LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix: Relay access denied (https://www.linuxquestions.org/questions/linux-server-73/postfix-relay-access-denied-593555/)

TheZodiac 10-21-2007 09:04 PM
Postfix: Relay access denied
 
Hi all,

Sorry to be posting again in such a short amount of time, but I'm trying to solve a Postfix problem. It relates to my new installation of ispCP, a web hosting control panel.

For some odd reason, I cannot send mail to my server and have it accepted and queued. It simply spits out errors saying, "smtp; 5.1.0 - Unknown address error 554-'<>: Relay access denied' (delivery attempts: 0)". I was looking over the Postfix documentation and it says you can resolve this with a "virtual_alias_domains" or "virtual_mailbox_domains" directive. I have a "virtual_mailbox_domains" directive in my config and it still gives me errors.

Here is my "main.cf" file:
Code:
#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory  = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces  = all
mynetworks_style = host

myhostname = xetaspace.net
mydomain  = xetaspace.net.local
myorigin  = $mydomain

smtpd_banner = $myhostname ISPCP 1.0 Priamos Managed ESMTP 1.0.0 RC3 OMEGA
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination      = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin  = yes
local_transport    = local
virtual_transport  = virtual
transport_maps      = hash:/etc/postfix/ispcp/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail

# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 0
mailbox_command    = procmail -a "$EXTENSION"

biff = no

alias_database                    = hash:/etc/aliases

local_destination_recipient_limit = 1
local_recipient_maps              = unix:passwd.byname $alias_database

#
# ISPCP Autoresponder parameters;
#

ispcp-arpl_destination_recipient_limit = 1

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base    = /var/mail/virtual
virtual_mailbox_limit  = 0

virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps    = hash:/etc/postfix/ispcp/mailboxes

virtual_alias_maps      = hash:/etc/postfix/ispcp/aliases

virtual_minimum_uid    = 2887
virtual_uid_maps        = static:2887
virtual_gid_maps        = static:8

#
# SASL paramters;
#

smtpd_sasl_auth_enable      = yes
smtpd_sasl2_auth_enable      = yes
smtpd_sasl_security_options  = noanonymous
smtpd_sasl_local_domain      =
broken_sasl_auth_clients    = yes
smtpd_sender_restrictions    = permit_mynetworks,
                              permit_sasl_authenticated,
                              reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
                              permit_sasl_authenticated,
                              reject_unauth_destination
                              check_policy_service inet:127.0.0.1:60000
Any ideas on what to do to fix this?

Thanks very much! You guys are awesome and helpful!

--Todd

wolfperkins 10-22-2007 08:24 AM
I run postfix and have a line in main.cf that reads:

mynetworks = 192.168.1.0/24, 127.0.0.0/8

That covers every host on my subnet and allows me to relay from internal hosts only.

TheZodiac 10-22-2007 07:29 PM
I tried that but I figured out that adding a "relay_domains" directive makes it go away. But now it says, "mail for xetaspace.net loops back to myself". How can I fix this? My "relay_domains" variable contains "xetaspace.net" and nothing else.

TheZodiac 10-23-2007 08:28 PM
I was skimming over the Postfix docs and it says you can disable relaying with "virtual_mailbox_domains" or "virtual_alias_domains". I have "virtual_mailbox_domains" in my config but why is Postfix still attempting to relay all mail? Is there a way to disable it completely?

wolfperkins 10-24-2007 10:23 AM
Here is what my config looks like. With this I can relay through all hosts on my internal LAN and exclude any mail relaying attemps from the outside:

Code:
queue_directory = /opt/postfix/var/spool
command_directory = /opt/postfix/sbin
daemon_directory = /opt/postfix/libexec
mail_owner = postfix
myhostname = <MAIL SERVER FQDN>
mydomain = <MAIL SERVER DOMAIN>
myorigin = $mydomain
mydestination = <MAIL SERVER FQDN>, <MAIL SERVER DOMAIN>
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.1.0/24, 127.0.0.0/8
alias_maps = dbm:/etc/mail/aliases
canonical_maps = hash:/etc/postfix/canonical
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /opt/postfix/sbin/sendmail
newaliases_path = /opt/postfix/bin/newaliases
mailq_path = /opt/postfix/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /opt/postfix/man
sample_directory = /opt/postfix/etc
readme_directory = no
smtpd_recipient_restrictions =
  reject_non_fqdn_sender
  reject_unknown_sender_domain
  reject_unknown_recipient_domain
  permit_sasl_authenticated
  permit_mynetworks
  reject_non_fqdn_recipient
  reject_multi_recipient_bounce
  reject_unauth_destination
  reject_non_fqdn_hostname
  reject_invalid_hostname
  reject_rbl_client sbl.spamhaus.org
  reject_rbl_client bl.spamcop.net
  reject_rhsbl_sender dsn.rfc-ignorant.org
  reject_unverified_sender
  permit
smtpd_helo_required = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem
smtpd_tls_cert_file = /etc/postfix/certs/postfix_mydomain.crt
smtpd_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous


All times are GMT -5. The time now is 06:07 PM.