Thanks for the info Benny, I will make those adjustments. I have mynetworks_style = subnet #mynetworks commented out
Local apps that send mail are from other containerized apps on this host and from another host on the 192.168.* address range, but that will eventually go away. I added some log information in followup posts, here we can see the from and to email addresses are not my domain and they are getting routed to my relay, that is why I thought it would be a relay issue. Ex: Dec 29 06:48:27 mail postfix/qmgr[108]: 6A158635: from=<i...@fbi.gov>, size=2222, nrcpt=20 (queue active) Dec 29 06:48:27 mail postfix/smtpd[4467]: B033063B: client=unknown[172.17.0.1] Dec 29 06:48:27 mail postfix/smtpd[4470]: C3D6F63C: client=unknown[172.17.0.1] Dec 29 06:48:27 mail postfix/smtp[4479]: 0D42C630: to=<britneyba...@aol.com>, relay=smtp.gmail.com[64.233.191.108]:587, delay=3.9, delays=3.1/0.17/0.3/0.36, dsn=2.0.0, status=sent (250 2.0.0 OK 1609224507 x5sm28764963ilm.22 - gsmtp) On Sun, Jan 24, 2021 at 5:35 PM Benny Pedersen <m...@junc.eu> wrote: > On 2021-01-24 01:26, P. Ik. wrote: > > > -take mail in from internet for delivery only to local email addresses > > on this server (I have 3 total local addresses) > > -local addresses on this server can send mail to any address > > -local delivery is forwarded to a gmail account > > > > Forwarding and reception to gmail works fine. > > so so, forwarding spam is not a relay problem > > as i read the problem is you accept to much emails to system users ?, > but you did not provide a local recipient maps, so in practical accept > all and forward it to gmail > > what ips have mydestination domains ?, does localhost.mydomain resolve > to 127.0.0.1 and ::1 ? > > how is mynetworks configured ?, have to many ips there will give open > relay symtoms > > > Links: > > ------ > > [1] http://mail.MY_DOMAIN.com > > [2] http://smtp.gmail.com > > [3] http://cbl.abuseat.org > > [4] http://zen.spamhaus.org > > [5] http://sbl-xbl.spamhaus.org > > [6] http://bl.spamcop.net > > [7] http://dsn.rfc-ignorant.org > > [8] http://dul.dnsbl.sorbs.net > > [9] http://ix.dnsbl.manitu.net > > [10] http://combined.rbl.msrbl.net > > [11] http://rabl.nuclearelephant.com > > [12] http://dbl.spamhaus.org > > zen.spamhaus includes all other rbls there so only zen is neeeded > > cbl is in zen aswell > > rfc-ignorant is empty zone imho > > show logs of rejects could help > > need more info >
