Please don't top-post your replies. It makes the thread much harder to follow. Thank you.
On Thu, Sep 06, 2012 at 12:15:51PM -0400, Futchko, Rose wrote: > Dear Wieste, > > Thank you very much for the information below. However, I am still > receiving the following error from POSTFIX Rather than scroll down and see what information is there, I'll address this. > Sep 6 10:10:44 informs-app02-listserv postfix/smtpd[5905]: connect from > unknown[216.230.111.81] > Sep 6 10:10:44 informs-app02-listserv postfix/smtpd[5905]: NOQUEUE: > reject: RCPT from unknown[216.230.111.81]: 554 5.7.1 > <david.wi...@informs.org>: Relay access denied; > from=<o...@mail.informs.org> to=<david.wi...@informs.org> proto=ESMTP > helo=<mail.or-exchange.com> "informs.org" is not in the list of domains handled by this "informs-app02-listserv" server instance. So this is a reject_unauth_destination in your smtpd_recipient_restrictions. Client 216.230.111.81 is not in $mynetworks and did not AUTH (if you enabled SASL AUTH.) Therefore it is not allowed to relay. > Sep 6 10:10:44 informs-app02-listserv postfix/smtpd[5905]: disconnect > from unknown[216.230.111.81] Client 216.230.111.81 gives up and goes away. > Sep 6 10:10:44 informs-app02-listserv postfix/smtpd[5993]: connect from > unknown[216.230.111.81] Now it's back in the same second! > Sep 6 10:10:44 informs-app02-listserv postfix/smtpd[5993]: F19482111E: > client=unknown[216.230.111.81] This time we are probably going to accept the mail. We have a queue ID now. > Sep 6 10:10:44 informs-app02-listserv postfix/cleanup[6319]: > F19482111E: message-id=<20120906141044.eeb2720...@mail.or-exchange.com> > Sep 6 10:10:45 informs-app02-listserv postfix/qmgr[2267]: F19482111E: > from=<>, size=4876, nrcpt=1 (queue active) It's a bounce, presumably for the sender from=<o...@mail.informs.org> which we just rejected. > Sep 6 10:10:45 informs-app02-listserv postfix/smtpd[5993]: disconnect > from unknown[216.230.111.81] > Sep 6 10:10:45 informs-app02-listserv spamd[2816]: spamd: connection > from localhost [127.0.0.1] at port 33883 You omitted the rest of the logging for the bounce. Doesn't matter. > Here is the main configuration for the central POSTFIX mail server at IP > address 216.230.111.85 (public IP) the private IP is 10.41.20.18 > *question- do I need to add the public IP to mynetworks? 216.230.111.81 != 216.230.111.85, so adding 216.230.111.85 would not have caused this message to be accepted, if that is what you wanted. > (POSTCONF -n) > alias_database = hash:/etc/aliases, hash:/etc/mailman/aliases > alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > html_directory = no > inet_protocols = all > local_recipient_maps = unix:passwd.byname $alias_maps > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydestination = $myhostname, list.$mydomain, localhost.$mydomain > mydomain = informs.org > myhostname = mail.informs.org So mail.informs.org (as $myhostname) is in mydestination. > mynetworks = 10.41.20.0/24, 127.0.0.0/8 (this includes the private IP > LAN address -- same subnet) Your connection came from 216.230.111.81, not from 10.41.20.0/24 nor 127.0.0.0/8. > myorigin = $myhostname > newaliases_path = /usr/bin/newaliases.postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > recipient_delimiter = + > relay_domains = mail.or-exchange.com, list.informs.org You should not list a domain in more than one class. You already have mail.informs.org (as $myhostname) in mydestination. Also, using relay_domains without relay_recipient_maps can lead to backscatter spam. http://www.postfix.org/ADDRESS_CLASS_README.html http://www.postfix.org/BACKSCATTER_README.html#wtf > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > transport_maps = hash:/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > > Here is the App server that sends mail to above server (POSTCONF -n) Is it doing anything wrong? It's connecting to you and doing what it was told to do. Perhaps (I am guessing here) you wanted to have it connect to the internal 10.41.20.18 address of the relayhost? > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > html_directory = no > inet_interfaces = all > inet_protocols = all > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydestination = $myhostname, localhost.$mydomain, localhost > mydomain = or-exchange.com > myhostname = mail.or-exchange.com > relayhost = mail.informs.org If my guess was right, you would want this: relayhost = [10.41.20.18] http://www.postfix.org/postconf.5.html#relayhost http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > unknown_local_recipient_reject_code = 550 > > > (transport file - db file was made) > ### added inbound/outbound relay domain information - read rules above > > mail.or-exchange.com relay:[mail.informs.org] Why such a complex multi-MTA setup? Perhaps you would find it easier to simplify. Use null client software on hosts that need to send mail, let them relay through one MTA. > Thank you in advance, > Rose > > -----Original Message----- > From: wie...@porcupine.org [mailto:wie...@porcupine.org] > Sent: Friday, August 31, 2012 1:27 PM > To: Futchko, Rose > Cc: Postfix users > Subject: Re: Postfix Multi-Instance on multiple hosts > > Futchko, Rose: > > Diagnostic-Code: smtp; 554 5.7.1 <n...@gmail.com>: Relay access denied > > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from Oh hey, there's that same URL again! -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
