdSenderLoginMaps: proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
zimbraMtaSmtpdSenderRestrictions: permit_mynetworks,permit_sasl_authenticated,permit_tls_clientcerts
zimbraMtaSmtpdSoftErrorLimit: 10
zimbraMtaSmtpdTlsAskCcert: no
zimbraMtaSmtpdTlsCcertVerifydepth: 9
zimbraMtaSmtpdTlsCiphers: export
zimbraMtaSmtpdTlsLoglevel: 1
zimbraMtaSmtpdTlsMandatoryCiphers: medium
zimbraMtaSmtpdTlsMandatoryProtocols: !SSLv2, !SSLv3
zimbraMtaSmtpdTlsProtocols: !SSLv2, !SSLv3
zimbraMtaSmtpdTlsReceivedHeader: no
zimbraMtaSmtpdVirtualTransport: error
zimbraMtaStpdSoftErrorLimit: 10
zimbraMtaTlsAppendDefaultCA: no
zimbraMtaTlsAuthOnly: FALSE
zimbraMtaTlsSecurityLevel: may
zimbraMtaTransportMaps: ldap:/opt/zimbra/conf/ldap-transport.cf
zimbraMtaUnverifiedRecipientDeferCode: 250
zimbraMtaVirtualAliasDomains: proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
zimbraMtaVirtualAliasExpansionLimit: 10000
zimbraMtaVirtualAliasMaps: proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
zimbraMtaVirtualMailboxDomains: proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
zimbraMtaVirtualMailboxMaps: proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
zimbraNetworkAdminEnabled: TRUE
zimbraNetworkAdminNGEnabled: FALSE
zimbraNetworkMobileNGEnabled: FALSE
zimbraNetworkModulesNGEnabled: FALSE
zimbraNotebookFolderCacheSize: 1024
zimbraNotebookMaxCachedTemplatesPerFolder: 256
zimbraNotebookPageCacheSize: 10240
zimbraNotifyBindPort: 7035
zimbraNotifySSLBindPort: 7036
zimbraNotifySSLServerEnabled: TRUE
zimbraNotifyServerEnabled: TRUE
zimbraOpenImapFolderRequestChunkSize: 1000
zimbraOpenidConsumerStatelessModeEnabled: TRUE
zimbraPop3BindOnStartup: TRUE
zimbraPop3BindPort: 110
zimbraPop3CleartextLoginEnabled: TRUE
zimbraPop3ExposeVersionOnBanner: FALSE
zimbraPop3MaxConnections: 200
zimbraPop3NumThreads: 100
zimbraPop3ProxyBindPort: 0
zimbraPop3SSLBindOnStartup: TRUE
zimbraPop3SSLBindPort: 995
zimbraPop3SSLProxyBindPort: 0
zimbraPop3SSLServerEnabled: FALSE
zimbraPop3SaslGssapiEnabled: FALSE
zimbraPop3ServerEnabled: TRUE
zimbraPop3ShutdownGraceSeconds: 10
zimbraPrevFoldersToTrackMax: 10
zimbraRedoLogArchiveDir: redolog/archive
zimbraRedoLogCrashRecoveryLookbackSec: 10
zimbraRedoLogDeleteOnRollover: TRUE
zimbraRedoLogEnabled: TRUE
zimbraRedoLogFsyncIntervalMS: 10
zimbraRedoLogLogPath: redolog/redo.log
zimbraRedoLogRolloverFileSizeKB: 1048576
zimbraRedoLogRolloverHardMaxFileSizeKB: 4194304
zimbraRedoLogRolloverMinFileAge: 60
zimbraRemoteImapBindPort: 8143
zimbraRemoteImapSSLBindPort: 8993
zimbraRemoteImapSSLServerEnabled: FALSE
zimbraRemoteImapServerEnabled: FALSE
zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
zimbraRemoteManagementPort: 22
zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
zimbraRemoteManagementUser: zimbra
zimbraReverseProxyAcceptMutex: on
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyAvailableLookupTargets: mail.example.com
zimbraReverseProxyClientCertMode: off
zimbraReverseProxyConnectTimeout: 120000ms
zimbraReverseProxyDnsLookupInServerEnabled: TRUE
zimbraReverseProxyExactServerVersionCheck: on
zimbraReverseProxyGenConfigPerVirtualHostname: TRUE
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyIPThrottleWhitelistTime: 300s
zimbraReverseProxyImapEnabledCapability: ACL
zimbraReverseProxyImapEnabledCapability: BINARY
zimbraReverseProxyImapEnabledCapability: CATENATE
zimbraReverseProxyImapEnabledCapability: CHILDREN
zimbraReverseProxyImapEnabledCapability: CONDSTORE
zimbraReverseProxyImapEnabledCapability: ENABLE
zimbraReverseProxyImapEnabledCapability: ESEARCH
zimbraReverseProxyImapEnabledCapability: ESORT
zimbraReverseProxyImapEnabledCapability: I18NLEVEL=1
zimbraReverseProxyImapEnabledCapability: ID
zimbraReverseProxyImapEnabledCapability: IDLE
zimbraReverseProxyImapEnabledCapability: IMAP4rev1
zimbraReverseProxyImapEnabledCapability: LIST-EXTENDED
zimbraReverseProxyImapEnabledCapability: LIST-STATUS
zimbraReverseProxyImapEnabledCapability: LITERAL+
zimbraReverseProxyImapEnabledCapability: MULTIAPPEND
zimbraReverseProxyImapEnabledCapability: NAMESPACE
zimbraReverseProxyImapEnabledCapability: QRESYNC
zimbraReverseProxyImapEnabledCapability: QUOTA
zimbraReverseProxyImapEnabledCapability: RIGHTS=ektx
zimbraReverseProxyImapEnabledCapability: SASL-IR
zimbraReverseProxyImapEnabledCapability: SEARCHRES
zimbraReverseProxyImapEnabledCapability: SORT
zimbraReverseProxyImapEnabledCapability: THREAD=ORDEREDSUBJECT
zimbraReverseProxyImapEnabledCapability: UIDPLUS
zimbraReverseProxyImapEnabledCapability: UNSELECT
zimbraReverseProxyImapEnabledCapability: WITHIN
zimbraReverseProxyImapEnabledCapability: XLIST
zimbraReverseProxyImapExposeVersionOnBanner: FALSE
zimbraReverseProxyImapSaslGssapiEnabled: FALSE
zimbraReverseProxyImapSaslPlainEnabled: TRUE
zimbraReverseProxyImapStartTlsMode: only
zimbraReverseProxyInactivityTimeout: 1h
zimbraReverseProxyLogLevel: info
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailImapEnabled: TRUE
zimbraReverseProxyMailImapsEnabled: TRUE
zimbraReverseProxyMailMode: both
zimbraReverseProxyMailPop3Enabled: TRUE
zimbraReverseProxyMailPop3sEnabled: TRUE
zimbraReverseProxyPassErrors: TRUE
zimbraReverseProxyPop3EnabledCapability: EXPIRE 31 USER
zimbraReverseProxyPop3EnabledCapability: TOP
zimbraReverseProxyPop3EnabledCapability: UIDL
zimbraReverseProxyPop3EnabledCapability: USER
zimbraReverseProxyPop3EnabledCapability: XOIP
zimbraReverseProxyPop3ExposeVersionOnBanner: FALSE
zimbraReverseProxyPop3SaslGssapiEnabled: FALSE
zimbraReverseProxyPop3SaslPlainEnabled: TRUE
zimbraReverseProxyPop3StartTlsMode: only
zimbraReverseProxyRouteLookupTimeout: 15s
zimbraReverseProxyRouteLookupTimeoutCache: 60s
zimbraReverseProxySNIEnabled: FALSE
zimbraReverseProxySSLProtocols: TLSv1
zimbraReverseProxySSLProtocols: TLSv1.1
zimbraReverseProxySSLProtocols: TLSv1.2
zimbraReverseProxySSLSessionCacheSize: 10m
zimbraReverseProxySSLSessionTimeout: 10m
zimbraReverseProxySSLToUpstreamEnabled: TRUE
zimbraReverseProxyStrictServerNameEnabled: FALSE
zimbraReverseProxyUpstreamConnectTimeout: 25
zimbraReverseProxyUpstreamFairShmSize: 32
zimbraReverseProxyUpstreamLoginServers: mail.example.com
zimbraReverseProxyUpstreamPollingTimeout: 1h
zimbraReverseProxyUpstreamReadTimeout: 60s
zimbraReverseProxyUpstreamSendTimeout: 60s
zimbraReverseProxyWorkerConnections: 10240
zimbraReverseProxyWorkerProcesses: 4
zimbraReverseProxyXmppBoshEnabled: FALSE
