Thank you to Victor & Wietse for your response.
I thought the mynetworks parameter was the issue in terms of rejecting
clients from access.
I tried Victor's soltuion adding the code he noted however postfix would
fail to reload or restart generating the following errors.
Oct 7 12:47:32 relay01 postfix[22897]: warning: macro name syntax error:
"/etc/postfix/"
Oct 7 12:47:32 relay01 postfix[22897]: fatal: dictionary mail_dict: macro
processing error
Oct 7 12:48:14 relay01 postfix/smtpd[22901]: warning: macro name syntax
error: "/etc/postfix/"
Oct 7 12:48:14 relay01 postfix/smtpd[22901]: fatal: dictionary mail_dict:
macro processing error
In testing Wietse's soltuion I updated my hash file and hasted it again
using portmap.
10.147.1.31 1
10.147.1.32 2
10.147.1.38 3
10.147.11.0/24 4
10.147.11.132 5
While postfix will start with this solution it does not appear to have
resolved my issue which I though was based around an issue with the
mynetworks parameter.
The error I receive when trying to relay mail through the server is as
follows.
An error occurred while sending mail. The mail server responded: 5.7.1
<unknown[10.147.X.X]>: Client host rejected: Access denied. Please check
the message recipient bl...@withheld.com and try again.
The email address is valid in both sending and receiving. My goal is to
allow any host specified with the mynetworks parameter send mail to the
public internet. Correct me if my understanding is wrong but by
configuring this server as such should prevent it from being an open
relay. I am also implemented no inbound SMTP in our firewall for the NAT
address.
Thanks again for your help, it is appreciated.
On Mon, Oct 7, 2013 at 9:24 AM, Viktor Dukhovni
<postfix-us...@dukhovni.org>wrote:
> On Mon, Oct 07, 2013 at 09:12:41AM -0600, Blake wrote:
>
> > However when I check the config after restarting or reloading postfix the
> > parameter does not seem to be updated when reviewing postconf -d.
>
> Not surprising, "postconf -d" returns compiled-in defaults as
> documented. This allows you to quickly compare your actual settings
> (as returned by "postconf" or "postconf -n") with the compiled-in
> default values.
>
> A small number of compiled-in defaults are in fact compiled functions
> to compute the value, rather than a fixed value. The value is
> computed by examining the running system (its hostname, domainname
> and connected interfaces). Thus the default values for myhostname,
> mydomain and mynetworks are not fixed.
>
> > # postmap -s hash:/etc/postfix/network_table
> > 11 10.147.9.0/24
> > 13 10.148.1.0/24
> > 15 10.148.120.0/24
> > 17 10.148.17.0/24
> > 19 10.148.24.0/24
> > 2 10.147.1.32
> > 20 10.148.32.0/24
> > 22 10.149.16.0/24
>
> To use CIDR blocks in a table, you MUST use a CIDR table. Hash
> tables cannot be used for this:
>
> mynetworks.cidr:
> # RHS required, though value is otherwise ignored.
> 10.147.9.0/24 trusted
> 10.148.1.0/24 trusted
> 10.148.120.0/24 trusted
> 10.148.17.0/24 trusted
> 10.148.24.0/24 trusted
> 10.147.1.32 trusted
> 10.148.32.0/24 trusted
> 10.149.16.0/24 trusted
>
> > # postconf -d | grep mynetworks
>
> See above, this is futile.
>
> > mynetworks = hash:/etc/postfix/network_table
>
> Try:
>
> cidr = cidr:${config_directory}/
> mynetworks = ${cidr}mynetworks.cidr
>
> --
> Viktor.
>
