Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 10-19-2011, 08:11 PM   #1
Registered: Oct 2011
Posts: 31

Rep: Reputation: Disabled
postfix + dovecot + TLS: can't relay for authenticated user

Hi there,

I'm hoping someone here may be able to help me. I'm running a recently configured server with...

Scientific Linux 6.1
Dovecot 2.0.9
Postfix 2.6.6
Roundcubemail 0.5.4

Overall mail delivery works fine, and Dovecot and Alpine can send (using a relayhost of my ISP, Comcast). The main thing I am trying to do now is to permit authentication on port 587 so that someone out and about (say, with an iPod w/wifi) can send through this server. The authentication works (I tested it by entering an incorrect password) but no matter what I do, it won't relay mail for offsite addresses. I get the error:

Oct 19 19:58:50 myserver postfix/smtpd[23591]: NOQUEUE: reject: RCPT from unknown[]: 450 4.1.2 <>: Recipient address rejected: Domain not found; from=<> to=<> proto=ESMTP helo=<[]>

The authenticated client can send to an address that is local to myserver, but not to one offsite.

The non-comments of postfix's are listed below. I've also tried it with a pared down smtpd_recipient_restrictions section but that did not help. Can anyone assist? Thanks in advance!!

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces =, (mypublicIP)
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
relayhost =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = -

debug_peer_level = 2
debugger_command =
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
message_size_limit = 10240000
mailbox_size_limit = 0
connection_cache_status_update_time = 7200
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/myserver.crt
smtpd_tls_key_file = /etc/pki/tls/certs/myserver.key
virtual_alias_domains =,
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_recipient_restrictions =
check_client_access cidr:/etc/postfix/sinokorea.cidr
check_sender_access hash:/etc/postfix/restricted_senders
check_recipient_access hash:/etc/postfix/recipient_access
Old 10-19-2011, 08:39 PM   #2
Registered: Oct 2011
Posts: 31

Original Poster
Rep: Reputation: Disabled
In case this helps...
On a whim I tried explicitly setting the mynetworks =
since I use this internal IP address block for my network. The relay still would not work. This makes me think that my postfix isn't relaying at all, but I'm not sure what would cause this.
Old 10-19-2011, 08:50 PM   #3
Registered: Oct 2011
Posts: 31

Original Poster
Rep: Reputation: Disabled
Something that seems really odd...
The code for relay denied should be 550 or similar. However:

# postconf | grep 450
access_map_defer_code = 450
defer_code = 450
plaintext_reject_code = 450
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 450
unverified_sender_defer_code = 450
unverified_sender_reject_code = 450

This implies to me that it's treating these mails as local instead of remote. However, still not sure why it would do that.
Old 10-19-2011, 09:14 PM   #4
Registered: Oct 2011
Posts: 31

Original Poster
Rep: Reputation: Disabled
I think I got it working, but I'm not sure why this was needed...

A google search result suggested having a copy of /etc/resolv.conf in /var/spool/postfix/etc. I tried that and it seems to work!

Only I have no idea why. I love to understand things... so any insight into this is still appreciated.
Old 10-19-2011, 11:25 PM   #5
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 342

Rep: Reputation: 59
I believe it may have something to do with reverse lookups. If the originator can not be validated, it will be rejected. This is a mechanism to avoid spam : someone claiming to be from "" but their reverse DNS lookup says "".

Having resolv.conf handy, it looks there first, then goes upstream to resolve the reverse DNS.

My terminology may be a little off, but that is the idea.

Ciao !


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] TLS / SASL authentication, dovecot and postfix - does this config look correct? TonyAR Linux - Server 2 10-14-2010 12:40 PM
Prevent spoofing from authenticated dovecot+postfix+sasl+postgre kiswono Linux - Security 1 06-22-2009 09:12 PM
postfix: only accept relay mail from authenticated users eantoranz Linux - Server 3 10-04-2008 05:02 AM
Postfix to relay through my ISPs SMTP with no tls problem icebrian Linux - Software 10 01-18-2007 07:45 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:10 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration