Hi All,
We have a split domian with a MTA relay in the middle, the domain is
@bar.com. and it configured in Zimbra and Gsuite,
Zimbra -> MTA Relay -> GSuite
Sending from zimbra as the -> Gsuite , and Zimbra -> Outside World works
correctly, the mail flows though zimbra -> mta -> gsuite
When sending Outside world to @bar.com and the account lives in zimbra, it
hits the MTA and the get "Relay Access Denied"
Postfix config:
address_verify_map = btree:${data_directory}/address_verify_map
amavis_destination_concurrency_limit = 25
append_dot_mydomain = no
biff = no
bounce_size_limit = 1024
canonical_maps = hash:/etc/postfix/canonical
config_directory = /etc/postfix
content_filter = amavis:localhost:10024
debug_peer_list = 92.243.13.63
default_destination_recipient_limit = 1000
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
inet_protocols = ipv4
local_recipient_maps =
mailbox_size_limit = 0
message_size_limit = 31457280
mydestination =
mydomain = foo.com
mynetworks = /etc/postfix/mynetworks
myorigin = foo.com
readme_directory = no
recipient_delimiter = +
relay_domains = $myhostname /etc/postfix/our_domains
relay_recipient_maps = ldap:/etc/postfix/ldap-relay-zimbra.cf
smtp_destination_concurrency_limit = 75
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access
regexp:/etc/postfix/recipient_access permit_mynetworks
reject_unauth_destination reject_unlisted_recipient check_client_access
hash:/etc/postfix/client_access check_sender_access
hash:/etc/postfix/sender_access reject_unknown_sender_domain
reject_invalid_hostname reject_non_fqdn_hostname
reject_unknown_reverse_client_hostname reject_rbl_client zen.spamhaus.org
reject_rbl_client psbl.surriel.com check_policy_service inet:127.0.0.1:1337
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_cert_file = /etc/postfix/${myhostname}.crt
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /etc/postfix/${myhostname}.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
ldap:/etc/postfix/ldap-transport-bar.cf
virtual_alias_maps = hash:/etc/postfix/virtual_aliases
The transport map for is from a ldap lookup
/etc/postfix/ldap-transport-foo.cf which looks like this
server_host = ldap://zimbraldap:389
server_port = 389
search_base =
query_filter =
(&(|(zimbraMailDeliveryAddress=%s))(zimbraMailStatus=enabled))
result_attribute = zimbraMailDeliveryAddress
version = 3
result_format=relay:[smtp.foo.com]
start_tls = no
size_limit = 1
timeout = 60
smtp.foo.com being the zimbra server to relay onto
And the logs look like this
NOQUEUE: reject: RCPT from mail-pg1-f199.google.com[209.85.215.199]: 554
5.7.1 <j...@foo.co>: Relay access denied; from=<XXXXXX> to=<j...@foo.co>
proto=ESMTP helo=<mail-pg1-f199.google.com>
I've removed and personal info from the above
Any suggestions on why it is getting deined
Thanks
--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
