Re: zendesk and relay denied

[Alex]

Hi,

>> I've set up postfix to be the mail relay for a domain so we can
>> process it through amavis/spamassassin prior to it being forwarded on
>> to our O365 domain.
>
> You need to add this domain to the "relay_domains"

Ah yes, of course.

>> I've set up a recipient check to allow relaying for our zendesk
>> support domain, but for some reason it's still being rejected. Is it
>> due to the empty envelope sender?
>
> SMTPD checks "smtpd_relay_restrictions" also.
> By default it accepts email from unauthenticated users/networks to  
> mydestination and relay_domains only.

I realized I'm also having difficulty with outbound mail being routed
from O365 to our mail server:

May 12 23:04:54 xavier postfix-118/smtpd[3482092]: NOQUEUE: reject:
RCPT from mail-mw2nam12lp2043.outbound.protection.outlook.com[104.47.66.43]:554
5.7.1 <supp...@example1.com>: Relay access denied;
from=<a...@mydomain.com> to=<supp...@example1.com> proto=ESMTP
helo=<NAM12-MW2-obe.outbound.protection.outlook.com>

So I'm unable to send mail as a...@mydomain.com to any domain other
than the ones managed by our mail server.  How do I convince postfix
that it should route mail for mydomain.com from
outbound.protection.outlook.com?

I've added spf.protection.outlook.com to our SPF record - what am I missing?

>> main.cf:
>> relay_domains = $mydestination, example.com
>
>  Add "nnnhelp.zendesk.com" here.
> Be sure Postfix knows how to deliver email there (there must be MX record or 
> record in "transport(5)" table)

This is working now, thanks.

>>         check_recipient_access pcre:$config_directory/nnnhelp-zendesk,
>
> Did you add it to the "smtpd_recipient_restrictions" ?

Oops, yes, that's where I added it.

smtpd_recipient_restrictions =
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unlisted_recipient,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org,
        reject_rhsbl_helo dbl.spamhaus.org,
        check_helo_access pcre:$config_directory/helo_checks.pcre,
        check_helo_access ${indexed}helo_checks,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        check_policy_service unix:private/policy-spf,
        check_policy_service inet:127.0.0.1:2501,
        check_recipient_access pcre:$config_directory/nnnhelp-zendesk,
        permit

> Check this doc carefully: http://www.postfix.org/SMTPD_ACCESS_README.html
> It has examples and very useful table

Thank you.