Weird smtpd behaviour : Client Host rejected : access denied

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
rokoyato
Advanced member
Advanced member
Posts: 86
Joined: Mon Jun 29, 2020 9:12 am

Weird smtpd behaviour : Client Host rejected : access denied

Post by rokoyato »

Hi,

I have a gateway that get "Client host rejected: Access denied" only when a specific server behind this gateway send a mail.

The log NOQUEUE: reject: RCPT from hostname.domain.com[xxx.xxx.xxx.xx]: 554 5.7.1 <hostname.domain.com[xxx.xxx.xxx.xx]>: Client host rejected: Access denied; from=<address@domain.com> to=<otheraddress@domain.com> proto=ESMTP helo=<SRV-SAGE2>

At first I thought about the helo name that is not FQDN compliant, but because I don't have access to thi server I can't change the hostname.

So I setted up an allow list following this https://wiki.zimbra.com/wiki/King0770-N ... ALLOW-HELO

Code: Select all

cat /opt/zimbra/conf/allow_helo
SRV-SAGE2 OK
I've done the postmap and the adding into MtaRestriction :

Code: Select all

zmprov -l gacf zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: check_helo_access lmdb:/opt/zimbra/conf/allow_helo

Code: Select all

postconf | grep ^smtpd_recipient_restrictions
smtpd_recipient_restrictions = check_helo_access lmdb:/opt/zimbra/conf/allow_helo, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
And I restarted the MTA.

But no luck, I still can't send mail from this server... Any other sender (outlook, thunderbird, windows server) can send trought the gateway..

Does anyone have a clue on what i've missed ?

Regards
rokoyato
Advanced member
Advanced member
Posts: 86
Joined: Mon Jun 29, 2020 9:12 am

Re: Weird smtpd behaviour : Client Host rejected : access denied

Post by rokoyato »

So far I tried to remove :
reject_invalid_helo_hostname
reject_non_fqdn_sender

from zimbraMtaRestriction and test it but no luck.

I have some problems with the configd service that might cause the check_helo_access to be ignored I will report back when this is fixed
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Weird smtpd behaviour : Client Host rejected : access denied

Post by phoenix »

As per usual, you're going to have to give a few more details about the problem. First, what ZCS version? Post the full output of the following command:

Code: Select all

su - zimbra
zmcontrol -v
What is the gateway you're relaying through? How, exactly, are you trying to relay through this gateway and how have you configured ZCS to do this?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
rokoyato
Advanced member
Advanced member
Posts: 86
Joined: Mon Jun 29, 2020 9:12 am

Re: Weird smtpd behaviour : Client Host rejected : access denied

Post by rokoyato »

phoenix wrote:As per usual, you're going to have to give a few more details about the problem. First, what ZCS version? Post the full output of the following command:

Code: Select all

su - zimbra
zmcontrol -v
What is the gateway you're relaying through? How, exactly, are you trying to relay through this gateway and how have you configured ZCS to do this?

Hi sorry I was away for a while and could not respond to this topic.

The SRV-SAGE2 server send a mail with a specific app that has an account in the zimbra. It's a classic SMTP connection on port 587 to send the mail that end up blocked.

I was talking about the network gateway from this network, we have multiples server behind it and only SRV-SAGE2 causes problem, and the only difference here is the HELO value.

Release 9.0.0.GA.4178.UBUNTU20.64 UBUNTU20_64 NETWORK edition, Patch 9.0.0_P28

Regards
Post Reply