Relay access denied

Peter Lemieux mailscanner at replies.cyways.com
Fri Jan 13 22:34:22 UTC 2017 

If mail is coming from all over the Internet to your host, setting

mynetworks = 0.0.0.0/0

in main.cf works as well.  Many modern distributions like Ubuntu have only 
127.0.0.1 and similar local addresses in the mynetworks field by default.

I recommend reading http://www.postfix.org/SMTPD_ACCESS_README.html for a 
comprehensive overview of how Postfix handles incoming mail.

Peter


On 01/13/2017 05:30 PM, Danita Zanre wrote:
> Ah!  See, something simple!  Because this was all coming from “localhost” it
> was working - I think I know now!
>
> Let me work on that.
>
>
>
> *Danita Zanrè*, /Move Out of the Office/
> I love my job, and you can too!
> Tel: (720) 319-7530 - Caledonia Network Consulting
> Tel: (720) 319-8240 - Move Out of the Office
>
>
> On January 13, 2017 at 4:32:33 PM, Shawn Iverson
> (iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>) wrote:
>
>> I don't see a relay_domains definition in your config
>>
>> relay_domains = hash:/etc/postfix/transport
>>
>> On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre <danita at caledonia.net
>> <mailto:danita at caledonia.net>> wrote:
>>
>>     so, for example,
>>
>>     caledonia.net <http://caledonia.net>   smtp:192.223.10.61
>>
>>
>>     And it works fine until we have mail coming directly to the
>>     mailscanner server.
>>
>>
>>     Full disclosure:
>>
>>
>>     We have a xeams server that we are replacing.  It and mailscanner are
>>     on the same box.  So, during the switchover, mail has been coming to
>>     the xeams server, it has been set to not scan anything, and then it
>>     relays to 127.0.0.1 for postfix to pick it up.  I did it this way,
>>     because we have multiple domain names, and I was switching them over
>>     one at a time to make sure there were no problems.  Xeams continued to
>>     scan for zanre.com <http://zanre.com>, for example, and passed mail
>>     for caledonia.net <http://caledonia.net> unscanned to
>>     postix/mailscanner via localhost.
>>
>>
>>     So, if I set postfix to listen on all interfaces and turn the xeams
>>     server off, nothing has really changed except the mail is hitting
>>     postfix first.  I also have postscreen on in “ignore” mode until I can
>>     make sure that everything else works, and then I had intended to set
>>     postscreen to “enable”.
>>
>>
>>     Thanks
>>
>>
>>     *Danita Zanrè*, /Move Out of the Office/
>>     I love my job, and you can too!
>>     Tel: (720) 319-7530 <tel:(720)%20319-7530> - Caledonia Network Consulting
>>     Tel: (720) 319-8240 <tel:(720)%20319-8240> - Move Out of the Office
>>
>>
>>     On January 13, 2017 at 4:15:33 PM, Shawn Iverson
>>     (iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>)
>>     wrote:
>>
>>>     What's in your transport maps?
>>>
>>>     On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre <danita at caledonia.net
>>>     <mailto:danita at caledonia.net>> wrote:
>>>
>>>         Sorry - this is a dumb postfix question I’m sure - it’s been awhile!
>>>
>>>         In setting up my system, I had my mailscanner server behind our
>>>         existing anti-spam server so that I could test it.  So,
>>>         everything was coming from the existing anti-spam server as a
>>>         front-end relay server.  Working perfectly, but now I’m ready to
>>>         move forward.
>>>
>>>         But when I redirect mail to come directly to the new mailscanner
>>>         server, everything says Relay access denied.
>>>
>>>         So, for some reason, postfix is ONLY accepting mail from the
>>>         relay server.  Here’s what is in main.cf <http://main.cf> -
>>>         please tell me what silly thing I’ve overlooked!  I’ve togged the
>>>         sender_restrictions on and off thinking something was in there.
>>>
>>>         Thanks
>>>
>>>         inet_protocols = all
>>>
