Error al recibir correo externo 451 4.3.5 Client host rejected: Server configuration error Zimbra 8.8.15

[Francisco Martinez]

Hola tengo un problema al recibir correos de dominios externos hacia mi dominio en Zimbra, tengo la versión 8.8.15 Open Source. Puedo enviar y recibir correos internos (locales), puedo enviar correos a dominios externos pero no puedo recibir. En el ejemplo son pruebas a dominios Hotmail y Gmail. Adjunto resumen de archivos saucer.cf y master.cf ademas de la lista de comandos, pienso que el problema puede suceder en el MTAsenderRestrictions, ya que anteriormente intentamos aplicar el antispam y blacklist sin éxito en el servidor. 

Message ID '[reject:NOQUEUE:www]'

paco....@gmail.com -->

mar...@imagenti.mx

  Recipient mar...@imagenti.mx

  Aug 26 10:59:46 - mail-ed1-f67.google.com (209.85.208.67) status reject

    451 4.3.5 <mail-ed1-f67.google.com[209.85.208.67]>: Client host rejected: Server configuration error

Message ID '[reject:NOQUEUE:www]'

serm...@gmail.com -->

i...@imagenti.mx

  Recipient in...@imagenti.mx

  Aug 26 11:07:32 - mail-ot1-f45.google.com (209.85.210.45) status reject

    451 4.3.5 <mail-ot1-f45.google.com[209.85.210.45]>: Client host rejected: Server configuration error

Message ID '[reject:NOQUEUE:www]'

dre...@hotmail.com -->

mar...@imagenti.mx

  Recipient mar...@imagenti.mx

  Aug 26 10:50:17 - mail-oln040092010063.outbound.protection.outlook.com (40.92.10.63) status reject

    451 4.3.5 <mail-oln040092010063.outbound.protection.outlook.com[40.92.10.63]>: Client host rejected: Server configuration error

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%

%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%%

%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%

%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re%%

permit_mynetworks

permit_sasl_authenticated

permit_tls_clientcerts

%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re%%

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Postfix /master.cf

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp   inet  n - n - - smtpd

#submission inet n - n - - smtpd

#  -o smtpd_tls_security_level=encrypt

#  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#smtps     inet  n - n - - smtpd

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#628   inet  n - n - - qmqpd

pickup    fifo  n - n 60 1 pickup

cleanup   unix  n - n - 0 cleanup

qmgr   fifo  n - n 300     1 qmgr

#qmgr     fifo  n - n 300     1 oqmgr

tlsmgr    unix  - - n 1000?   1 tlsmgr

rewrite   unix  - - n - - trivial-rewrite

bounce    unix  - - n - 0 bounce

defer     unix  - - n - 0 bounce

trace     unix  - - n - 0 bounce

verify    unix  - - n - 1 verify

flush     unix  n - n 1000?   0 flush

proxymap  unix  - - n - - proxymap

proxywrite unix - - n - 1 proxymap

smtp   unix  - - n - - smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  - - n - - smtp

        -o smtp_fallback_relay=

# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n - n - - showq

error     unix  - - n - - error

retry     unix  - - n - - error

discard   unix  - - n - - discard

local     unix  - n n - - local

virtual   unix  - n n - - virtual

lmtp   unix  - - n - - lmtp

anvil     unix  - - n - 1 anvil

scache    unix  - - n - 1 scache

#

# ====================================================================

saucer.cf

# pyzor

use_pyzor 1

pyzor_path /usr/bin/pyzor

# DNS lookups for pyzor can time out easily.  Set the following line IF you want to give pyzor up to 20 seconds to respond

# may slow down email delivery

pyzor_timeout 20

# razor

use_razor2 1

score URIBL_BLACK 3.250

score RAZOR2_CHECK 3.250

score PYZOR_CHECK 3.250

score BAYES_99 4.000

score BAYES_60 2.250

score BAYES_50 1.500

score BAYES_00 -0.500

score RP_MATCHES_RCVD -0.000

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

root history:

