Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Postfix package - relay access denied

    Scheduled Pinned Locked Moved pfSense Packages
    9 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Der-Tim
      last edited by

      Hi there,

      I recently installed the postfix package and configured it in a real quick-and-dirty way.

      Just added the following configuration variables:

      • Listen Interfaces: loopback, LAN, OPT1 (NAT from external CARP-IP to localhost:25)
      • Custom main.cf: myhostname, smtp_helo_name (seem to be ignored totally)
      • Domains: 2 domains (domainA.tld, domainB.tld), both backed with the same mailserver IP
      • Recipients: tried it with nothing configured and manually configured in these ways => domainA.tld OK, domainB.tld OK, @domainA.tld OK, @domainB.tld OK, username@domainA.tld OK, username@domainB.tld OK
      • AccessLists: mynetworks (local network and one CIDR I can trust)
      • Antispam: Header Verification Basic

      But I always get an "relay access denied"-error.

      <snip>telnet aa.bb.cc.dd 25
      Trying aa.bb.cc.dd…
      Connected to aa.bb.cc.dd.
      Escape character is '^]'.
      220 <wrong hostname="">ESMTP Postfix
      helo host.domain.tld
      250 <wrong hostname="">mail from: user@domain.tld
      250 2.1.0 Ok
      rcpt to: username@domainA.tld
      554 5.7.1 username@domaina.tld: Relay access denied
      quit
      221 2.0.0 Bye
      Connection closed by foreign host.

      What am I doing wrong? Maybe I'm actually blind... ;-)

      Thanks for any advice.

      Best regards, Tim/username@domaina.tld</wrong></wrong></snip>

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Include your internal smtp servers on MyNetworks field at package Access List tab.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          Der-Tim
          last edited by

          Hi,

          thanks for your answer. That's what I already tried, but had no success. :-(

          Any other idea?

          Regards, Tim

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            The wrong SMTP info was just a telnet sample or an error you are getting always?

            Enable postfix logging and check if it alerts any missing/wrong configuration.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • D
              Der-Tim
              last edited by

              Hi there,

              I just enabled the logging to /var/log/maillog but the file stays empty. Even after a stop and start of the service.

              Here's my main.cf:

              #main.cf\
              #Part of the Postfix package for pfSense
              #Copyright (C) 2010 Erik Fonnesbeck
              #Copyright (C) 2011 Marcello Coutinho
              #All rights reserved.
              #DO NOT EDIT THIS FILE
              
              mynetworks = /usr/local/etc/postfix/mynetwork_table
              mynetworks_style = host
              myhostname=smtp-in.domain.tld
              smtp_helo_name=smtp-in.domain.tld
              relay_domains = domainA.tld domainB.tld
              transport_maps = hash:/usr/local/etc/postfix/transport
              local_recipient_maps =
              relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
              mydestination =
              mynetworks_style = host
              message_size_limit = 10240000
              default_process_limit = 100
              #Just reject after helo,sender,client,recipient tests
              smtpd_delay_reject = yes
              
              # Don't talk to mail systems that don't know their own hostname.
              smtpd_helo_required = yes
              smtpd_helo_restrictions = 
              
              smtpd_sender_restrictions = reject_unknown_sender_domain,
              				permit
              
              # Allow connections from specified local clients and rbl check everybody else if rbl check are set.
              smtpd_client_restrictions = permit_mynetworks,
              				reject_unauth_destination,
              				check_sender_access hash:/usr/local/etc/postfix/sender_access,
              				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
              				check_client_access cidr:/usr/local/etc/postfix/cal_cidr
              				permit
              
              # Whitelisting: local clients may specify any destination domain.
              #,
              smtpd_recipient_restrictions = permit_mynetworks, 
              				reject_unauth_destination,
              				check_sender_access hash:/usr/local/etc/postfix/sender_access,
              				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
              				check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
              				reject_spf_invalid_sender,
              				permit
              
              postscreen_access_list = permit_mynetworks,
              			cidr:/usr/local/etc/postfix/cal_cidr
              postscreen_dnsbl_action= enforce
              postscreen_blacklist_action= enforce
              

              Any idea?

              Regards, Tim

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                smtp port is listening but no mail is going through postfix?

                Do you have a nat rule on same port forwarding it direct to internal mail server?

                Or are you on nanobsd?

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • D
                  Der-Tim
                  last edited by

                  Hi,

                  as I said before, connection is established to the postfix running on the pfSense. There's only one NAT-rule from CARP-IP:25 to localhost:25 for using a virtual IP. The virtual IP isn't used in another way.

                  I'm running it on an amd64 system.

                  Regards, Tim

                  1 Reply Last reply Reply Quote 0
                  • L
                    louis-m
                    last edited by

                    what version of pfsense are you using? if it 2.1_x64, you need to copy /usr/local/etc/postfix files to /usr/pbi/postfix-amd64/etc/postfix as the config reads from the old location. you can see where the config file is reading in main.cf. it's the first line above #main.cf\ and is most likely /usr/local/etc/postfix/main.cf
                    you will need to do this every time you do an upgrade until marcelloc does the fix

                    I also had issues until i placed 2,6s into the greet time under antispam.

                    see here:
                    http://forum.pfsense.org/index.php/topic,50519.0.html

                    1 Reply Last reply Reply Quote 0
                    • D
                      Der-Tim
                      last edited by

                      Thanks, that did the trick! :-)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.