> relayhost = [mx.krowverse.services]
If I got your first post right you only have nat rules for port 465 and 587 but
the setting above implies usage of port 25. Ever tried to add :587 to your
postfix relayhost setting?
Am 7. August 2021 11:51:33 UTC schrieb masstransitk...@365stops.org:
>When I replied, I did not notice that Thunderbird had rewritten the header.
>
>At the moment, I need to know what in this configuration could be
>causing the mail to bounce back to me. At the moment, only local mail is
>delivered.
>
>I simply need the mail to exit my server after it is sent without being
>refused. All relevant ports are open on the endpoint I want to send to.
>
>I think I am trying to configure a satellite site but I did not specify
>that during installation.
>
>On 8/6/21 7:23 PM, Viktor Dukhovni wrote:
>> On Fri, Aug 06, 2021 at 10:59:00PM +0000, masstransitk...@365stops.org wrote:
>>
>>> On 8/6/21 1:00 AM, Viktor Dukhovni wrote:
>>>> On Fri, Aug 06, 2021 at 03:05:03AM +0000, masstransitk...@365stops.org
>>>> wrote:
>>>>
>>>>> I followed your advice and now the traffic is hitting my gateway as it
>>>>> should. The problem is, now it's getting refused.
>>>>>
>>>>> Firewall rules specify input interface in DNAT rules now. So instead of
>>>>> simply forwarding ports 587 and 465, it is also requiring that the
>>>>> public interface is the originating one. Let's call it "enp1s0".
>>>>>
>>>>> I eagerly await your feedback.
>>>>
>>>> I eagerly await the relevant log entries (and "postconf -nf" + "postconf
>>>> -Mf"
>>>> outputs) posted to the list.
>>>
>>> Here are the results for postconf -nf:
>>
>> And what question did you want to ask in relation to this configuration,
>> and where are the relevant logs? Post your reply to the postfix-users
>> *list*, not to my personal email address.
>>
>>> ###BEGIN OUTPUT###
>>> alias_database = hash:/etc/aliases
>>> alias_maps = hash:/etc/aliases
>>> command_directory = /usr/sbin
>>> compatibility_level = 2
>>> daemon_directory = /usr/lib/postfix/sbin
>>> data_directory = /var/lib/postfix
>>> debug_peer_list = 127.0.0.1
>>> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
>>> $daemon_directory/$process_name $process_id & sleep 5
>>> home_mailbox = Maildir/
>>> inet_interfaces = all
>>> inet_protocols = ipv4
>>> local_recipient_maps = unix:passwd.byname $alias_maps
>>> mail_owner = postfix
>>> mailbox_size_limit = 18253611008
>>> mailq_path = /usr/bin/mailq
>>> message_size_limit = 10485760
>>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>>> mydomain = krowverse.services
>>> myhostname = mx.krowverse.services
>>> mynetworks = 127.0.0.0/8 172.16.101.0/27
>>> myorigin = $mydomain
>>> newaliases_path = /usr/bin/newaliases
>>> proxy_interfaces = 172.16.101.4
>>> relay_domains =
>>> relayhost = [mx.krowverse.services]
>>> sendmail_path = /usr/sbin/postfix
>>> setgid_group = postdrop
>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>>> smtp_tcp_port = submission
>>> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
>>> smtpd_banner = $myhostname ESMTP
>>> smtpd_helo_required = yes
>>> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
>>> smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination,
>>> permit_sasl_authenticated, reject_rbl_client cbl.abuseat.org,
>>> reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org,
>>> reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client
>>> zen.spamhaus.org, permit
>>> smtpd_sasl_auth_enable = yes
>>> smtpd_sasl_local_domain = $myhostname
>>> smtpd_sasl_path = private/auth
>>> smtpd_sasl_security_options = noanonymous
>>> smtpd_sasl_type = dovecot
>>> smtpd_tls_cert_file =
>>>
>>> /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/fullchain.pem
>>> smtpd_tls_key_file =
>>> /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/privkey.pem
>>> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
>>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>>> smtpd_use_tls = yes
>>> unknown_local_recipient_reject_code = 550
>>>
>>> ###END OUTPUT###
>>>
>>> And here is the output of postconf -Mf:
>>>
>>> ###BEGIN OUTPUT###
>>> smtp inet n - y - - smtpd
>>> submission inet n - n - - smtpd -v
>>> -o syslog_name=postfix/submission
>>> -o smtpd_sasl_auth_enable=yes
>>> -o smtpd_tls_auth_only=yes
>>> smtps inet n - y - - smtpd
>>> -o syslog_name=postfix/smtps
>>> -o smtpd_tls_wrappermode=yes
>>> -o
>>> smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain
>>> -o milter_macro_daemon_name=ORIGINATING
>>> pickup unix n - y 60 1 pickup
>>> cleanup unix n - y - 0 cleanup
>>> qmgr unix n - n 300 1 qmgr
>>> tlsmgr unix - - y 1000? 1 tlsmgr
>>> rewrite unix - - y - - trivial-rewrite
>>> bounce unix - - y - 0 bounce
>>> defer unix - - y - 0 bounce
>>> trace unix - - y - 0 bounce
>>> verify unix - - y - 1 verify
>>> flush unix n - y 1000? 0 flush
>>> proxymap unix - - n - - proxymap
>>> proxywrite unix - - n - 1 proxymap
>>> smtp unix - - y - - smtp
>>> relay unix - - y - - smtp
>>> -o syslog_name=postfix/$service_name
>>> showq unix n - y - - showq
>>> error unix - - y - - error
>>> retry unix - - y - - error
>>> discard unix - - y - - discard
>>> local unix - n n - - local
>>> virtual unix - n n - - virtual
>>> lmtp unix - - y - - lmtp
>>> anvil unix - - y - 1 anvil
>>> scache unix - - y - 1 scache
>>> postlog unix-dgram n - n - 1 postlogd
>>> maildrop unix - n n - - pipe flags=DRhu
>>> user=vmail argv=/usr/bin/maildrop -d ${recipient}
>>> uucp unix - n n - - pipe flags=Fqhu
>>> user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
>>> ifmail unix - n n - - pipe flags=F
>>> user=ftn
>>> argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
>>> bsmtp unix - n n - - pipe flags=Fq.
>>> user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
>>> scalemail-backend unix - n n - 2 pipe flags=R
>>> user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
>>> ${user} ${extension}
>>> mailman unix - n n - - pipe flags=FR
>>> user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
>>> ${user}
>>>
>>> ###END OUTPUT###
>>>
>>> I hope this helps. I eagerly await your feedback.
>>
>> Sadly none is possible, without the relevant context.
>>
>> --
>> Viktor.
>>
