restricted inbound on 587

Gary Aitken Sat, 16 Jan 2021 14:17:13 -0800

I'm trying to set up a postfix-server on a google-compute-engine vm that works 
as follows:
  outgoing mail from local machine (aaa.xxx.com) to a select few specific
    addresses and any address on a specific domain (yyy.com)
  incoming mail from a single domain only (yyy.com)


DNS is set with MX as aaa.xxx.com, although the IP on the ipv4 interface is
an internal google address, not the one returned for aaa.xxx.com.

I've set the following:

  /etc/aliases
    postmaster:   root
    root:         m...@yyy.com
    foo-admin:    u...@yyy.com,u...@yyy.com

/etc/mailname:

    xxx.com

  /etc/postfix/access
    xxx.com  OK
    yyy.com  OK
    *            5.2.1  No incoming mail allowed

  /etc/postfix/main.cf:
    smtpd_tls_cert_file=/path/to/fullchain.pem
    smtpd_tls_key_file=/path/to/privkey.pem
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtp_tls_security_level = may
    smtp_tls_loglevel=2
    smtp_tls_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
    myhostname = aaa.xxx.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = $myhostname, ggg.c.projectname.internal, 
localhost.c.projectname.internal, localhost
    relay_domains =
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 yyy.com
    recipient_restrictions = check_recipient_access hash:/etc/postfix/access
    inet_interfaces = all
    inet_protocols = all
    recipient_delimiter = +

/etc/postfix/master.cf:

    #smtp      inet  n       -       y       -       -       smtpd
    submission inet n       -       y       -       -       smtpd

When I attempt to send mail out using the mail command, the log shows:

Jan 16 21:20:05 ggg postfix/qmgr[13811]: 3CF5C3F3A5: from=<m...@xxx.com>, 
size=423, nrcpt=1 (queue active)
Jan 16 21:20:05 ggg postfix/smtp[13860]: initializing the client-side TLS engine
Jan 16 21:20:06 ggg postfix/smtp[13820]: connect to xxx.com[a.b.c.d]:25: 
Connection timed out
Jan 16 21:20:06 ggg postfix/smtp[13829]: connect to xxx.com[a.b.c.d]:25: 
Connection timed out

questions:

  1. Why is it attempting to send mail on port 25 and not 587?
  2. Why is it trying to connect to itself (xxx.com)?
     Note: the interface IP addr is of an internal google network,
           not the external DNS address which points to this machine.
  3. If I add the line:
       relayhost = [ok.relay.com]:587
     mail gets delivered
     although mail to valid-u...@relay.com does not get delivered
     without the relayhost directive.  Why not?

Thanks for any guidance,

Gary

restricted inbound on 587

Reply via email to