Relay access denied

Danita Zanre danita at caledonia.net
Fri Jan 13 22:30:51 UTC 2017


Ah!  See, something simple!  Because this was all coming from “localhost” it was working - I think I know now!

Let me work on that.



Danita Zanrè, Move Out of the Office
I love my job, and you can too!
Tel: (720) 319-7530 - Caledonia Network Consulting
Tel: (720) 319-8240 - Move Out of the Office


On January 13, 2017 at 4:32:33 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote:

I don't see a relay_domains definition in your config

relay_domains = hash:/etc/postfix/transport

On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre <danita at caledonia.net> wrote:
so, for example, 

caledonia.net   smtp:192.223.10.61

And it works fine until we have mail coming directly to the mailscanner server.

Full disclosure:

We have a xeams server that we are replacing.  It and mailscanner are on the same box.  So, during the switchover, mail has been coming to the xeams server, it has been set to not scan anything, and then it relays to 127.0.0.1 for postfix to pick it up.  I did it this way, because we have multiple domain names, and I was switching them over one at a time to make sure there were no problems.  Xeams continued to scan for zanre.com, for example, and passed mail for caledonia.net unscanned to postix/mailscanner via localhost. 

So, if I set postfix to listen on all interfaces and turn the xeams server off, nothing has really changed except the mail is hitting postfix first.  I also have postscreen on in “ignore” mode until I can make sure that everything else works, and then I had intended to set postscreen to “enable”.

Thanks

Danita Zanrè, Move Out of the Office
I love my job, and you can too!
Tel: (720) 319-7530 - Caledonia Network Consulting
Tel: (720) 319-8240 - Move Out of the Office


On January 13, 2017 at 4:15:33 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote:

What's in your transport maps?

On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre <danita at caledonia.net> wrote:
Sorry - this is a dumb postfix question I’m sure - it’s been awhile!

In setting up my system, I had my mailscanner server behind our existing anti-spam server so that I could test it.  So, everything was coming from the existing anti-spam server as a front-end relay server.  Working perfectly, but now I’m ready to move forward.  

But when I redirect mail to come directly to the new mailscanner server, everything says Relay access denied.

So, for some reason, postfix is ONLY accepting mail from the relay server.  Here’s what is in main.cf - please tell me what silly thing I’ve overlooked!  I’ve togged the sender_restrictions on and off thinking something was in there.  

Thanks

inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = iris.caledonia.net
delay_warning_time = 1h
message_strip_characters = \0
#inet_interfaces = localhost
inet_interfaces = all
masquerade_domains = 
mydestination = $myhostname, localhost.$mydomain
defer_transports = 
mynetworks_style = subnet
disable_dns_lookups = no
relayhost = 
mailbox_command = 
mailbox_transport = 
strict_8bitmime = no
disable_mime_output_conversion = no
#smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = 
smtpd_helo_required = no
smtpd_helo_restrictions = 
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
smtp_enforce_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 91820000
default_process_limit = 100

postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_greet_action = ignore


Danita Zanrè, Move Out of the Office
I love my job, and you can too!
Tel: (720) 319-7530 - Caledonia Network Consulting
Tel: (720) 319-8240 - Move Out of the Office




--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner





--
Shawn Iverson
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us



--
This message has been scanned for viruses and
dangerous content by Iris MailScanner, and is
believed to be clean.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner




--
Shawn Iverson
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us


------------------------------------------------------
Powered by Xeams. Visit xeams.com for more information
------------------------------------------------------

--
This message has been scanned for viruses and
dangerous content by Iris MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170113/554ca477/attachment-0001.html>


More information about the MailScanner mailing list