On 06/12/17 16:57, Chris Green wrote:
On Wed, Dec 06, 2017 at 02:09:53PM +0000, Laurie Brown wrote:
Hi all,
Do we have any postfix experts on here? I have a very strange problem I'm struggling to resolve, and I'd appreciate some help.
Well I use postfix and have configured it for basic receiving and sending of mail. I'm also on the postfix users mailing list so can forward questions there too - they've been very straightforward and helpful to me in the past.
Thanks Chris.
I've been using Postfix for years and know my way around it pretty well, but this has me stumped.
Essentially, a particular client who uses one of my SMTP servers to send email (along with many other clients) is having a fatal problem which manifests itself as follows. The mechanism we use is SMTP-AUTH, with a MySQL backend doing the validation, and it has worked well for a very long time. Except for this client, that is, who keeps getting "Relay access denied" errors at seemingly random times. Fail2ban then locks her out of the system. This started on November 27th, out of the blue and continues.
Said client is using Thunderbird on an iMac.
Having looked at the logs, said client is the only person this happens to, and there's one consistent feature which is seriously puzzling me. Here's a log entry (doctored):
Dec 6 07:56:57 mg3 postfix/smtpd[28482]: NOQUEUE: reject: RCPT from host86-141-***-***.range86-141.btcentralplus.com[86.141.***.***]: 554 5.7.1 ****@gmail.com: Relay access denied; from=<***@****.co.uk> to=****@gmail.com proto=ESMTP helo=<[192.168.1.80]>
Note the IP address in that last "helo"; it's a non-public one. Each and every one of the failures has a seemingly-random non-public IP address in it. The IP remains consistent during each "session" but it changes every time a new connection is made.
There is no pattern in the recipients either.
Any ideas? Any suggestions for debugging this?
Cheers, Laurie.