  171  sudo nano /opt/zimbra/conf/postfix_blacklist

  172  postmap /opt/zimbra/conf/postfix_blacklist

  174  zmprov mcf +zimbraMtaRestriction ‘check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist’

  182  sudo nano /opt/zimbra/conf/postfix_blacklist

  184  cd /opt/zimbra/common/conf/

  186  nano postfix_reject_sender

  189  su zimbra

  190  nano /opt/zimbra/common/conf/postfix_reject_sender 

  192  zmprov ms 'www.correocorp.mx' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"

  196  nano /opt/zimbra/common/conf/postfix_reject_sender 

  218  nano /opt/zimbra/common/conf/postfix_reject_sender

  230  nano /etc/yum.repos.d/epel.repo

  231  yum update

  232  yum install pyzor perl-Razor-Agent

  233  pyzor --homedir /opt/zimbra/data/amavisd/.pyzor discover

  234  su zimbra

  235  pyzor

  236  nano /opt/zimbra/conf/sa/saucer.cf

  237  cd /opt/zimbra/conf/sa/

  238  cd /opt/zimbra/conf/

  239  mkdir sa

  240  ls

  241  nano /opt/zimbra/conf/sa/saucer.cf

  242  su zimbra

  243  nano /opt/zimbra/conf/sa/saucer.cf

  244  su zimbra

  245  cd

  246  nano /opt/zimbra/conf/sa/saucer.cf

  247  su zimbra

  248  cd /opt/zimbra/data/spamassasin/localrules

  249  cd /opt/zimbra/data/spamassassin/localrules

  250  wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O sakam.cf

  251  su zimbra

  252  cp /opt/zimbra/conf/sa/saucer.cf /opt/zimbra/data/spamassassin/localrules/

  253  su zimbra

  254  exit

  255  nano /opt/zimbra/conf/sa/saucer.cf

  256  nano /opt/zimbra/common/conf/postfix_reject_sender 

  257  cd /opt/zimbra/common/conf/

  258  ls

  259  nano /opt/zimbra/conf/postfix_rbl_override

  260  postmap /opt/zimbra/conf/postfix_rbl_override

  261  zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'

  262  su zimbra

  263  reboot

  264   zmprov ms `www.correocorp.mx` -zimbraServiceEnabled amavis

  265  su zimbra

  269* nano /etc/postfix/m

  270  nano  /etc/postfix/filtered_domains 

  271  nano /opt/zimbra/conf/cbpolicyd.conf.in

  273  nano /opt/zimbra/conf/postfix_rbl_override

  274  reboot

  275  nano /opt/zimbra/conf/postfix_rbl_override

  276  reboot

  277  -rm /opt/zimbra/conf/postfix_rbl_override

  278  rm /opt/zimbra/conf/postfix_rbl_override

  279  reboot

  280  /opt/zimbra/libexec/zmmsgtrace -s n...@gmail.com' 

  281  nano /opt/zimbra/common/conf/postfix_reject_sender 

  282  nano /etc/postfix/master.cf

  285  /var/log/zimbra.log

  291  reboot

  308  wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3829.RHEL6_64.20190718141144.tgz

  309  tar zxvf zcs-8.8.15_GA_3829.RHEL6_64.20190718141144.tgz 

  310  cd zcs-8.8.15_GA_3829.RHEL6_64.20190718141144

  312  ./install.sh 

  314  reboot

  316  /opt/zimbra/libexec/zmmsgtrace -S '@gmail.com' 

  317  /opt/zimbra/libexec/zmmsgtrace -S '@HOTmail.com' 

  318  reboot

  319  postconf -e "smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated"

  320  postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"

  321  postconf -e "smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination"

  322  service postfix restart

su zimbra:

