On Mon, Jul 20, 2015 at 09:12:53PM +1000, Carl Brewer wrote:
> bash-4.3# telnet localhost 25
> 220 rollcage3.bl.echidna.id.au ESMTP Postfix
> ehlo localhost
> 250-rollcage3.bl.echidna.id.au
> 250 DSN
> mail from: c...@aboc.com.au
> 250 2.1.0 Ok
> rcpt to: carl.i.bre...@gmail.com
> 554 5.7.1 <carl.i.bre...@gmail.com>: Relay access denied
>
>
> Jul 20 20:43:29 postfix/smtpd[5337]: connect from localhost[127.0.0.1]
> Jul 20 20:43:29 postfix/smtpd[5337]: warning: connect to Milter service
> unix:/var/run/spamass.sock: Permission denied
Fix that while you're at it.
> Jul 20 20:44:00 postfix/smtpd[5337]: NOQUEUE: reject: RCPT from
> localhost[127.0.0.1]: 454 4.7.1 <carl.i.bre...@gmail.com>: Relay access
> denied; from=<c...@aboc.net.au> to=<carl.i.bre...@gmail.com> proto=ESMTP
> helo=<localhost>
> (yes, I know about spamass.sock, but that's not causing this problem)
Yes.
> postconf -n :
>
> mynetworks = hash:/usr/pkg/etc/postfix/network_table
Try:
mynetworks = 127.0.0.1/32, hash:/etc/pkg/etc/postfix/network_table
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> reject_unknown_recipient_domain
> reject_unverified_recipient
This requires SASL or presence in mynetworks.
> smtpd_relay_restrictions = permit_mynetworks
This is silly, set it either empty, or better:
# Restrict relay to trusted or authenticated clients
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
at which point:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_recipient_domain,
reject_unverified_recipient
> network_table contains :
>
> more network_table
> 203.6.241.0/24 OK
> 127.0.0.0/8 OK
> 192.168.2.0 OK
Hash tables don't support CIDR syntax.
mynetworks = cidr:/etc/pkg/etc/postfix/network_table
--
Viktor.
