When I replied, I did not notice that Thunderbird had rewritten the header.
At the moment, I need to know what in this configuration could be
causing the mail to bounce back to me. At the moment, only local mail is
delivered.
I simply need the mail to exit my server after it is sent without being
refused. All relevant ports are open on the endpoint I want to send to.
I think I am trying to configure a satellite site but I did not specify
that during installation.
On 8/6/21 7:23 PM, Viktor Dukhovni wrote:
> On Fri, Aug 06, 2021 at 10:59:00PM +0000, masstransitk...@365stops.org wrote:
>
>> On 8/6/21 1:00 AM, Viktor Dukhovni wrote:
>>> On Fri, Aug 06, 2021 at 03:05:03AM +0000, masstransitk...@365stops.org
>>> wrote:
>>>
>>>> I followed your advice and now the traffic is hitting my gateway as it
>>>> should. The problem is, now it's getting refused.
>>>>
>>>> Firewall rules specify input interface in DNAT rules now. So instead of
>>>> simply forwarding ports 587 and 465, it is also requiring that the
>>>> public interface is the originating one. Let's call it "enp1s0".
>>>>
>>>> I eagerly await your feedback.
>>>
>>> I eagerly await the relevant log entries (and "postconf -nf" + "postconf
>>> -Mf"
>>> outputs) posted to the list.
>>
>> Here are the results for postconf -nf:
>
> And what question did you want to ask in relation to this configuration,
> and where are the relevant logs? Post your reply to the postfix-users
> *list*, not to my personal email address.
>
>> ###BEGIN OUTPUT###
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> command_directory = /usr/sbin
>> compatibility_level = 2
>> daemon_directory = /usr/lib/postfix/sbin
>> data_directory = /var/lib/postfix
>> debug_peer_list = 127.0.0.1
>> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
>> $daemon_directory/$process_name $process_id & sleep 5
>> home_mailbox = Maildir/
>> inet_interfaces = all
>> inet_protocols = ipv4
>> local_recipient_maps = unix:passwd.byname $alias_maps
>> mail_owner = postfix
>> mailbox_size_limit = 18253611008
>> mailq_path = /usr/bin/mailq
>> message_size_limit = 10485760
>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>> mydomain = krowverse.services
>> myhostname = mx.krowverse.services
>> mynetworks = 127.0.0.0/8 172.16.101.0/27
>> myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases
>> proxy_interfaces = 172.16.101.4
>> relay_domains =
>> relayhost = [mx.krowverse.services]
>> sendmail_path = /usr/sbin/postfix
>> setgid_group = postdrop
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_tcp_port = submission
>> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
>> smtpd_banner = $myhostname ESMTP
>> smtpd_helo_required = yes
>> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
>> smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination,
>> permit_sasl_authenticated, reject_rbl_client cbl.abuseat.org,
>> reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org,
>> reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client
>> zen.spamhaus.org, permit
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_path = private/auth
>> smtpd_sasl_security_options = noanonymous
>> smtpd_sasl_type = dovecot
>> smtpd_tls_cert_file =
>> /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/fullchain.pem
>> smtpd_tls_key_file =
>> /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/privkey.pem
>> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>> unknown_local_recipient_reject_code = 550
>>
>> ###END OUTPUT###
>>
>> And here is the output of postconf -Mf:
>>
>> ###BEGIN OUTPUT###
>> smtp inet n - y - - smtpd
>> submission inet n - n - - smtpd -v
>> -o syslog_name=postfix/submission
>> -o smtpd_sasl_auth_enable=yes
>> -o smtpd_tls_auth_only=yes
>> smtps inet n - y - - smtpd
>> -o syslog_name=postfix/smtps
>> -o smtpd_tls_wrappermode=yes
>> -o
>> smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain
>> -o milter_macro_daemon_name=ORIGINATING
>> pickup unix n - y 60 1 pickup
>> cleanup unix n - y - 0 cleanup
>> qmgr unix n - n 300 1 qmgr
>> tlsmgr unix - - y 1000? 1 tlsmgr
>> rewrite unix - - y - - trivial-rewrite
>> bounce unix - - y - 0 bounce
>> defer unix - - y - 0 bounce
>> trace unix - - y - 0 bounce
>> verify unix - - y - 1 verify
>> flush unix n - y 1000? 0 flush
>> proxymap unix - - n - - proxymap
>> proxywrite unix - - n - 1 proxymap
>> smtp unix - - y - - smtp
>> relay unix - - y - - smtp
>> -o syslog_name=postfix/$service_name
>> showq unix n - y - - showq
>> error unix - - y - - error
>> retry unix - - y - - error
>> discard unix - - y - - discard
>> local unix - n n - - local
>> virtual unix - n n - - virtual
>> lmtp unix - - y - - lmtp
>> anvil unix - - y - 1 anvil
>> scache unix - - y - 1 scache
>> postlog unix-dgram n - n - 1 postlogd
>> maildrop unix - n n - - pipe flags=DRhu
>> user=vmail argv=/usr/bin/maildrop -d ${recipient}
>> uucp unix - n n - - pipe flags=Fqhu
>> user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
>> ifmail unix - n n - - pipe flags=F
>> user=ftn
>> argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
>> bsmtp unix - n n - - pipe flags=Fq.
>> user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
>> scalemail-backend unix - n n - 2 pipe flags=R
>> user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
>> ${user} ${extension}
>> mailman unix - n n - - pipe flags=FR
>> user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
>> ${user}
>>
>> ###END OUTPUT###
>>
>> I hope this helps. I eagerly await your feedback.
>
> Sadly none is possible, without the relevant context.
>
> --
> Viktor.
>
publickey - masstransitkrow@365stops.org - 20be2ea5.asc
Description: application/pgp-keys