  895  190603 10:31:10 zmamavisdctl restart

  896  190603 10:33:59 vi /opt/zimbra/conf/amavisd.conf.in

  897  190603 10:37:33 zmamavisdctl restart

  900  190618 16:35:41 zmproxyctl restart

  902  190703 10:18:11 zmprov mcf +zimbraMtaRestriction ‘check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist’

  903  190708 12:16:32 zmprov mcf +zimbraMtaRestriction “reject_rbl_client b.barracuracentral.org”

  907  190801 11:20:42 zmprov ms 'www.correocorp.mx' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"

  908  190801 11:21:14 /opt/zimbra/common/sbin/postmap

  909  190801 11:22:01 /opt/zimbra/common/conf/postfix_reject_sender

  911  190801 12:01:33 zmprov md www.correocorp.mx +amavisBlacklistSender pal...@gmail.com

  912  190801 12:02:06 zmprov md www.correocorp.mx +amavisBlacklistSender dre...@gmail.com

  913  190802 18:36:07 zmprov ms 'www.correocorp.mx' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"

  914  190802 18:36:29 /opt/zimbra/common/sbin/postmap /opt/zimbra/common/conf/postfix_reject_sender

  915  190802 18:36:42 zmmtactl restart

  916  190802 18:40:22 nano /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf 

  932  190812 10:18:36 zmlocalconfig antispam_enable_rule_updates

  933  190812 10:18:55 zmlocalconfig -e antispam_enable_rule_updates=true

  934  190812 10:19:13 zmlocalconfig -e antispam_enable_restarts=true

  935  190812 10:19:35 zmamavisdctl restart

  936  190812 10:20:34 zmmtactl restart

  946  190812 10:28:12 pyzor

  948  190812 11:39:34 pyzor --homedir /opt/zimbra/data/amavisd/.pyzor discover

  950  190812 11:42:21 razor-admin -home=/opt/zimbra/data/amavisd/.razor -create

  951  190812 11:42:50 razor-admin -home=/opt/zimbra/data/amavisd/.razor -discover

  952  190812 11:47:21 razor-admin -home=/opt/zimbra/data/amavisd/.razor -register -user postm...@www.correocorp.mx

  954  190812 11:49:43 zmamavisdctl restart

  955  190812 11:50:25 zmmtactl restart

  966  190823 14:16:39 zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'

  967  190823 16:59:34 zmlocalconfig antispam_false_rule_update

  968  190823 17:00:00 zmlocalconfig antispam_disable_rule_update

  969  190823 17:01:05  zmlocalconfig -e antispam_enable_rule_updates=false

  970  190823 17:01:18 zmlocalconfig -e antispam_enable_restarts=false

  971  190823 17:01:24 reboot

  973  190823 17:36:47  zmprov ms `www.correocorp.mx` -zimbraServiceEnabled amavis

  974  190823 17:37:08  zmprov ms www.correocorp.mx -zimbraServiceEnabled amavis

  975  190823 17:37:30 zmcontrol restart

  976  190823 17:54:08 cd

  977  190823 17:54:13 exit

  978  190823 19:21:46 postconf mynetworks

  979  190823 19:22:23 zmprov gs www.correocorp.mx zimbraMtaMyNetworks

  980  190823 19:25:12 zmprov ms www.correocorp.mx zimbraMtaMyNetworks '127.0.0.0/8 216.245.210.0/24'

  981  190823 19:25:52 exit

  982  190823 19:31:30 zmantispamctl restart

  983  190823 19:31:51 zmamavisdctl restart

  984  190823 19:33:12 zmcontrol restart

  985  190823 19:49:39 nano /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf 

  986  190823 19:50:48 reboot

  987  190823 19:50:53 exit

  988  190826 09:38:09  zmlocalconfig -e postfix_lmtp_host_lookup=native

  989  190826 09:38:20  zmmtactl restart

  990  190826 09:41:40 nano /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf 

  991  190826 09:43:54 nano /opt/zimbra/conf/postfix_rbl_override

  992  190826 09:53:21 cd

  993  190826 09:53:23 exit

  994  190826 10:46:49 zmcontrol restart

[Edwind Richzendy Contreras Soto]

Para poder recibir el puerto 25 de tu servidor debe poder ser "visto" desde internet, hay muchas razones por las cuales no podría ser visto y varias de ellas podrían tener que ver de cómo tú servidor Zimbra se ubica en la red, es decir, está público? Pasa por un firewall? Hay un NAT? O tienes un firewall local bloqueando el puesto 25, tienes configurado adecuadamente el registro MX de tu dominio de correo?

