LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-31-2016, 10:45 AM   #1
herkalurk
Member
 
Registered: Oct 2012
Location: Portland
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 32

Rep: Reputation: 2
Help with postfix mail relay


I have a VPS in the cloud running sendmail currently. It's job is to be the public MX for my domain, it receives and sends all email from my domain to the world via esmtp direct to the recipients MX server. Received mail for my domain gets forwarded on a non standard port to my home server for storage. Basically the whole point of this server is mail relay. I have the settings working well with sendmail. I'm keeping out the rif raf, all while allowing my domain to send mail as I please. I thought I had postfix setup properly based on the docs to replicate the settings but I can't get it to work.
  • I can send an email from the local VPS to my domain, and it will get delivered
  • I CANNOT send an email from my local VPS to google
  • I CANNOT send an email from the remote email server(storing email home server) to google
  • Google cannot send an email to my domain successfully

I'm attaching my configs, minus hostnames and IPs removed. Please let me know if this is the wrong forum to post in, or if you can point me in the right direction.

/etc/postfix/main.cf
Code:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = localhost, 198.46.xxx.xxx, 198.46.xxx.xxx
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.1/32
relay_domains = domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
transport_maps = hash:/etc/postfix/transport
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, permit_mynetworks, reject
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net
smtpd_relay_restrictions = permit_mynetworks
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit
/etc/postfix/access
Code:
alkain.com                         DISCARD
cablevision.net.mx                 DISCARD
cantv.net                          DISCARD
coppermail-usa.com                 DISCARD
esab.co.uk                         DISCARD
fbclouderfb.com                    DISCARD
kalyanimotors.com                  DISCARD
midialocal.com.br                  DISCARD
orange.fr                          DISCARD
qlink.queensu.ca                   DISCARD
spdop.ru                           DISCARD
slsenterprise.com                  DISCARD
speedy.com.ar                      DISCARD
static.vnpt.vn                     DISCARD
tin.it                             DISCARD
vtr.net                            DISCARD
wanadoo.fr                         DISCARD
xdpromos.com                       DISCARD
68.228.xxx.xx                      OK
localhost.localdomain              OK
127.0.0.1                          OK
domain.com                         OK
/etc/postfix/recipient_access
Code:
2z9yi3cdccr07z8zeu7s@domain.com   DISCARD
5jlxDZCt2vozd7CxJpZ1@domain.com   DISCARD
8dk3@domain.com                   DISCARD
8ei3@domain.com                   DISCARD
9227k1yq2B4zukd9URIi@domain.com   DISCARD
9p7fsuzci88zg86obbab@domain.com   DISCARD
ads@domain.com                    DISCARD
asdfasdfasdfessdf@domain.com      DISCARD
city@domain.com                   DISCARD
ding@domain.com                   DISCARD
dolke@domain.com                  DISCARD
f5fwsb6207igpcvbradl@domain.com   DISCARD
flash@domain.com                  DISCARD
fre@domain.com                    DISCARD
fred@domain.com                   DISCARD
freed@domain.com                  DISCARD
gkfdo7xexye7dyez0mms@domain.com   DISCARD
hope@domain.com                   DISCARD
hrvczyw2778ryetkaizc@domain.com   DISCARD
kln@domain.com                    DISCARD
lsidi@domain.com                  DISCARD
ocho@domain.com                   DISCARD
pujsdvponesnykdgiepe@domain.com   DISCARD
roulette@domain.com               DISCARD
s8i3ks8s893k@domain.com           DISCARD
sadfesdf93ks93@domain.com         DISCARD
skeiksi@domain.com                DISCARD
smsqscnxpxefuozs4wpn@domain.com   DISCARD
steve@domain.com                  DISCARD
domain.com                           OK
/etc/postfix/sender_access
Code:
CANON@domain.com                DISCARD
canon211847@domain.com          DISCARD
copier@domain.com               DISCARD
CreditControl@domain.com        DISCARD
document@domain.com             DISCARD
Kopierer@domain.com             DISCARD
Leonie6353@domain.com           DISCARD
nadiam1pa@domain.com            DISCARD
qwer8@domain.com                DISCARD
scanner@domain.com              DISCARD
voicemail@domain.com            DISCARD
xerox@domain.com                DISCARD
Tess.Chao15@msn.com                DISCARD
seminars@info.ve10.com             DISCARD
email2jbala@gmail.com              DISCARD
serv-a@mail.ru                     DISCARD
domain.com                         OK
/etc/postfix/transport
Code:
domain.com     smtp:mail.domain.com:143

Last edited by herkalurk; 10-31-2016 at 02:37 PM.
 
Old 11-02-2016, 06:42 PM   #2
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,323

Rep: Reputation: 100Reputation: 100
What do your smtp logs indicate? Is the traffic being received by your VHS smarthost from your local machine? From google? Does your mix record publicly resolve properly? Is your VHS IP or your registered domain on any black list? You van check at mxtoolbox. If you send and email from a Gmail account do you get an NDR back and if so what does it say? Same with sending mail out. The issue doesn't sound like a postfix configuration issue. I also didn't see anything glaringly wrong with your postfix config.
 
Old 11-02-2016, 09:30 PM   #3
herkalurk
Member
 
Registered: Oct 2012
Location: Portland
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 32

Original Poster
Rep: Reputation: 2
It's a postfix config issue for sure. I'm trying to migrate from a working sendmail setup. My MX/DNS records are good. Traffic is getting there, but it's always being denied(rejected).

You can see the reject here from google to my domain and from my homeserver trying to use the VPS to sendout

Code:
Oct 28 18:10:31 vps1 postfix/master[8771]: daemon started -- version 2.6.6, configuration /etc/postfix
Oct 28 18:10:46 vps1 postfix/smtpd[8843]: connect from mail-pf0-f174.google.com[209.85.192.174]
Oct 28 18:10:46 vps1 postfix/smtpd[8843]: NOQUEUE: reject: RCPT from mail-pf0-f174.google.com[209.85.192.174]: 554 5.7.1 <mail-pf0-f174.google.com[209.85.192.174]>: Client host rejected: Access denied; from=<user@gmail.com> to=<administrator@domain.com> proto=ESMTP helo=<mail-pf0-f174.google.com>
Oct 28 18:10:46 vps1 postfix/smtpd[8843]: disconnect from mail-pf0-f174.google.com[209.85.192.174]

Oct 28 18:17:35 vps1 postfix/smtpd[9382]: connect from domain.local[68.228.xxx.xxx]
Oct 28 18:17:35 vps1 postfix/trivial-rewrite[9384]: warning: do not list domain domain.com in BOTH virtual_alias_domains and relay_domains
Oct 28 18:17:35 vps1 postfix/smtpd[9382]: NOQUEUE: reject: RCPT from domain.local[68.228.xxx.xxx]: 554 5.7.1 <user@gmail.com>: Relay access denied; from=<administrator@domain.com> to=<herker@gmail.com> proto=SMTP helo=<mail.domain.com>
Oct 28 18:17:35 vps1 postfix/smtpd[9382]: disconnect from domain.local[68.228.xxx.xxx]
and here is a good send from localhost(the vps) to the mail server at my house

Code:
Oct 28 18:13:27 vps1 postfix/smtpd[9260]: connect from localhost.localdomain[127.0.0.1]
Oct 28 18:13:27 vps1 postfix/smtpd[9260]: EA8D7184110F: client=localhost.localdomain[127.0.0.1]
Oct 28 18:13:27 vps1 postfix/cleanup[9264]: EA8D7184110F: message-id=<201610282311.u9SNBeuI009155@vps1.domain.com>
Oct 28 18:13:27 vps1 postfix/smtpd[9260]: disconnect from localhost.localdomain[127.0.0.1]
Oct 28 18:13:27 vps1 postfix/qmgr[9258]: EA8D7184110F: from=<root@vps1.domain.com>, size=2639, nrcpt=1 (queue active)
Oct 28 18:13:28 vps1 postfix/cleanup[9264]: 03ED01841119: message-id=<201610282311.u9SNBeuI009155@vps1.domain.com>
Oct 28 18:13:28 vps1 postfix/qmgr[9258]: 03ED01841119: from=<root@vps1.domain.com>, size=2778, nrcpt=1 (queue active)
Oct 28 18:13:28 vps1 postfix/local[9265]: EA8D7184110F: to=<root@vps1.domain.com>, relay=local, delay=0.1, delays=0.06/0.03/0/0.02, dsn=2.0.0, status=sent (forwarded as 03ED01841119)
Oct 28 18:13:28 vps1 postfix/qmgr[9258]: EA8D7184110F: removed
Oct 28 18:13:28 vps1 postfix/smtp[9266]: 03ED01841119: to=<administrator@domain.com>, orig_to=<root@vps1.domain.com>, relay=mail.keagaming.com[68.228.xxx.xxx]:143, delay=0.67, delays=0/0.01/0.34/0.32, dsn=2.0.0, status=sent (250 Queued (0.078 seconds))
Oct 28 18:13:28 vps1 postfix/qmgr[9258]: 03ED01841119: removed

Last edited by herkalurk; 11-02-2016 at 09:32 PM.
 
