LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   postfix: Relay access denied (http://www.linuxquestions.org/questions/linux-server-73/postfix-relay-access-denied-607827/)

gabsik 12-19-2007 05:45 AM

postfix: Relay access denied
 
I'm running postfix and courier-pop-ssl on a debian etch 2.6.18 .I have a dynamic ip and a dyndns.org domain name.
Mails get rejected with a Relay access denied and that's what logs say:

Code:

Dec 19 12:29:39 localhost postfix/smtpd[3840]: connect from py-out-1112.google.com[64.233.166.178]
Dec 19 12:29:40 localhost postfix/smtpd[3840]: NOQUEUE: reject: RCPT from py-out-1112.google.com[64.233.166.178]: 554 5.7.1 <admin@gabrix.ath.cx>: Relay access denied; from=<admin@gmail.com> to=<admin@gabrix.ath.cx> proto=ESMTP helo=<py-out-1112.google.com>
Dec 19 12:29:40 localhost postfix/smtpd[3840]: disconnect from py-out-1112.google.com[64.233.166.178]

and also a # postconf -n :

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 6
debug_peer_list = $mydomain
default_privs = nobody
delay_warning_time = 4h
disable_dns_lookups = yes
home_mailbox = Maildir/
inet_interfaces = all
mail_owner = postfix
mailbox_command =
mailbox_size_limit = 0
mydestination = mail.$mydomain , argo.$mydomain, ns1.$mydomain, localhost, localhost.localdomain, localhost
mydomain = gabrix.ath.cx
myhostname = mail.gabrix.ath.cx
mynetworks = 10.0.0.0/24,127.0.0.0/8
mynetworks_style = subnet
myorigin = /etc/mailname
queue_directory = /var/mail
recipient_delimiter = +
relayhost = [gmail-smtp.l.google.com]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/mailcert.pem
smtp_tls_key_file = /etc/postfix/mailkey.pem
smtp_tls_note_starttls_offer = no
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_error_sleep_time = 1s
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/mailcert.pem
smtpd_tls_key_file = /etc/postfix/mailkey.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

I'm also going to configure an anonymous remailer so i wouldn't set too strict rules about relaying mail through my mail server and offcourse i wouldn't be an openrelay for the bloody spam ... i did it before and i don't know why it's not working this time . Anything else you need to know just ask , thanks !!!!

farslayer 12-19-2007 08:19 AM

is Google your ISP ? If not, then why would they allow you to relay mail off their server without knowing who you are ?

you need to use the Mail server of YOUR isp as a relayhost, not googles mail server. Your ISP will know who you are because your public IP address will be from their IP Address pool.. Typically that is all the authentication they need.

Berhanie 12-19-2007 09:40 AM

It looks like you just need to add $mydomain to mydestination.

gabsik 12-19-2007 10:36 AM

Google is not my isp ( ... it's a search engine ... ) and i always used it sucessfully as a relayhost .

pengaru 12-19-2007 08:16 PM

Quote:

Originally Posted by gabsik (Post 2995879)
Google is not my isp ( ... it's a search engine ... ) and i always used it sucessfully as a relayhost .


google runs open relays? :scratch:

farslayer 12-19-2007 09:40 PM

That is what I was thinking at first, but it looks as though he's authenticating against the Google mail server with his gmail account information.

so I would check the /etc/postfix/sasl_passwd file make sure the authentication info is correct, and then verify postmap was run against it and try again...

http://linuxgazette.net/115/chirico1.html

gabsik 12-20-2007 01:16 AM

Thanks farslayer your link was helpfull , my mail server is working now i can relay mail to my gmail account and everything else is working as expected , cheers !!!!

Berhanie 12-20-2007 04:10 AM

I think people have misunderstood the logs. It's gabsik's mailserver that rejected google, not the other way around. postfix rejected mail to admin@$mydomain because $mydomain wasn't listed under mydestination.


All times are GMT -5. The time now is 11:04 AM.