LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix Relay access denied (https://www.linuxquestions.org/questions/linux-server-73/postfix-relay-access-denied-4175603609/)

Vernicronz 04-10-2017 11:09 PM

Postfix Relay access denied
 
Hi All ,

Recently i have built 2 servers with ubuntu 16.04 - one as main postfix and another as another app server (nginx). Whenever i set the postfix server to the nginx server as a relay host - i can't seem to send mails out. I am getting relay access denied error. Kindly advise.. Thanks.

Postfix server main.cf (local IP : 172.31.25.243)
===================================
Code:

root@chatpostfix:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
default_process_limit = 100
disable_dns_lookups = yes
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = $myhostname, chatpostfix.xxxxx, localhost, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.31.0.0/20
readme_directory = no
recipient_delimiter = +
relayhost = xxxxx
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
root@chatpostfix:/etc/postfix#


Nginx server main.cf (local IP : 172.31.25.241)
=================================

Code:

root@chatnginx:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = $myhostname, chatnginx.xxxxx, localhost, localhost.localdomain, localhost
myhostname = localhost.xxxxx
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.31.0.0/20
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = 172.31.12.243
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


Mail.log errors in postfix server
=======================
Code:

Apr 11 12:04:51 localhost postfix/smtpd[7156]: connect from ip-172-31-25-241.xxxxx[172.31.25.241]
Apr 11 12:04:51 localhost postfix/smtpd[7156]: NOQUEUE: reject: RCPT from ip-172-31-25-241.xxxx[172.31.25.241]: 454 4.7.1 <xcodehawk@gmail.com>: Relay access denied; from=<root@localhost> to=<xcodehawk@gmail.com> proto=ESMTP helo=<localhost.xxxx>
Apr 11 12:04:51 localhost postfix/smtpd[7156]: disconnect from ip-172-31-25-241.xxxx[172.31.25.241] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6


Mail.log errors in nginx server
=======================
Code:

Apr 11 12:07:02 localhost postfix/pickup[20854]: E64BE61A33: uid=0 from=<root@localhost>
Apr 11 12:07:02 localhost postfix/cleanup[20971]: E64BE61A33: message-id=<20170411040702.E64BE61A33@localhost.xxxxx>
Apr 11 12:07:02 localhost postfix/qmgr[20856]: E64BE61A33: from=<root@localhost>, size=392, nrcpt=1 (queue active)
Apr 11 12:07:02 localhost postfix/smtp[20951]: E64BE61A33: to=<xcodehawk@gmail.com>, relay=172.31.12.243[172.31.12.243]:25, delay=0.01, delays=0.01/0/0/0, dsn=4.7.1, status=deferred (host 172.31.12.243[172.31.12.243] said: 454 4.7.1 <xcodehawk@gmail.com>: Relay access denied (in reply to RCPT TO command))


descendant_command 04-11-2017 01:07 AM

Quote:

Code:

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination


Looks like you are missing some comma's (,) between the elements.

Vernicronz 04-13-2017 03:50 AM

Hi ,

Thanks for the advice. I have done as said , but still getting the issue .
Code:

root@chatpostfix:/etc/postfix# postconf -n|egrep 'smtpd_recipient_restrictions|smtpd_relay_restrictions'
smtpd_recipient_restrictions = permit_sasl_authenticated , permit_mynetworks , reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks , permit_sasl_authenticated , defer_unauth_destination


descendant_command 04-13-2017 04:51 AM

OK, so it's working as you've designed it. :)

Your nginx server is not authenticating, is not in your 'mynetworks' and is not sending to a local address, so is rejected.

Vernicronz 04-25-2017 01:43 AM

hi descendant_command ,

yes , your suggestion worked . thanks so much :)

wondering how i hv missed it ...damn


All times are GMT -5. The time now is 01:36 AM.