Old 11-02-2016, 10:26 PM   #4
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,323

Rep: Reputation: 100Reputation: 100
For outbound mail to work I'd add your home public IP to the mynetworks, or better use authentication such as this https://blog.bravi.org/?p=1065 for the relay out. Not sure if that would resolve the inbound issue though. Do you have logs for the inbound?
 
Old 11-02-2016, 10:34 PM   #5
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,323

Rep: Reputation: 100Reputation: 100
Look over this, pretty sure this is where it is bunged up in the smtpd access restrictions. http://www.postfix.org/postconf.5.ht...y_restrictions
 
Old 11-03-2016, 12:16 AM   #6
herkalurk
Member
 
Registered: Oct 2012
Location: Portland
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 32

Original Poster
Rep: Reputation: 2
I updated my smtpd_relay_restrictions

Code:
smtpd_relay_restrictions = permit_mynetworks, permit relay_domains
Now I can send mail out from my accounts to any other(tested with 2 google accounts, and my work email which is a separate server), however, even after fiddling some more and adding "permit relay_domains" to smtpd_recipient_restrictions, I still can't receive mail.

Code:
Nov  3 00:10:38 vps1 postfix/smtpd[2176]: connect from mail-pf0-f172.google.com[209.85.192.172]
Nov  3 00:10:38 vps1 postfix/smtpd[2176]: NOQUEUE: reject: RCPT from mail-pf0-f172.google.com[209.85.192.172]: 554 5.7.1 <mail-pf0-f172.google.com[209.85.192.172]>: Client host rejected: Access denied; from=<user@gmail.com> to=<reply@domain.com> proto=ESMTP helo=<mail-pf0-f172.google.com>
Nov  3 00:10:38 vps1 postfix/smtpd[2176]: disconnect from mail-pf0-f172.google.com[209.85.192.172]
The fact it says "Client host rejected" makes me think it's in the smtpd_client_restrictions settings, but IDK which one....
 
Old 11-03-2016, 01:20 AM   #7
herkalurk
Member
 
Registered: Oct 2012
Location: Portland
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 32

Original Poster
Rep: Reputation: 2
After more screwing around, it appears I have the config correct, going to let it run over night and see if I run into any issues.

Code:
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, permit
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, permit_mynetworks, permit relay_domains, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit
I'm able to receive any email for my domain, except those listed as DISCARD in the recipient access list (/etc/postfix/recipient_access), only localhost and my home server IP are allowed to send or relay any address through, it's actually discarding emails from bad domains listed in (/etc/postfix/sender_access), and not allowing any user of my domain to send from another server (tested with a work computer)

Last edited by herkalurk; 11-03-2016 at 12:06 PM.
 
Old 11-14-2016, 10:48 AM   #8
herkalurk
Member
 
Registered: Oct 2012
Location: Portland
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 32

Original Poster
Rep: Reputation: 2
Finalized the config, had to slow down mail transmission but otherwise mostly the same, these are just the lines I've added to the main.cf

Code:
transport_maps = hash:/etc/postfix/transport
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, permit
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, permit_mynetworks, permit relay_domains, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit
default_destination_rate_delay = 5s
default_extra_recipient_limit = 5
 
  


Reply

Tags
centos6, postfix, sendmail


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why will postfix not relay my mail? afallison Linux - Server 2 01-06-2012 05:35 AM
Configure Postfix to relay mail to multiple internal mail servers w/different domains tristopherr Linux - Server 2 05-08-2011 06:23 AM
Postfix Mail server to relay mail for dynamic IP clients seventy-7 Linux - Server 2 01-28-2009 02:59 AM
Mail Relay in Postfix dougnc Linux - Software 14 08-01-2007 09:51 AM
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 07:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration