> On Sep 20, 2018, at 11:37 AM, Fazzina, Angelo <angelo.fazz...@uconn.edu>
> wrote:
>
> User sends email to ling...@listserv.uconn.edu.
> [two of recipients are woodsan...@msn.com and jb...@albanylaw.edu]
>
> Listserv.uconn.edu relays the email to smtp.uconn.edu
> When smtp.uconn.edu resolves to MTA4 and not MTA1-3 we have an issue.
>
> I get these errors
> Sep 19 09:40:26 mta4 postfix/smtpd[22724]: 529981802840: reject: RCPT from
> MSB-P-Listserv.grove.ad.uconn.edu[137.99.30.25]:
> 554 5.7.1 <jb...@albanylaw.edu>: Relay access denied;
> from=<owner-ling...@listserv.uconn.edu>
> to=<jb...@albanylaw.edu> proto=ESMTP helo=<MSB-P-Listserv>
>
> Sep 19 09:40:25 mta4 postfix/smtpd[22724]: NOQUEUE: reject: RCPT from
> MSB-P-Listserv.grove.ad.uconn.edu[137.99.30.25]:
> 554 5.7.1 <woodsan...@msn.com>: Relay access denied;
> from=<owner-ling...@listserv.uconn.edu>
> to=<woodsan...@msn.com> proto=ESMTP helo=<MSB-P-Listserv>
The Postfix configuration of mta4 is not suited to its use:
* You're using it as an *outbound* relay to deliver email to list members.
* It is configured with access control rules that make sense on an *inbound*
relay, allowing only email to internal domains.
This relay needs to permit all mail to external recipients from authorized
clients (perhaps all) on your network. How it determines whether a client
is authorized to relay outbound email is generally a site-specific issue.
Clients can be allowed via CIDR table by IP address, or could be required
to authenticate with TLS client certs or SASL. Or with the server only
accepting mail on an internal network where all clients are trusted, it
could allow all clients, with the network topology doing the access control.
--
Viktor.