Debes revisar todos estos puntos primero, si estás en un NAT o tienes un firewall pues debes hacer redirección de puertos o abrir los puertos necesarios.

En mxroute hay tools para verificar estás cosas, deberías hacer un test primero.

--
Has recibido este mensaje porque eres miembro de "zimbra grupo" de Google.
Si quieres publicar envía un mensaje de correo a zimbr...@googlegroups.com o entra en http://groups.google.es/group/zimbragrupo
 
Para anular la suscripción envía un mensaje a zimbragrupo...@googlegroups.com
---
Has recibido este mensaje porque estás suscrito al grupo "zimbra grupo" de Grupos de Google.
Para cancelar la suscripción a este grupo y dejar de recibir sus mensajes, envía un correo electrónico a zimbragrupo...@googlegroups.com.
Para ver esta conversación en el sitio web, visita https://groups.google.com/d/msgid/zimbragrupo/aee1f816-3480-459f-9440-b98c8d6abe6d%40googlegroups.com.

[Francisco Martinez]

Hola, revisando creo que el problema va relacionado a postfix_rbl_override (lista blanca que intentamos crear), hay forma de deshacer esta configuracion?, el tema de puertos mi servidor smtp utiliza 465, no tengo ningun tipo de bloqueo, mi servidor resuelve dns, el check the MX todo eso esta funcionando. muchas gracias

Aug 26 12:49:57 www postfix/smtpd[14479]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override: table lookup problem

Aug 26 12:49:57 www postfix/smtpd[14479]: NOQUEUE: reject: RCPT from mail.micronet.es[82.223.135.129]: 451 4.3.5 <mail.micronet.es[82.223.135.129]>: Client host rejected: Server configuration error; from=<prvs=11413be3eb=ki...@micronet.es> to=<d...@zkm.mx> proto=ESMTP helo=<micronet.es>

Aug 26 12:49:57 www postfix/smtpd[9350]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override is unavailable. open database /opt/zimbra/conf/postfix_rbl_override.lmdb: No such file or directory

Aug 26 12:49:57 www postfix/smtpd[9350]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override: table lookup problem

Aug 26 12:49:57 www postfix/smtpd[9350]: NOQUEUE: reject: RCPT from mail.micronet.es[82.223.135.129]: 451 4.3.5 <mail.micronet.es[82.223.135.129]>: Client host rejected: Server configuration error; from=<prvs=11413be3eb=ki...@micronet.es> to=<e...@zkp.mx> proto=ESMTP helo=<micronet.es>

Aug 26 12:50:18 www postfix/smtpd[3734]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override is unavailable. open database /opt/zimbra/conf/postfix_rbl_override.lmdb: No such file or directory

Aug 26 12:50:18 www postfix/smtpd[3734]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override: table lookup problem

Aug 26 12:50:18 www postfix/smtpd[3734]: NOQUEUE: reject: RCPT from mail29.suw11.mcdlv.net[198.2.190.29]: 451 4.3.5 <mail29.suw11.mcdlv.net[198.2.190.29]>: Client host rejected: Server configuration error; from=<bounce-mc.us20_115403...@mail29.suw11.mcdlv.net> to=<l...@tesh.mx> proto=ESMTP helo=<mail29.suw11.mcdlv.net>

Aug 26 12:50:26 www postfix/smtpd[14479]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override is unavailable. open database /opt/zimbra/conf/postfix_rbl_override.lmdb: No such file or directory

