LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Postfix Relay Access Denied (https://www.linuxquestions.org/questions/linux-networking-3/postfix-relay-access-denied-356286/)

dwpondscum 08-23-2005 05:17 PM
Postfix Relay Access Denied
 
Currently I have an older machine running FC4 with vsftpd, apache, and postfix. I am trying to set up a newer machine to replace it. I have setup vsftpd and apache alright. However, there are problems with postfix.

The Internet comes in through the router to postfix 192.168.200.99 and then is to be relayed to MS Exchange @ 192.168.200.105 (long story on the setup and exchange!) Each user then accesses their mail by Exchange.

Currently I have the old machine up and running. It will relay the domain to the Exchange box. What I do not understand is that both machines have the SAME following configuration, but the new machine will not relay. Both machines have the same IP address 192.168.200.99. I obviously unplug one temp while trying the other.

When I send an email from familynet.net to example.com I get the following error on the new maching.
NOQUEUE: reject: RCPT from courier.familynet.net :554 <address@example.com> Relay Access Denied from= <name@familynet.net> to=<address@example.com> proto=ESMTP helo=<couier.familynet.net>

MAIN.CF File
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, 192.168.200.105
mynetworks = 127.0.0.0/8, 192.168.200.105, 192.168.200.0/24

relay_domains = example.com
#relayhost = [192.168.200.105]:25
relayhost =
local_recipient_maps =
transport_maps = hash:/etc/postfix/transport

#relay_recipient_maps = hash:/etc/postfix/relay_recipients


queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mail_spool_directory = /var/spool/mail
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

TRANSPORT File
.fddisystems.com smtp:[192.168.200.105]:25


What am I not seeing? Many thanks!!

scowles 08-23-2005 08:27 PM
I front-end an exchange server using postfix, so I have a very similar setup at this end. A couple of things I noticed...

mydestination = $myhostname, localhost.$mydomain, localhost, 192.168.200.105

I'm being anal here, but if your domain name is being relayed to exchange, why is the ip address of the exchange box listed in my destination? This shouldn't cause a problem, but it doesn't make any since.

mynetworks = 127.0.0.0/8, 192.168.200.105, 192.168.200.0/24

Again, I'm being anal here, but the 192.168.200.0/24 covers the .105 address. So its not needed.

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

Why is the relay_recipient_maps commented? Without this parameter, I do not see how postfix will know if a valid mailbox (recipient) exists on the exchange server. In short, postfix is going to relay any e-mail address for your domain ($relay_domains) to your exchange server. If the mailbox does not exist on exchange, then exchange will generate a DSN back to (99% of the time) a non-existant recipient. i.e. Dictionary attacks, which can clog up your exchange queues.

FWIW: I set the relay_recipient_maps to perform an LDAP query against exchange to verify the recipients mailbox actually exists. If it doesn't exist, postfix simply rejects the inbound e-mail at the envelope layer of the delivery process. i.e. It doesn't even read the DATA portion of the e-mail or even scan it for spam/virus.

If you are not comfortable with LDAP queries, then at least add every "valid" recipient in a file referenced by the relay_recipient_maps option. i.e.

In main.cf
relay_recipient_maps = hash:/etc/postfix/relay_recipients

In /etc/postfix/relay_recipients:
Code:
abuse@example.com                    OK
scowles@example.com                  OK
postmaster@example.com              OK
etc...
TRANSPORT File
.fddisystems.com smtp:[192.168.200.105]:25

Hopefully, the above is a type-o. Based on my understanding of your post, the transport map should contain example.com. BTW: I do not list the .domain in my transport map. I only want to accept e-mail for steve@example.com, not steve@a.example.com

Boondock 09-20-2007 04:37 AM
Know this is a little late, but maybe others like myself find this post via google.

I had the same problem, and reloading postfix didn't work. But when i did postmap transport, it worked =)
____________________________________
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and
tequila." -Mitch Ratliffe


All times are GMT -5. The time now is 02:51 PM.