postfix relay denied on 11.4

Hello,

I was never confident with postfix, but used it for several years now on my own server. I even noted the exact config used.

But my old server crashed and I have to build fast a news one and I don’t receive mails anymore.

here is the log message when trying to send to me from gmail:

Jun 4 08:06:34 ks3095514 postfix/smtpd[4008]: connect from mail-pw0-f50.google.com[209.85.160.50]
Jun 4 08:06:34 ks3095514 postfix/smtpd[4008]: NOQUEUE: reject: RCPT from mail-pw0-f50.google.com[209.85.160.50]: 554 5.7.1 <jdd@dodin.net>: Relay access denied; from=<lesrevesdeness@gmail.com> to=<jdd@dodin.net> proto=ESMTP helo=<mail-pw0-f50.google.com>
Jun 4 08:06:35 ks3095514 postfix/smtpd[4008]: disconnect from mail-pw0-f50.google.com[209.85.160.50]

the main.cf file is the openSUSE default one (see below). Part of my problems seems to come from the reverse. I could once receive one test messsage to " ks3095514.kimsufi.com" (the default reverse/domain name) (below, commented out), but not for my own domain (dodin.org). Most of the time the only necessary lines are mydomain, myhostname, myorigin and mydestination, but this don’t work anymore. New defaults??. local (from and to the server) mail works, root can send to jdd and I read it from home.

thanks
jdd

mydomain = dodin.org
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
#myhostname = ks3095514.kimsufi.com
myhostname = kim3.dodin.org
delay_warning_time = 1h
message_strip_characters = \0
program_directory = /usr/lib/postfix
inet_interfaces = localhost
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost =
content_filter =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
smtp_enforce_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 0

I do not understand what you try to accomplish: is it you want to receive mail for multiple domains or you have multiple domains and want to receive mail only for dodin.org?

In the first case you might need to have a look ad virtual domains, a quick google search for potfix main.cf example multiple domains :
Handling mail for multiple virtual domains with postfix and maybe ISP-style Email Server with Debian “Sarge” and Postfix 2.1 | workaround.org (not for opensuse but I think you can use the info from there or find specific howtos for opensuse).

If it’s the latter one, looking in your main.cf it seems you allow mail to be delivered to $myhostname (which is kim3.dodin.org so mail @kim3.dodin.org should work but that is not listed as your MX or a CNAME in your dns - see DNS health check : find bugs on your domain - DnsQueries ) and to *localhost.$mydomain (is this also kim3… ?).
I am not sure, but maybe adding the masquarade domain might fix the issue
.

*The last MX lookup for dodin.org was still ks3095514.kimsufi.com so either you are testing different configurations or the dns records did not propagate yet.

Cheers.

only for dodin.org right now

If it’s the latter one, looking in your main.cf it seems you allow mail to be delivered to $myhostname (which is kim3.dodin.org so mail @kim3.dodin.org should work
I am not sure, but maybe adding the masquarade domain might fix the issue*.

*The last MX lookup for dodin.org was still ks3095514.kimsufi.com so either you are testing different configurations or the dns records did not propagate yet.

the mx was changed for tests and forgotten there :-(. changed for dodin.org now.

I always fails understanding why postfix uses mydomain and myhostname and how. (kim3 is the hostname and dodin.org mydomain) - that’s sure on this network there is only one computer for me.

thanks
jdd

But your log file shows you tried to send to dodin.net. Which is it, dodin.net or dodin.org?

The short answer is that mydestination should contain all the possible domains you want to accept. So you should add dodin.org and dodin.net to what’s already there.

[QUOTE=ken_yap;2348803]But your log file shows you tried to send to dodin.net. Which is it, dodin.net or dodin.org?

The short answer is that mydestination should contain all the possible domains you want to accept. So you should add dodin.org and dodin.net to what’s already there.[/QUOTE]

dodin.net is an old domain name I don’t use anymore, but sometime I receive a mial on it, but on the dodin.net zone, the mx is to dodin.org.

Why is the variable name “destination” to receive mails?? no problem, I will add it
thanks
jdd

You must match all destinations that the sender could put on the envelope. Even though gmail is contacting dodin.org, the envelope says the mail is for dodin.net. At the moment your server looks at the envelope and says, dodin.net? that’s not me, and rejects the email.

problem is I have no return at all!

I noticed I had in the old config file “relay_domains = $mydestination, dodin.net

I added it, but this don’t seems to change anything! - and nothing in the logs!!

You add the allowed destinations to $mydestinations, not $relay_domains.

$relay_domains serves a different purpose, even though it is derived from $mydestinations by default.

Postfix Configuration Parameters

[QUOTE=ken_yap;2348823]You add the allowed destinations to $mydestinations, not $relay_domains.

$relay_domains serves a different purpose, even though it is derived from $mydestinations by default.

Postfix Configuration Parameters[/QUOTE]

here is the main.cf file that worked until now (on the other server) - I just changed the hostname (with no better result).

mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = dodin.org
#myhostname = ks33269.kimsufi.com
myhostname = kim3.dodin.org
myorigin = $mydomain
#mydestination = $mydomain
#pour recevoir deux domaines
mydestination = $myhostname, localhost.$mydomain

relay_domains = $mydestination, dodin.net
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
delay_warning_time = 1h
message_strip_characters = \0
program_directory = /usr/lib/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
inet_interfaces = localhost
masquerade_domains =
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases

You were doing it wrong in the past. Perhaps you got away with it by accident.

with normal (?) main.cf, postconf -n gives this. is there any other way to test the config?
thanks
jdd

alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 1h
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 0
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, dodin.org, dodin.net, kim3.dodin.org
mydomain = dodin.org
myhostname = dodin.org
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains = $mydestination, dodin.net
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_enforce_tls = no
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual

postconf -n is the command you want. You could simulate a mail delivery to your server from another host using telnet.

yes, it’s what I did.

and I get:

telnet dodin.org 25
Trying 91.121.202.36…
telnet: connect to address 91.121.202.36: Connection refused

the firewall is stopped, postfix runs (rcpostfix status gives running)

What did I do wrong? this 11.4 install is from my provider, sometime curious, the default mta was exim (of course removed when I installed postfix)
thanks
jdd

Is that the correct IP address of your server? Did you allow port 25 through the firewall? Did you configure postfix to listen on all interfaces, not just localhost?

yes

yes (and anyway I stopped the firewall to be sure)

and I didn’t do any thing more than I said.

now changed inet_interfaces to “all” and I beging receiving spam. Good news :-). but gmails don’t pass yet

seems to work, now. gmail was only delayed a bit

Why did this option never made problem before? may be a change in default somewhere.

Thanks for help, brainstorming always help :-))
jdd

On 2011-06-04 12:36, jdd wrote:
> now changed inet_interfaces to “all” and I beging receiving spam. Good
> news :-). but gmails don’t pass yet

:slight_smile:

Now you have to start adding spam controls :slight_smile:


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

no. I wznt to have the spam on my desk, just in case. I make it tagged by spamassassin, but keep thunderbird sorting, and I see approx 10 spam for 1000 received :slight_smile:

thanks
jdd