0
I am configuring Postfix as an SMTP server for our organization so that we can use it to send mail from various applications on site that go over our G Suite hosted mail sending limits. (10,000 mails/day)
However, I am having an issue with it actually passing mail. I only want Postfix to send mail outside of our domain. I don't want local inboxes. I configured it as follows:
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mailrelay.domain
mydomain = domain
myorigin = $mydomain
mydestination =
mynetworks =
relayhost =
inet_interfaces = all
inet_protocols = all
From sparse reading of the Postfix manual and some articles I came with the conclusion that I keep mydestination blank because there should be no local domains to be delivered to and mynetworks blank because I want it to deliver mail from any host I point to it. However, I get the error below when I try to send mail claiming "Relay access denied:"
Dec 30 13:34:41 mailrelay postfix/smtpd[2057]: connect from localhost[::1]
Dec 30 13:35:06 mailrelay postfix/smtpd[2057]: NOQUEUE: reject: RCPT from localhost[::1]: 454 4.7.1 <test@test.com>: Relay access denied; from=<test@domain> to=<test@test.com> proto=SMTP
Dec 30 13:37:28 mailrelay postfix/smtpd[2057]: lost connection after RCPT from localhost[::1]
Dec 30 13:37:28 mailrelay postfix/smtpd[2057]: disconnect from localhost[::1] mail=1/2 rcpt=0/1 commands=1/3
Is this because I set mynetworks to blank? So it's trying to "relay" mail now? And now the smtpd_relay_restrictions is preventing it?
I want any mail sent to this SMTP server to be sent directly to the destination. After researching this I discovered I needed to enable SASL authentication so that non-local hosts could authenticate with a username/password combination to send mail. Is this the correct configuration? Am I understanding the error above correctly? What are my next steps?
zsheppard
Posted 2017-12-30T19:49:08.837
Reputation: 1
I believe you are correct, the
– Pimp Juice IT – 2017-12-30T20:23:43.917mynetworksis "The list of "trusted" remote SMTP clients that have more privileges than "strangers." and thus it being blank there are no trusted machines so it looks at the relay next and you also do not allow specific IP addresses, etc. to relay then access would be denied there as well. If you have many clients in a specific subnet then add those as "*Trusted*" since you want them to send per that mynetworks config option if that's what you are trying to accomplish.So if you want the clients to be able to send email using this server without authenticating, then you likely will need to tell if what subnet IP addresses or hosts to trust or otherwise allow as relays perhaps. – Pimp Juice IT – 2017-12-30T20:27:14.710