Postfix package - relay access denied
-
Hi there,
I recently installed the postfix package and configured it in a real quick-and-dirty way.
Just added the following configuration variables:
- Listen Interfaces: loopback, LAN, OPT1 (NAT from external CARP-IP to localhost:25)
- Custom main.cf: myhostname, smtp_helo_name (seem to be ignored totally)
- Domains: 2 domains (domainA.tld, domainB.tld), both backed with the same mailserver IP
- Recipients: tried it with nothing configured and manually configured in these ways => domainA.tld OK, domainB.tld OK, @domainA.tld OK, @domainB.tld OK, username@domainA.tld OK, username@domainB.tld OK
- AccessLists: mynetworks (local network and one CIDR I can trust)
- Antispam: Header Verification Basic
But I always get an "relay access denied"-error.
<snip>telnet aa.bb.cc.dd 25
Trying aa.bb.cc.dd…
Connected to aa.bb.cc.dd.
Escape character is '^]'.
220 <wrong hostname="">ESMTP Postfix
helo host.domain.tld
250 <wrong hostname="">mail from: user@domain.tld
250 2.1.0 Ok
rcpt to: username@domainA.tld
554 5.7.1 username@domaina.tld: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.What am I doing wrong? Maybe I'm actually blind... ;-)
Thanks for any advice.
Best regards, Tim/username@domaina.tld</wrong></wrong></snip>
-
Include your internal smtp servers on MyNetworks field at package Access List tab.
-
Hi,
thanks for your answer. That's what I already tried, but had no success. :-(
Any other idea?
Regards, Tim
-
The wrong SMTP info was just a telnet sample or an error you are getting always?
Enable postfix logging and check if it alerts any missing/wrong configuration.
-
Hi there,
I just enabled the logging to /var/log/maillog but the file stays empty. Even after a stop and start of the service.
Here's my main.cf:
#main.cf\ #Part of the Postfix package for pfSense #Copyright (C) 2010 Erik Fonnesbeck #Copyright (C) 2011 Marcello Coutinho #All rights reserved. #DO NOT EDIT THIS FILE mynetworks = /usr/local/etc/postfix/mynetwork_table mynetworks_style = host myhostname=smtp-in.domain.tld smtp_helo_name=smtp-in.domain.tld relay_domains = domainA.tld domainB.tld transport_maps = hash:/usr/local/etc/postfix/transport local_recipient_maps = relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients mydestination = mynetworks_style = host message_size_limit = 10240000 default_process_limit = 100 #Just reject after helo,sender,client,recipient tests smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_sender_restrictions = reject_unknown_sender_domain, permit # Allow connections from specified local clients and rbl check everybody else if rbl check are set. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_sender_access hash:/usr/local/etc/postfix/sender_access, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr permit # Whitelisting: local clients may specify any destination domain. #, smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_sender_access hash:/usr/local/etc/postfix/sender_access, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, reject_spf_invalid_sender, permit postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/cal_cidr postscreen_dnsbl_action= enforce postscreen_blacklist_action= enforce
Any idea?
Regards, Tim
-
smtp port is listening but no mail is going through postfix?
Do you have a nat rule on same port forwarding it direct to internal mail server?
Or are you on nanobsd?
-
Hi,
as I said before, connection is established to the postfix running on the pfSense. There's only one NAT-rule from CARP-IP:25 to localhost:25 for using a virtual IP. The virtual IP isn't used in another way.
I'm running it on an amd64 system.
Regards, Tim
-
what version of pfsense are you using? if it 2.1_x64, you need to copy /usr/local/etc/postfix files to /usr/pbi/postfix-amd64/etc/postfix as the config reads from the old location. you can see where the config file is reading in main.cf. it's the first line above #main.cf\ and is most likely /usr/local/etc/postfix/main.cf
you will need to do this every time you do an upgrade until marcelloc does the fixI also had issues until i placed 2,6s into the greet time under antispam.
see here:
http://forum.pfsense.org/index.php/topic,50519.0.html -
Thanks, that did the trick! :-)