LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-23-2005, 05:17 PM   #1
dwpondscum
LQ Newbie
 
Registered: Apr 2003
Location: Oklahoma
Distribution: Redhat
Posts: 25

Rep: Reputation: 15
Postfix Relay Access Denied


Currently I have an older machine running FC4 with vsftpd, apache, and postfix. I am trying to set up a newer machine to replace it. I have setup vsftpd and apache alright. However, there are problems with postfix.

The Internet comes in through the router to postfix 192.168.200.99 and then is to be relayed to MS Exchange @ 192.168.200.105 (long story on the setup and exchange!) Each user then accesses their mail by Exchange.

Currently I have the old machine up and running. It will relay the domain to the Exchange box. What I do not understand is that both machines have the SAME following configuration, but the new machine will not relay. Both machines have the same IP address 192.168.200.99. I obviously unplug one temp while trying the other.

When I send an email from familynet.net to example.com I get the following error on the new maching.
NOQUEUE: reject: RCPT from courier.familynet.net :554 <address@example.com> Relay Access Denied from= <name@familynet.net> to=<address@example.com> proto=ESMTP helo=<couier.familynet.net>

MAIN.CF File
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, 192.168.200.105
mynetworks = 127.0.0.0/8, 192.168.200.105, 192.168.200.0/24

relay_domains = example.com
#relayhost = [192.168.200.105]:25
relayhost =
local_recipient_maps =
transport_maps = hash:/etc/postfix/transport

#relay_recipient_maps = hash:/etc/postfix/relay_recipients


queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mail_spool_directory = /var/spool/mail
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

TRANSPORT File
.fddisystems.com smtp:[192.168.200.105]:25


What am I not seeing? Many thanks!!
 
Old 08-23-2005, 08:27 PM   #2
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
I front-end an exchange server using postfix, so I have a very similar setup at this end. A couple of things I noticed...

mydestination = $myhostname, localhost.$mydomain, localhost, 192.168.200.105

I'm being anal here, but if your domain name is being relayed to exchange, why is the ip address of the exchange box listed in my destination? This shouldn't cause a problem, but it doesn't make any since.

mynetworks = 127.0.0.0/8, 192.168.200.105, 192.168.200.0/24

Again, I'm being anal here, but the 192.168.200.0/24 covers the .105 address. So its not needed.

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

Why is the relay_recipient_maps commented? Without this parameter, I do not see how postfix will know if a valid mailbox (recipient) exists on the exchange server. In short, postfix is going to relay any e-mail address for your domain ($relay_domains) to your exchange server. If the mailbox does not exist on exchange, then exchange will generate a DSN back to (99% of the time) a non-existant recipient. i.e. Dictionary attacks, which can clog up your exchange queues.

FWIW: I set the relay_recipient_maps to perform an LDAP query against exchange to verify the recipients mailbox actually exists. If it doesn't exist, postfix simply rejects the inbound e-mail at the envelope layer of the delivery process. i.e. It doesn't even read the DATA portion of the e-mail or even scan it for spam/virus.

If you are not comfortable with LDAP queries, then at least add every "valid" recipient in a file referenced by the relay_recipient_maps option. i.e.

In main.cf
relay_recipient_maps = hash:/etc/postfix/relay_recipients

In /etc/postfix/relay_recipients:TRANSPORT File
.fddisystems.com smtp:[192.168.200.105]:25


Hopefully, the above is a type-o. Based on my understanding of your post, the transport map should contain example.com. BTW: I do not list the .domain in my transport map. I only want to accept e-mail for steve@example.com, not steve@a.example.com
 
Old 09-20-2007, 04:37 AM   #3
Boondock
LQ Newbie
 
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
Know this is a little late, but maybe others like myself find this post via google.

I had the same problem, and reloading postfix didn't work. But when i did postmap transport, it worked =)
____________________________________
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and
tequila." -Mitch Ratliffe
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix - Relay Access Denied Issues clickster Linux - Software 0 10-12-2005 02:06 PM
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 07:15 PM
Postfix and Relay access denied jamiguel77 Linux - Software 3 03-12-2005 10:53 AM
Postfix error - Recipient address rejected: Relay access denied robbiemorgan Linux - Newbie 1 10-01-2004 03:57 AM
postfix: Relay access denied SolidSnake Linux - Networking 4 02-20-2004 09:05 PM


All times are GMT -5. The time now is 05:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration