Relay access denied
Danita Zanre
danita at caledonia.net
Sat Jan 14 03:05:39 UTC 2017
Thanks - it’s all working fine now. Final question. Are there any settings that should be optimized for postscreen? Or just turn it loose and let it do its thing??
Thanks.
Danita Zanrè, Move Out of the Office
I love my job, and you can too!
Tel: (720) 319-7530 - Caledonia Network Consulting
Tel: (720) 319-8240 - Move Out of the Office
On January 13, 2017 at 4:41:26 PM, Peter Lemieux (mailscanner at replies.cyways.com) wrote:
If mail is coming from all over the Internet to your host, setting
mynetworks = 0.0.0.0/0
in main.cf works as well. Many modern distributions like Ubuntu have only
127.0.0.1 and similar local addresses in the mynetworks field by default.
I recommend reading http://www.postfix.org/SMTPD_ACCESS_README.html for a
comprehensive overview of how Postfix handles incoming mail.
Peter
On 01/13/2017 05:30 PM, Danita Zanre wrote:
> Ah! See, something simple! Because this was all coming from “localhost” it
> was working - I think I know now!
>
> Let me work on that.
>
>
>
> *Danita Zanrè*, /Move Out of the Office/
> I love my job, and you can too!
> Tel: (720) 319-7530 - Caledonia Network Consulting
> Tel: (720) 319-8240 - Move Out of the Office
>
>
> On January 13, 2017 at 4:32:33 PM, Shawn Iverson
> (iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>) wrote:
>
>> I don't see a relay_domains definition in your config
>>
>> relay_domains = hash:/etc/postfix/transport
>>
>> On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre <danita at caledonia.net
>> <mailto:danita at caledonia.net>> wrote:
>>
>> so, for example,
>>
>> caledonia.net <http://caledonia.net> smtp:192.223.10.61
>>
>>
>> And it works fine until we have mail coming directly to the
>> mailscanner server.
>>
>>
>> Full disclosure:
>>
>>
>> We have a xeams server that we are replacing. It and mailscanner are
>> on the same box. So, during the switchover, mail has been coming to
>> the xeams server, it has been set to not scan anything, and then it
>> relays to 127.0.0.1 for postfix to pick it up. I did it this way,
>> because we have multiple domain names, and I was switching them over
>> one at a time to make sure there were no problems. Xeams continued to
>> scan for zanre.com <http://zanre.com>, for example, and passed mail
>> for caledonia.net <http://caledonia.net> unscanned to
>> postix/mailscanner via localhost.
>>
>>
>> So, if I set postfix to listen on all interfaces and turn the xeams
>> server off, nothing has really changed except the mail is hitting
>> postfix first. I also have postscreen on in “ignore” mode until I can
>> make sure that everything else works, and then I had intended to set
>> postscreen to “enable”.
>>
>>
>> Thanks
>>
>>
>> *Danita Zanrè*, /Move Out of the Office/
>> I love my job, and you can too!
>> Tel: (720) 319-7530 <tel:(720)%20319-7530> - Caledonia Network Consulting
>> Tel: (720) 319-8240 <tel:(720)%20319-8240> - Move Out of the Office
>>
>>
>> On January 13, 2017 at 4:15:33 PM, Shawn Iverson
>> (iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>)
>> wrote:
>>
>>> What's in your transport maps?
>>>
>>> On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre <danita at caledonia.net
>>> <mailto:danita at caledonia.net>> wrote:
>>>
>>> Sorry - this is a dumb postfix question I’m sure - it’s been awhile!
>>>
>>> In setting up my system, I had my mailscanner server behind our
>>> existing anti-spam server so that I could test it. So,
>>> everything was coming from the existing anti-spam server as a
>>> front-end relay server. Working perfectly, but now I’m ready to
>>> move forward.
>>>
>>> But when I redirect mail to come directly to the new mailscanner
>>> server, everything says Relay access denied.
