Why will postfix not relay my mail?
I'm trying to configure a centralized mailing configuration. The idea is to shovel all the mail through one postfix instance, then immediately relay it so it can "trickle down the pyramid" until it delivers.
So when a user sends an email, they always connect to the standard instance. From there it should relay to the "level 1" postfix instance (using round robin dns to rotate). If mail does not send using the "level 1" instance, it uses fallback_relay and relays the mail to the "level 2" host. Each level has different speeds and configurations for destination domains. One of our biggest delivery issues are with yahoo so this whole idea started with them. Level 1 may deliver 20/min to yahoo but level 2 may only be 10/min. To make it easy to pass mail to the next level, I configured round robin dns. Level 1 = mta-mx-1.outbound.com Level 2 = mta-mx-2.outbound.com Level 3 = mta-mx-3.outbound.com Level 4 = mta-mx-4.outbound.com Level 5 = mta-mx-5.outbound.com With all that said, here is my problem: When I relay mail, I get a relay access denied (554). I know it is because I have not set the ip in mynetworks and/or have not set the relay_domains. I was under the impression that as long as authentication passes between the 2 relaying servers, mail should send regardless of domain or where it came from, and as long as it's set in the main.cf using: Code:
smtpd_sender_restrictions = permit_mynetworks,permit_sasl_authenticated Code:
alias_database = hash:/etc/aliases Code:
alias_database = hash:/etc/aliases I'm trying to make it a one size fits all solution for my outbound mail. Even when mail fails to send it still has somewhere to go. My problem is relaying it without setting specific ip's or allowed domains. I think the best way I can describe what I'm trying to do is an authenticated open relay. Once postfix needs to relay, it authenticates with the next server and tried again. Any ideas or insight would be really helpful at this point. I've been messing with it for a few days now and I'm worried I'm missing something. Thanks. |
Quote:
Quote:
Probably the best you can do if you are running something like this: [CLIENT] --->>> SASL MTA1 ---->>> [ANOTHER MTA/SMARTHOST] is to set up [ANOTHER MTA/SMARTHOST] so it allows the IP of MTA 1 to relay through it. However, I would not call that a high security solution and it may not be without issues. |
On the outbound relay you have:
mynetworks = 168.100.189.0/28, 127.0.0.0/8 If you add the single IP of the master MTA to this, it should relay for it. However, be aware that anything on that box could then potentially relay out via it. Specific documentation: http://www.postfix.org/SMTPD_ACCESS_README.html#relay http://www.postfix.org/postconf.5.ht...t_restrictions That basically covers your options. |
All times are GMT -5. The time now is 09:27 PM. |