zimbraReverseProxyXmppBoshLocalHttpBindURL: /http-bind
zimbraReverseProxyXmppBoshSSL: FALSE
zimbraReverseProxyXmppBoshTimeout: 90s
zimbraReverseProxyZmlookupCachingEnabled: TRUE
zimbraSSLExcludeCipherSuites: .*_RC4_.*
zimbraSSLPrivateKey: VALUE-BLOCKED
zimbraSaslGssapiRequiresTls: FALSE
zimbraScheduledTaskNumThreads: 20
zimbraServerVersion: 8.8.11_GA_3737
zimbraServerVersionBuild: 3737
zimbraServerVersionMajor: 8
zimbraServerVersionMicro: 11
zimbraServerVersionMinor: 8
zimbraServerVersionType: GA
zimbraServiceEnabled: amavis
zimbraServiceEnabled: antivirus
zimbraServiceEnabled: antispam
zimbraServiceEnabled: opendkim
zimbraServiceEnabled: logger
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: mta
zimbraServiceEnabled: dnscache
zimbraServiceEnabled: stats
zimbraServiceEnabled: snmp
zimbraServiceEnabled: spell
zimbraServiceEnabled: ldap
zimbraServiceEnabled: zimbra
zimbraServiceEnabled: zimbraAdmin
zimbraServiceEnabled: service
zimbraServiceEnabled: zimlet
zimbraServiceHostname: mail.example.com
zimbraServiceInstalled: amavis
zimbraServiceInstalled: antivirus
zimbraServiceInstalled: antispam
zimbraServiceInstalled: opendkim
zimbraServiceInstalled: logger
zimbraServiceInstalled: mailbox
zimbraServiceInstalled: memcached
zimbraServiceInstalled: mta
zimbraServiceInstalled: dnscache
zimbraServiceInstalled: stats
zimbraServiceInstalled: proxy
zimbraServiceInstalled: snmp
zimbraServiceInstalled: spell
zimbraServiceInstalled: ldap
zimbraShareNotificationMtaAuthRequired: FALSE
zimbraShareNotificationMtaConnectionType: CLEARTEXT
zimbraShareNotificationMtaEnabled: FALSE
zimbraSharingUpdatePublishInterval: 15m
zimbraShortTermAllEffectiveRightsCacheExpiration: 50s
zimbraShortTermAllEffectiveRightsCacheSize: 128
zimbraShortTermGranteeCacheExpiration: 50s
zimbraShortTermGranteeCacheSize: 128
zimbraSieveFeatureVariablesEnabled: FALSE
zimbraSieveRejectEnabled: TRUE
zimbraSmimeOCSPEnabled: TRUE
zimbraSmtpHostname: mail.example.com
zimbraSmtpPort: 25
zimbraSmtpSendPartial: FALSE
zimbraSmtpTimeout: 60
zimbraSoapExposeVersion: FALSE
zimbraSoapRequestMaxSize: 15360000
zimbraSpellAvailableDictionary: en_US
zimbraSpellCheckURL: http://mail.example.com:7780/aspell.php
zimbraStatThreadNamePrefix: AnonymousIoService
zimbraStatThreadNamePrefix: CloudRoutingReaderThread
zimbraStatThreadNamePrefix: GC
zimbraStatThreadNamePrefix: ImapSSLServer
zimbraStatThreadNamePrefix: ImapServer
zimbraStatThreadNamePrefix: LmtpServer
zimbraStatThreadNamePrefix: Pop3SSLServer
zimbraStatThreadNamePrefix: Pop3Server
zimbraStatThreadNamePrefix: ScheduledTask
zimbraStatThreadNamePrefix: SocketAcceptor
zimbraStatThreadNamePrefix: Thread
zimbraStatThreadNamePrefix: Timer
zimbraStatThreadNamePrefix: btpool
zimbraStatThreadNamePrefix: pool
zimbraStatThreadNamePrefix: qtp
zimbraTableMaintenanceGrowthFactor: 10
zimbraTableMaintenanceMaxRows: 1000000
zimbraTableMaintenanceMinRows: 10000
zimbraTableMaintenanceOperation: ANALYZE
zimbraThreadMonitorEnabled: FALSE
zimbraVirusDefinitionsUpdateFrequency: 2h
zimbraWebGzipEnabled: TRUE
zimbraXMPPEnabled: TRUE
zimbraZimletJspEnabled: FALSE
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by phoenix »

