Re: Relay access denied issue

Fri, 12 Aug 2011 01:17:59 -0700 

On 2011-08-12 09:00, Marco van Kammen wrote:


Dear List,

Very basic relaying setup.


Mail coming in from specific range of servers is allowed and forwarded 
to their final destinations.


Postfix 2.3.3



Consider upgrading; this version is no longer suported.


postconf --n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

html_directory = no

inet_interfaces = all

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain, localhost

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

sample_directory = /usr/share/doc/postfix-2.3.3/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

unknown_local_recipient_reject_code = 550

/etc/postfix/access

/etc/postfix/access.db

10.35.0.0/16    OK



This database is not referenced anywhere.


Most servers within the 10.35.0.0/16 range are allowed just fine..

Mail from one specific ip keeps bouncing:


Aug 11 14:22:33 serverX postfix/smtpd[28348]: NOQUEUE: reject: RCPT 
from serverX.is.local[10.35.10.34]: 554 5.7.1 <exter...@domain.com>: 
Relay access denied; from=<inter...@domain.com> 
to=<exter...@domain.com> proto=ESMTP helo=<serverX>



I'm pretty sure I'm missing something very simple, but I just can't 
see it!




To RELAY mail through postfix, one of the following must be true:

- either the recipient domain appears in relay_domains, OR
- the source IP(s) appear in mynetworks, OR
- there is a client access map that is actually applied somewere.


I don't see any of the above happening; this means the default for 
mynetworks is used: the IP of the postfix server, and the smallest IP 
range it is a member of.


Since you say this concerns a known set of internal IPs, use the following:

    mynetworks = 127.0.0.1/8 10.35.0.0/16

and verify that:


    smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination


    http://www.postfix.org/postconf.5.html#mynetworks
    http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions


If this server is accessible from the outside, those restrictions are 
NOT sufficient: http://www.postfix.org/SMTPD_ACCESS_README.html



--
J.























					Reply via email to