>>>         biff = no
>>>
>>>         mail_spool_directory = /var/mail
>>>
>>>         canonical_maps = hash:/etc/postfix/canonical
>>>
>>>         virtual_alias_maps = hash:/etc/postfix/virtual
>>>
>>>         virtual_alias_domains = hash:/etc/postfix/virtual
>>>
>>>         relocated_maps = hash:/etc/postfix/relocated
>>>
>>>         transport_maps = hash:/etc/postfix/transport
>>>
>>>         sender_canonical_maps = hash:/etc/postfix/sender_canonical
>>>
>>>         masquerade_exceptions = root
>>>
>>>         masquerade_classes = envelope_sender, header_sender, header_recipient
>>>
>>>         myhostname = iris.caledonia.net <http://iris.caledonia.net>
>>>
>>>         delay_warning_time = 1h
>>>
>>>         message_strip_characters = \0
>>>
>>>         #inet_interfaces = localhost
>>>
>>>         inet_interfaces = all
>>>
>>>         masquerade_domains =
>>>
>>>         mydestination = $myhostname, localhost.$mydomain
>>>
>>>         defer_transports =
>>>
>>>         mynetworks_style = subnet
>>>
>>>         disable_dns_lookups = no
>>>
>>>         relayhost =
>>>
>>>         mailbox_command =
>>>
>>>         mailbox_transport =
>>>
>>>         strict_8bitmime = no
>>>
>>>         disable_mime_output_conversion = no
>>>
>>>         #smtpd_sender_restrictions = hash:/etc/postfix/access
>>>
>>>         smtpd_client_restrictions =
>>>
>>>         smtpd_helo_required = no
>>>
>>>         smtpd_helo_restrictions =
>>>
>>>         strict_rfc821_envelopes = no
>>>
>>>         smtpd_recipient_restrictions =
>>>         permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject
>>>
>>>         smtp_sasl_auth_enable = no
>>>
>>>         smtpd_sasl_auth_enable = no
>>>
>>>         smtpd_use_tls = no
>>>
>>>         smtp_use_tls = no
>>>
>>>         smtp_enforce_tls = no
>>>
>>>         alias_maps = hash:/etc/aliases
>>>
>>>         mailbox_size_limit = 0
>>>
>>>         message_size_limit = 91820000
>>>
>>>         default_process_limit = 100
>>>
>>>
>>>         postscreen_access_list = permit_mynetworks,
>>>         cidr:/etc/postfix/postscreen_access.cidr
>>>
>>>         postscreen_greet_action = ignore
>>>
>>>
>>>
>>>         *Danita Zanrè*, /Move Out of the Office/
>>>         I love my job, and you can too!
>>>         Tel: (720) 319-7530 <tel:(720)%20319-7530> - Caledonia Network
>>>         Consulting
>>>         Tel: (720) 319-8240 <tel:(720)%20319-8240> - Move Out of the Office
>>>
>>>
>>>
>>>
>>>         --
>>>         MailScanner mailing list
>>>         mailscanner at lists.mailscanner.info
>>>         <mailto:mailscanner at lists.mailscanner.info>
>>>         http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>         <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>>
>>>
>>>
>>>
>>>     --
>>>     Shawn Iverson
>>>     Director of Technology
>>>     Rush County Schools
>>>     765-932-3901 x271 <tel:(765)%20932-3901>
>>>     iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>>>
>>>
>>>
>>>     --
>>>     This message has been scanned for viruses and
>>>     dangerous content by *Iris MailScanner* <http://iris.caledonia.net/>,
>>>     and is
>>>     believed to be clean.
>>>
>>>     --
>>>     MailScanner mailing list
>>>     mailscanner at lists.mailscanner.info
>>>     <mailto:mailscanner at lists.mailscanner.info>
>>>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>     <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>
>>
>>
>> --
>> Shawn Iverson
>> Director of Technology
>> Rush County Schools
>> 765-932-3901 x271
>> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>>
>>
>> ------------------------------------------------------
>> Powered by Xeams. Visit xeams.com for more information
>> ------------------------------------------------------
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by *Iris MailScanner* <http://iris.caledonia.net/>, and is
>> believed to be clean.
>
>
>
>

More information about the MailScanner mailing list