I'm not going to trawl through the configuration file so what changes have you made to Zimbra? Has this problem just started, is your ZCS install a new one or upgraded? Do you have valid external DNS record s for your domain and mail server? Did you search for this problem, if not see here: https://www.startpage.com/do/dsearch?qu ... ge=english
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
tema_mogilev
Posts: 2
Joined: Fri Apr 12, 2019 12:20 pm

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by tema_mogilev »

phoenix wrote:I'm not going to trawl through the configuration file so what changes have you made to Zimbra? Has this problem just started, is your ZCS install a new one or upgraded? Do you have valid external DNS record s for your domain and mail server? Did you search for this problem, if not see here: https://www.startpage.com/do/dsearch?qu ... ge=english
I specifically changed the domain name there, please don't pay attention to it.
No problems with the DNS 100%, it's in the Zimbra settings problem.
And yes, I'm trying to search this problem, no one solution helped me.
nuc_infra
Posts: 11
Joined: Thu Apr 22, 2021 6:43 am

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by nuc_infra »

I am also finding this error. Is there any solution?

This is the mail system at host nucsoft.in.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<xx@xxx.com>: host xx.xxx.in[xx.xx.xx.xx] said: 554 5.7.1
<xx.xx[xx.xx.xx.xx]>: Client host rejected: Access denied (in reply
to RCPT TO command)
nuc_infra
Posts: 11
Joined: Thu Apr 22, 2021 6:43 am

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by nuc_infra »

Team, please help:

I am facing below error, while sending email from zimbra email server to O365 Email domain

-----------------------------------------
This is the mail system at host xxx.in.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<my@emailid.com>: host
TO email domain-com.mail.protection.outlook.com[104.47.101.36] said: 550 5.7.511
Access denied, banned sender[xx.xx.xx.xx]. To request removal from this
list please forward this message to delist@messaging.microsoft.com. For
more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[BO1IND01FT007.eop-IND01.prod.protection.outlook.com] (in reply to RCPT TO
command)
nuc_infra
Posts: 11
Joined: Thu Apr 22, 2021 6:43 am

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by nuc_infra »

Microsoft has confirmed that they have no restrictions from their end. However, they found that IP has been delisted. Need urgent help to fix this please. My number is +917208091284
User avatar
ianw1974
Outstanding Member
Outstanding Member
Posts: 229
Joined: Sat Sep 13, 2014 12:45 am
Location: UK and Poland
Contact:

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by ianw1974 »

Unfortunately the error message shows that Microsoft's servers blocked it. This isn't a Zimbra problem but Microsoft problem. The mail was sent, they didn't accept it. If you still have problems sending to people using Office 365 and being blocked, then you need to contact Microsoft until the problem is resolved.
Archer
Posts: 2
Joined: Mon Mar 08, 2021 11:20 pm

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by Archer »

I'm seeing the same thing from MS servers this week. Same 5.7.1 banned message, and NOTHING has changed on my server.

I use Linode as my hosting provider, have for some time, paid for the ridiculous spamhaus delist, but all of a sudden I'm back on MS blacklist.

Pass 100% on mxtoolbox blacklist lookup.

Is this a Zimbra header thing?
User avatar
ianw1974
Outstanding Member
Outstanding Member
Posts: 229
Joined: Sat Sep 13, 2014 12:45 am
Location: UK and Poland
Contact:

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by ianw1974 »

Rather IP than headers. I couldn't send to my sister's hotmail address from my server, and Microsoft wouldn't even unblock it. If you don't own the IP they won't do it. I tried to get OVH to take responsibility for their subnet, because it was the entire subnet that was blocked and not my IP but they wouldn't do anything about it. They said you have to request delisting from Microsoft of which I had already attempted to do. This is in addition to the fact that I also have DKIM, DMARC, SPF configured to prove authenticity of emails which should effectively reduce your chances of being blocked. But when it comes to IP level, unless your server has been spamming, then the problem is the subnet and the ISP needs to take responsibility for it.

Unfortunately you can go round in circles with this. Linode are very good, I have used them for over 8 years and never had IP problems like this with them. You need to look at the exact error message, to find out where it is coming from. Microsoft have separate delisting pages for Office 365 than they do for hotmail or their outlook.com equivalent. Delisting from Office 365 pretty much always works, just impossible to get off the blocklist from the hotmail/free email side without the ISP cleaning up their network and not allowing people to spam like OVH do.
nuc_infra
Posts: 11
Joined: Thu Apr 22, 2021 6:43 am

Re: 554 5.7.1 Client host rejected: Access denied (in reply to RCPT TO command))

Post by nuc_infra »

Dear Team,

Thank you. After coordinating with Microsoft finally I got a fix today. They have delisted the domain from their backend. It took 10 working days. Now all my clients who are on O365 are able to send or receive emails. However, I am still facing issue in sending my internal O365 email domain.

Getting below new NDR:------------------------------------------

This is the mail system at host domain.in.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The mail system

<xyz@domain.com>: xyzdomain.com


Error: ----------------------------------------------------------------------------------

Reporting-MTA: dns; domain.in
X-Postfix-Queue-ID: 631E6158A67
X-Postfix-Sender: rfc822; xyz@domain.in
Arrival-Date: Tue, 4 Jan 2022 08:11:34 +0000 (UTC)

Final-Recipient: rfc822; xyz@domain.com
Original-Recipient: rfc822;xyz@domain.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; domain.com


Can anyone help please...
Post Reply