*Facepalm* smtpd_recipient_restrictions is specified a second time.
A depressing amount of time was spent debugging this. On Mon, Oct 18, 2010 at 10:30 PM, Yang Zhang <yanghates...@gmail.com> wrote: > Omitted one important detail: this failure is seen when attempting to > send from clients outside the network. Sending from mynetworks (e.g. > localhost) works fine. > > On Mon, Oct 18, 2010 at 10:29 PM, Yang Zhang <yanghates...@gmail.com> wrote: >> I have in /etc/postfix/main.cf: >> >> smtpd_sasl_auth_enable = yes >> smtpd_recipient_restrictions = permit_sasl_authenticated, >> permit_mynetworks, reject_unauth_destination >> >> and SASL seems to be working: >> >> $ testsaslauthd -u yang -p ... -f >> /var/spool/postfix/var/run/saslauthd/mux -s smtpd >> 0: OK "Success." >> >> but I'm getting "Relay access denied": >> >> $ telnet blah.com 25 >> auth plain ... >> 235 2.7.0 Authentication successful >> mail from:<y...@blah.com> >> 250 2.1.0 Ok >> rcpt to:<y...@dest.com> >> 554 5.7.1 <y...@dest.com>: Relay access denied >> >> Logs: >> >> Oct 18 21:10:19 blah postfix/smtpd[13882]: connect from unknown[x.x.x.x] >> Oct 18 21:10:19 blah postfix/smtpd[13882]: setting up TLS >> connection from unknown[x.x.x.x] >> Oct 18 21:10:19 blah postfix/smtpd[13882]: Anonymous TLS >> connection established from unknown[x.x.x.x]: TLSv1 with cipher >> DHE-RSA-AES256-SHA (256/256 bits) >> Oct 18 21:10:19 blah postfix/smtpd[13882]: NOQUEUE: reject: RCPT >> from unknown[x.x.x.x]: 554 5.7.1 <y...@dest.com>: Relay access denied; >> from=<y...@blah.com> to=<y...@dest.com> proto=ESMTP helo=<[y.y.y.y]> >> Oct 18 21:10:19 blah postfix/smtpd[13882]: disconnect from unknown >> [x.x.x.x] >> >> Been stumped for some time now. Any hints? >> >> My complete configuration follows; it's based on >> https://help.ubuntu.com/community/Postfix. >> >> /etc/default/saslauthd: >> >> START=yes >> PWDIR="/var/spool/postfix/var/run/saslauthd" >> PARAMS="-m ${PWDIR}" >> PIDFILE="${PWDIR}/saslauthd.pid" >> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" >> >> /etc/postfix/main.cf: >> >> # See /usr/share/postfix/main.cf.dist for a commented, more complete >> version >> >> # Debian specific: Specifying a file name will cause the first >> # line of that file to be used as the name. The Debian default >> # is /etc/mailname. >> #myorigin = /etc/mailname >> >> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) >> biff = no >> >> # appending .domain is the MUA's job. >> append_dot_mydomain = no >> >> # Uncomment the next line to generate "delayed mail" warnings >> #delay_warning_time = 4h >> >> readme_directory = no >> >> # TLS parameters >> smtp_tls_loglevel=1 >> smtp_tls_security_level=may >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >> smtpd_tls_cert_file=/etc/ssl/certs/blah.crt >> smtpd_tls_key_file=/etc/ssl/private/blah.key >> smtpd_tls_loglevel=1 >> smtpd_tls_security_level=may >> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache >> >> smtpd_sasl_auth_enable = yes >> smtpd_recipient_restrictions = >> permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination >> >> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for >> # information on enabling SSL in the smtp client. >> >> myhostname = blah.com >> alias_maps = hash:/etc/aliases >> alias_database = hash:/etc/aliases >> myorigin = /etc/mailname >> mydestination = localhost.blah.com, localhost >> relayhost = >> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 >> mailbox_size_limit = 0 >> recipient_delimiter = + >> inet_interfaces = all >> >> # From <http://www.postfix.org/VIRTUAL_README.html> >> >> virtual_mailbox_domains = blah.com invalid.invalid >> virtual_mailbox_base = /var/mail/blah >> virtual_mailbox_maps = hash:/etc/postfix/vmailbox >> virtual_alias_maps = hash:/etc/postfix/valiases >> virtual_minimum_uid = 100 >> virtual_uid_maps = static:1001 >> virtual_gid_maps = static:1001 >> >> sender_bcc_maps = hash:/etc/postfix/bccmaps >> >> # DKIM >> smtpd_milters = inet:localhost:8891 >> non_smtpd_milters = inet:localhost:8891 >> >> # Enforce SPF >> smtpd_recipient_restrictions = >> permit_mynetworks >> reject_unauth_destination >> check_policy_service unix:private/policyd-spf >> policyd-spf_time_limit = 3600 >> >> /etc/postfix/sasl/smtpd.conf: >> >> pwcheck_method: saslauthd >> mech_list: plain login >> >> -- >> Yang Zhang >> http://yz.mit.edu/ >> > > > > -- > Yang Zhang > http://yz.mit.edu/ > -- Yang Zhang http://yz.mit.edu/