Aug 26 12:50:26 www postfix/smtpd[14479]: warning: lmdb:/opt/zimbra/conf/postfix_rbl_override: table lookup problem

Aug 26 12:50:26 www postfix/smtpd[14479]: NOQUEUE: reject: RCPT from mail-oi1-f194.google.com[209.85.167.194]: 451 4.3.5 <mail-oi1-f194.google.com[209.85.167.194]>: Client host rejected: Server configuration error; from=<c...@gmail.com> to=<k...@enti.mx> proto=ESMTP helo=<mail-oi1-f194.google.com>

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp   inet  n - n - - smtpd

#submission inet n - n - - smtpd

#  -o smtpd_tls_security_level=encrypt

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#smtps     inet  n - n - - smtpd

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

Para cancelar la suscripción a este grupo y dejar de recibir sus mensajes, envía un correo electrónico a zimbr...@googlegroups.com.

[Francisco Martinez]

Sigo revisando, cambie el uso de postfix_rbl_override por el blacklist, guarde los cambios y encontre lo siguiente, ahora veo que postfix no puede correr y veo el siguiente error:

Aug 26 14:24:31 www postfix/smtpd[3574]: warning: lmdb:/opt/zimbra/conf/postfix_blacklist is unavailable. open database /opt/zimbra/conf/postfix_blacklist.lmdb: No such file or directory

Aug 26 14:24:31 www postfix/smtpd[3574]: warning: lmdb:/opt/zimbra/conf/postfix_blacklist: table lookup problem

Aug 26 14:24:31 www postfix/smtpd[3574]: NOQUEUE: reject: RCPT from mta.mail.rci.com[199.122.123.234]: 451 4.3.5 <mta.mail.rci.com[199.122.123.234]>: Client host rejected: Server configuration error; from=<bounce-153_HTML-283863...@bounce.mail.rci.com> to=<I...@RA.COM> proto=ESMTP helo=<mta.mail.rci.com>

Aug 26 14:24:31 www postfix/smtpd[9525]: NOQUEUE: filter: RCPT from mta.mail.rci.com[199.122.123.234]: <bounce-153_HTML-283863...@bounce.mail.rci.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<bounce-153_HTML-283863...@bounce.mail.rci.com> to=<I...@RA.COM> proto=ESMTP helo=<mta.mail.rci.com>

Aug 26 14:24:31 www postfix/smtpd[9525]: NOQUEUE: filter: RCPT from mta.mail.rci.com[199.122.123.234]: <bounce-153_HTML-283863...@bounce.mail.rci.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<bounce-153_HTML-283863...@bounce.mail.rci.com> to=<I...@RA.COM> proto=ESMTP helo=<mta.mail.rci.com>

Aug 26 14:24:31 www postfix/smtpd[9525]: warning: lmdb:/opt/zimbra/conf/postfix_blacklist is unavailable. open database /opt/zimbra/conf/postfix_blacklist.lmdb: No such file or directory

Aug 26 14:24:31 www postfix/smtpd[9525]: warning: lmdb:/opt/zimbra/conf/postfix_blacklist: table lookup problem

Aug 26 14:24:31 www postfix/smtpd[9525]: NOQUEUE: reject: RCPT from mta.mail.rci.com[199.122.123.234]: 451 4.3.5 <mta.mail.rci.com[199.122.123.234]>: Client host rejected: Server configuration error; from=<bounce-153_HTML-283863...@bounce.mail.rci.com> to=<I...@RA.COM> proto=ESMTP helo=<mta.mail.rci.com>

Aug 26 14:24:31 www postfix/smtpd[3574]: disconnect from mta.mail.rci.com[199.122.123.234] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

[root@www ~]# service postfix status

master dead but pid file exists

[root@www ~]# service postfix start

Starting postfix:                                          [  OK  ]

[root@www ~]# service postfix status

master dead but pid file exists

[root@www ~]#