Results 1 to 3 of 3

Thread: Postscript Final steps: Relay access denied

  1. #1

    Default Postscript Final steps: Relay access denied

    We have successfully navigated the many rivers of setting up a website and mail server with SSL/TLS but one:
    Relay access denied for outgoing mail to external addressee from an offsite client through our own Postfix SMTP server. Everything else works great.

    Any ideas? Details below.

    Thank you, Andy
    ~~~~~~~~~~~~~~
    We have Postfix Version: 3.2.0-1.4 under opensuse Leap 42.3. Other relevants include Dovecot 2.2.31 (65cde28)

    • Receive mail (Dovecot) works under all options at both internal (lavarre) and external (spectre) sites.

    Send mail from internal and external clients tested with:
    Code:
    telnet mail.privustech.com 587
    or
    Code:
    openssl s_client -connect mail.privustech.com:587 -starttls smtp
    (it fails if -starttls tag is not included: No peer certificate...)
    • Send mail from internal (within the server) to both internal and external addressees works.
    • Send mail from external clients to internal addressees (@privustech.com) works.
    • Send mail from external clients to external addressees suffers Relay access denied.

    We have done the following with /etc/postfix/main.cf:
    • Created /etc/postfix/sender_access with postmap to explicitly include as authorized senders:
    andy@privustech.com
    alavarre@privustech.com
    • Updated the line
    Code:
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
    to use that access database.

    • Commented out
    Code:
    smtpd_recipient_restrictions
    to preclude restrictions on addressees

    • Not found
    Code:
    smtp_recipient_restrictions
    • Commented out
    Code:
    relayhost =
    The only thing that works to date is to explicitly add our external IP address to mynetworks:
    Code:
    mynetworks = 72.215.48.235/32, 127.0.0.0/8,
    but even that doesn't work with the Evolution email client:
    "Bad authentication response from server."

    So I would deeply appreciate help in sorting this last bit out...

    Thanks again.

  2. #2
    Join Date
    Sep 2012
    Posts
    5,135

    Default Re: Postscript Final steps: Relay access denied

    Relaying is controller by smtpd_relay_restrictions which defaults to local networks and authenticated users. Controlling relaying based on who client pretends to be will result in widely open relay as anyone can put anything in SEND FROM line.

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,286
    Blog Entries
    2

    Default Re: Postscript Final steps: Relay access denied

    @OP

    Believe the configuration you want to set up is described in the following link

    http://www.postfix.org/STANDARD_CONF....html#firewall

    General main.cf configuration limitations as described by arvidjaar in the following documentation

    http://www.postfix.org/BASIC_CONFIGURATION_README.html

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •