Hi folks,
would like to ask for help with a "relay access denied" problem. We're
talking about postfix 2.9.6 on an ubuntu server.
Postfix is to deliver mail locally that is brought by Fetchmail (from
several freemail accounts). This mail goes to Dovecot imap mailboxes. I
access them using Thunderbird. Outbound mail goes to the freemail
providers' smtp servers directly, only a copy is stored in the imap
folder for sent mail. So, Postfix is not involved here.
Additionally, I got a mail address which is hosted on this very server,
let's say john-...@mydomain.com. Postfix receives mail for this user and
also passes it on to Dovecot. So far so good.
Outbound mail for john-...@mydomain.com I want to be sent by Postfix,
using a relay server. I'm afraid that if I don't, other mail providers
will automatically move mail from my address in the spam folder or even
reject it since mydomain.com is not known there. The (German) freemail
provider Arcor is known to accept mails from any sender as long as this
sender can authenticate at the arcor smtp server with an existing arcor
user account. Let's say my account there is "j...@arcor.de".
Therefore I set up a sender_canonical map. When the local user "john"
sends out mail, it gets the sender address "john-...@mydomain.com". I
can send e-mail from my server's command line with my user "john" and it
works. The arcor smtp server and jdoe:password are defined in
sasl_password file. But when I want to send mail using Thunderbird, I
get a "relay access denied" error.
Thunderbird connects to mydomain.com using the local user "john" and
according password in plaintext, but TLS encrypted. Let's say a mail
should be sent to "anyb...@gmail.com", then this is what I get in
/var/log/mail.log:
postfix/smtpd[13282]: connect from [my current IP by ISV]
postfix/smtpd[13282]: NOQUEUE: reject: RCPT from [my current IP by ISV]:
554 5.7.1 <anyb...@gmail.com>: Relay access denied;
from=<john-...@mydomain.com> to=<anyb...@gmail.com> proto=ESMTP
helo=<[my notebook's Wifi IP]>
postfix/smtpd[13282]: disconnect from [my current IP by ISV]
For parts of setting up Postfix I used this guide:
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL#preview
Want to point out this line:
"smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination"
Now I read in the postconf guide
(http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions) that
"smtpd_relay_restrictions" is the way to go. And can be configured with
the same parameters as "smtpd_recipient_restrictions". Strange thing is:
when I change my main.cf to ...relay_restrictions, this is what I get
repeatedly once I restart the postfix daemon:
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter:
smtpd_relay_restrictions=permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
So, currently I left it with recipient_restrictions.
As far as I understand, this is the point where I need to tweak my
config. But I just can't figure out what exactly I need to set.
Last, here's my postconf -n output. Comments welcome even if they're not
related to this problem. The config file is kind of patchwork... it's to
my best knowledge, but might well be there are other issues to fix, too.
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
mydestination = mydomain.com, localhost.localdomain, localhost
myhostname = mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = mail.arcor.de
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
Oh, by the way... the postfix server is a hosted machine somewhere in
the internet. So adding something to mynetworks is not really an option,
I guess. Besides, I must be able to connect to the mail server with
different mobile devices from all around the world.
Thanks everybody who read that far!!
Warm regards
Nathan