>>>
>>> So, for some reason, postfix is ONLY accepting mail from the
>>> relay server. Here’s what is in main.cf <http://main.cf> -
>>> please tell me what silly thing I’ve overlooked! I’ve togged the
>>> sender_restrictions on and off thinking something was in there.
>>>
>>> Thanks
>>>
>>> inet_protocols = all
>>>
>>> biff = no
>>>
>>> mail_spool_directory = /var/mail
>>>
>>> canonical_maps = hash:/etc/postfix/canonical
>>>
>>> virtual_alias_maps = hash:/etc/postfix/virtual
>>>
>>> virtual_alias_domains = hash:/etc/postfix/virtual
>>>
>>> relocated_maps = hash:/etc/postfix/relocated
>>>
>>> transport_maps = hash:/etc/postfix/transport
>>>
>>> sender_canonical_maps = hash:/etc/postfix/sender_canonical
>>>
>>> masquerade_exceptions = root
>>>
>>> masquerade_classes = envelope_sender, header_sender, header_recipient
>>>
>>> myhostname = iris.caledonia.net <http://iris.caledonia.net>
>>>
>>> delay_warning_time = 1h
>>>
>>> message_strip_characters = \0
>>>
>>> #inet_interfaces = localhost
>>>
>>> inet_interfaces = all
>>>
>>> masquerade_domains =
>>>
>>> mydestination = $myhostname, localhost.$mydomain
>>>
>>> defer_transports =
>>>
>>> mynetworks_style = subnet
>>>
>>> disable_dns_lookups = no
>>>
>>> relayhost =
>>>
>>> mailbox_command =
>>>
>>> mailbox_transport =
>>>
>>> strict_8bitmime = no
>>>
>>> disable_mime_output_conversion = no
>>>
>>> #smtpd_sender_restrictions = hash:/etc/postfix/access
>>>
>>> smtpd_client_restrictions =
>>>
>>> smtpd_helo_required = no
>>>
>>> smtpd_helo_restrictions =
>>>
>>> strict_rfc821_envelopes = no
>>>
>>> smtpd_recipient_restrictions =
>>> permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject
>>>
>>> smtp_sasl_auth_enable = no
>>>
>>> smtpd_sasl_auth_enable = no
>>>
>>> smtpd_use_tls = no
>>>
>>> smtp_use_tls = no
>>>
>>> smtp_enforce_tls = no
>>>
>>> alias_maps = hash:/etc/aliases
>>>
>>> mailbox_size_limit = 0
>>>
>>> message_size_limit = 91820000
>>>
>>> default_process_limit = 100
>>>
>>>
>>> postscreen_access_list = permit_mynetworks,
>>> cidr:/etc/postfix/postscreen_access.cidr
>>>
>>> postscreen_greet_action = ignore
>>>
>>>
>>>
>>> *Danita Zanrè*, /Move Out of the Office/
>>> I love my job, and you can too!
>>> Tel: (720) 319-7530 <tel:(720)%20319-7530> - Caledonia Network
>>> Consulting
>>> Tel: (720) 319-8240 <tel:(720)%20319-8240> - Move Out of the Office
>>>
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> <mailto:mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Shawn Iverson
>>> Director of Technology
>>> Rush County Schools
>>> 765-932-3901 x271 <tel:(765)%20932-3901>
>>> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>>>
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by *Iris MailScanner* <http://iris.caledonia.net/>,
>>> and is
>>> believed to be clean.
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> <mailto:mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>
>>
>>
>> --
>> Shawn Iverson
>> Director of Technology
>> Rush County Schools
>> 765-932-3901 x271
>> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>>
>>
>> ------------------------------------------------------
>> Powered by Xeams. Visit xeams.com for more information
>> ------------------------------------------------------
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by *Iris MailScanner* <http://iris.caledonia.net/>, and is
>> believed to be clean.
>
>
>
>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
This message has been scanned for viruses and
dangerous content by Iris MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170113/7edcebcd/attachment.html>
More information about the MailScanner
mailing list