Postfix package - relay access denied

Der-Tim

Hi there,

I recently installed the postfix package and configured it in a real quick-and-dirty way.

Just added the following configuration variables:

• Listen Interfaces: loopback, LAN, OPT1 (NAT from external CARP-IP to localhost:25)
• Custom main.cf: myhostname, smtp_helo_name (seem to be ignored totally)
• Domains: 2 domains (domainA.tld, domainB.tld), both backed with the same mailserver IP
• Recipients: tried it with nothing configured and manually configured in these ways => domainA.tld OK, domainB.tld OK, @domainA.tld OK, @domainB.tld OK, username@domainA.tld OK, username@domainB.tld OK
• AccessLists: mynetworks (local network and one CIDR I can trust)
• Antispam: Header Verification Basic

But I always get an "relay access denied"-error.

<snip>telnet aa.bb.cc.dd 25
Trying aa.bb.cc.dd…
Connected to aa.bb.cc.dd.
Escape character is '^]'.
220 <wrong hostname="">ESMTP Postfix
helo host.domain.tld
250 <wrong hostname="">mail from: user@domain.tld
250 2.1.0 Ok
rcpt to: username@domainA.tld
554 5.7.1 username@domaina.tld: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.

What am I doing wrong? Maybe I'm actually blind... ;-)

Thanks for any advice.

Best regards, Tim/username@domaina.tld</wrong></wrong></snip>

marcelloc

Include your internal smtp servers on MyNetworks field at package Access List tab.

Der-Tim

Hi,

thanks for your answer. That's what I already tried, but had no success. :-(

Any other idea?

Regards, Tim

marcelloc

The wrong SMTP info was just a telnet sample or an error you are getting always?

Enable postfix logging and check if it alerts any missing/wrong configuration.

Der-Tim

Hi there,

I just enabled the logging to /var/log/maillog but the file stays empty. Even after a stop and start of the service.

Here's my main.cf:

#main.cf\
#Part of the Postfix package for pfSense
#Copyright (C) 2010 Erik Fonnesbeck
#Copyright (C) 2011 Marcello Coutinho
#All rights reserved.
#DO NOT EDIT THIS FILE

mynetworks = /usr/local/etc/postfix/mynetwork_table
mynetworks_style = host
myhostname=smtp-in.domain.tld
smtp_helo_name=smtp-in.domain.tld
relay_domains = domainA.tld domainB.tld
transport_maps = hash:/usr/local/etc/postfix/transport
local_recipient_maps =
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
mydestination =
mynetworks_style = host
message_size_limit = 10240000
default_process_limit = 100
#Just reject after helo,sender,client,recipient tests
smtpd_delay_reject = yes

# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
smtpd_helo_restrictions = 

smtpd_sender_restrictions = reject_unknown_sender_domain,
				permit

# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = permit_mynetworks,
				reject_unauth_destination,
				check_sender_access hash:/usr/local/etc/postfix/sender_access,
				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
				check_client_access cidr:/usr/local/etc/postfix/cal_cidr
				permit

# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks, 
				reject_unauth_destination,
				check_sender_access hash:/usr/local/etc/postfix/sender_access,
				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
				check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
				reject_spf_invalid_sender,
				permit

postscreen_access_list = permit_mynetworks,
			cidr:/usr/local/etc/postfix/cal_cidr
postscreen_dnsbl_action= enforce
postscreen_blacklist_action= enforce

Any idea?

Regards, Tim

marcelloc

smtp port is listening but no mail is going through postfix?

Do you have a nat rule on same port forwarding it direct to internal mail server?

Or are you on nanobsd?

Der-Tim

Hi,

as I said before, connection is established to the postfix running on the pfSense. There's only one NAT-rule from CARP-IP:25 to localhost:25 for using a virtual IP. The virtual IP isn't used in another way.

I'm running it on an amd64 system.

Regards, Tim

louis-m

what version of pfsense are you using? if it 2.1_x64, you need to copy /usr/local/etc/postfix files to /usr/pbi/postfix-amd64/etc/postfix as the config reads from the old location. you can see where the config file is reading in main.cf. it's the first line above #main.cf\ and is most likely /usr/local/etc/postfix/main.cf
you will need to do this every time you do an upgrade until marcelloc does the fix

I also had issues until i placed 2,6s into the greet time under antispam.

see here:
http://forum.pfsense.org/index.php/topic,50519.0.html

Der-Tim

Thanks, that did the trick! :-)