Postfix Relay Access Denied
Currently I have an older machine running FC4 with vsftpd, apache, and postfix. I am trying to set up a newer machine to replace it. I have setup vsftpd and apache alright. However, there are problems with postfix.
The Internet comes in through the router to postfix 192.168.200.99 and then is to be relayed to MS Exchange @ 192.168.200.105 (long story on the setup and exchange!) Each user then accesses their mail by Exchange. Currently I have the old machine up and running. It will relay the domain to the Exchange box. What I do not understand is that both machines have the SAME following configuration, but the new machine will not relay. Both machines have the same IP address 192.168.200.99. I obviously unplug one temp while trying the other. When I send an email from familynet.net to example.com I get the following error on the new maching. NOQUEUE: reject: RCPT from courier.familynet.net :554 <address@example.com> Relay Access Denied from= <name@familynet.net> to=<address@example.com> proto=ESMTP helo=<couier.familynet.net> MAIN.CF File mydomain = example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, 192.168.200.105 mynetworks = 127.0.0.0/8, 192.168.200.105, 192.168.200.0/24 relay_domains = example.com #relayhost = [192.168.200.105]:25 relayhost = local_recipient_maps = transport_maps = hash:/etc/postfix/transport #relay_recipient_maps = hash:/etc/postfix/relay_recipients queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix mail_spool_directory = /var/spool/mail unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.2.2/samples readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES TRANSPORT File .fddisystems.com smtp:[192.168.200.105]:25 What am I not seeing? Many thanks!! |
I front-end an exchange server using postfix, so I have a very similar setup at this end. A couple of things I noticed...
mydestination = $myhostname, localhost.$mydomain, localhost, 192.168.200.105 I'm being anal here, but if your domain name is being relayed to exchange, why is the ip address of the exchange box listed in my destination? This shouldn't cause a problem, but it doesn't make any since. mynetworks = 127.0.0.0/8, 192.168.200.105, 192.168.200.0/24 Again, I'm being anal here, but the 192.168.200.0/24 covers the .105 address. So its not needed. #relay_recipient_maps = hash:/etc/postfix/relay_recipients Why is the relay_recipient_maps commented? Without this parameter, I do not see how postfix will know if a valid mailbox (recipient) exists on the exchange server. In short, postfix is going to relay any e-mail address for your domain ($relay_domains) to your exchange server. If the mailbox does not exist on exchange, then exchange will generate a DSN back to (99% of the time) a non-existant recipient. i.e. Dictionary attacks, which can clog up your exchange queues. FWIW: I set the relay_recipient_maps to perform an LDAP query against exchange to verify the recipients mailbox actually exists. If it doesn't exist, postfix simply rejects the inbound e-mail at the envelope layer of the delivery process. i.e. It doesn't even read the DATA portion of the e-mail or even scan it for spam/virus. If you are not comfortable with LDAP queries, then at least add every "valid" recipient in a file referenced by the relay_recipient_maps option. i.e. In main.cf relay_recipient_maps = hash:/etc/postfix/relay_recipients In /etc/postfix/relay_recipients:TRANSPORT File .fddisystems.com smtp:[192.168.200.105]:25 Hopefully, the above is a type-o. Based on my understanding of your post, the transport map should contain example.com. BTW: I do not list the .domain in my transport map. I only want to accept e-mail for steve@example.com, not steve@a.example.com |
Know this is a little late, but maybe others like myself find this post via google.
I had the same problem, and reloading postfix didn't work. But when i did postmap transport, it worked =) ____________________________________ "A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila." -Mitch Ratliffe |
All times are GMT -5. The time now is 02:51 PM. |