Postfix "Relay access denied" cant send to other domain

Proxx · 01-11-2008, 04:00 AM

Hi there,

i have a problem with my Postfix configuration.
and i cant figure it out.

if have installed Fetchmail,Postfix,spamassassin,dovecot on my server.
and i can send and receive mail from local clients in the network
(everything withe @example.com)

but if im tying to send a mail to ...@domain.com my server starts complaining about "Relay access denied"

main.cf

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

myorigin = /etc/mailname
mydestination = example.com, localhost
mydomain = example.com
myhostname = example.com
mynetworks = example.com

mailbox_size_limit = 0
recipient_delimiter = +
empty_address_recipient = administrator@example.com
mailbox_command = /usr/bin/procmail -f- -a $USER
maximal_queue_lifetime = 1d
queue_run_delay = 30s
bounce_notice_recipient = administrator@example.com
fallback_relay = 
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces reject_unauth_destination

master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
	-o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache	  unix	-	-	-	-	1	scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#

#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#

ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

postconf -n

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
bounce_notice_recipient = administrator@example.com
config_directory = /etc/postfix
empty_address_recipient = administrator@example.com
mailbox_command = /usr/bin/procmail -f- -a $USER
mailbox_size_limit = 0
maximal_queue_lifetime = 1d
mydestination = example.com, localhost
mydomain = example.com
myhostname = example.com
mynetworks = example.com
myorigin = /etc/mailname
queue_run_delay = 30s
recipient_delimiter = +
relay_domains = $mydestination
relayhost = [post.demon.nl]
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces reject_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
administrator@LiSe:/etc$

ive bin to lots of sites and googled it up.
but now im really stuck

Thanx in advance, Marco (Proxx)

rupertwh · 01-11-2008, 04:53 AM

Hi,

you are missing 'smtpd_client_restrictions'. E.g.

Code:

smtpd_client_restrictions = permit_mynetworks

will allow relaying for users in $mynetworks.

EDIT: Actually, that might not be necessary. I just see that you set 'mynetworks' to your domain name instead of your network. Fix that first.

marozsas · 01-11-2008, 05:49 AM

This host post.demon.nl accept plain connections from your machine ?
I don't have a similar setup here (my server send e-mails directly) but when you use a ISP to relay e-mail, is common to only accept authenticated connections.

If it is your case, you have to put a user and a password your ISP gave to you in file "/etc/postfix/sasl_passwd" and create a binary map for it (/etc/postfix/sasl_passwd.db) and setup postfix to use this.

Code:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

May be anyone with a similar setup like yours could provide more precise information....

gani · 01-11-2008, 06:13 AM

Try first to change your mynetworks parameter as shown.

mynetworks = 127.0.0.0/8, 192.168.x.y/24

So that permit_mynetworks in your smtpd_recipient_restrictions would translate to these network blocks and your local network including other related smtp services running @127.0.0.1 could relay through it.

Are you authorized to relay through post.demon.nl? Is this your ISP? You are using this relay through relayhost parameter.

Just try to make this empty by commenting it out.

#relayhost = [post.demon.nl]

By disabling this parameter, your mail host would simply relay directly to the SMTP server that accepts messages for the domain that you are sending mail to.

Also make sure that you are using a registered domain with your public IP assigned to it with its MX host defined through your DNS host servers since if not, mail servers would simply reject you.

As a suggestion, myhostname must be your box's fully qualified host name like mail.example.com.

myhostname = mail.example.com

Restart now your postfix and test it again.

----------
GANI

Proxx · 01-11-2008, 06:33 AM

Wow Wow, Nice 3 reply's

First i thank you all for your Reply!

now im going to read them

din't tell you at first but this is the first time i have tried to set up a mail server maybe thats why my config is crappy

...
Thanx thanx

Proxx · 01-11-2008, 06:36 AM

Quote:

Originally Posted by gani

mynetworks = 127.0.0.0/8, 192.168.x.y/24

192.168.0.0/24 this will accept all messages from ip-range 192.168.0.1 to 192.168.0.254 ?
if not im still going to try it.

--------------------------------------------------------------
Thanx for the help men. i have applied the changes and it seems to works

Many Many thanx!

Proxx · 01-11-2008, 09:10 AM

Topic Closed!!!