• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 523
  • Last Modified:

SMTP relay question using postfix

I am having trouble allowing access to my SMTP server for a remote site.  We are using postfix and have some rules setup to prevent relaying/spamming.  I have added this remote site as an OK in our smtpd_recipient_restrictions and smtpd_client_restrictions as well as listing their static IP in as an acceptable relay domain (relay_domains = $mydestination, $mynetworks, XXX.YYY.ZZZ.AAA).  The remote is getting an SMTP error (they can check mail successfully).
0
ryanbubu
Asked:
ryanbubu
  • 4
  • 3
1 Solution
 
Cyclops3590Commented:
relay_domains is the parameter for listing the domains the MTA relays for.  For example, example.com may be hosted at the server, but example2.com may be a different division but you want to send it to the appropriate mail server. Ordinarily that example2.com mail will be dropped, by adding it to the relay_domains list, it allows that domain's email to traverse the MTA

you are going purely for the smtdp_recipient_restrictions parameter here.  you should already have a permit_mynetworks in that list.  If so, just add the static IP of the site to the mynetworks parameter list, reload postfix and you should be fine
0
 
ryanbubuAuthor Commented:
the mynetworks cannot hold their static IP because the mynetworks is setup for subnets (so that internal PCs do not need to be listed one by one).  we have added the IP to a 'clients' file with OK listed and we refer to this file in smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/clients

this should accomplish your suggestion but the EU cannot connect.
0
 
Cyclops3590Commented:
add a /32 at the end of the static IP
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ryanbubuAuthor Commented:
did as you suggested and just heard back from the end-user; they still are receiving an SMTP rejection error.  other ideas?
0
 
Cyclops3590Commented:
need the main.cf and master.cf posted then as adding the <<ip address>>/32 to the mynetworks parameter should work.
0
 
ryanbubuAuthor Commented:
main.cf (comments removed, sensitive data masked):

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = euryale.bmxxxxx.net
yorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain, mtblxxxxx.com, mt
xxxxxx.com, pbxxxx.net, lowelxxxxxx.com, nligxxxxx.com, nligxxxxx.com
unknown_local_recipient_reject_code = 450
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 204.TTT.ZZZ.240/29, 192.168.1.0/24, 192.168.0.0/24, 204.
TTT.YYY.148/32
relay_domains = $mydestination, $mynetworks, 204.181.137.148
virtual_maps = hash:/etc/postfix/virtual
alias_maps = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.16/samples
readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES
alias_database = hash:/etc/postfix/aliases
smtpd_recipient_restrictions = permit_mynetworks check_client_access hash:/etc/p
ostfix/clients, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_
client relays.ordb.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client op
m.blitzed.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client blackholes.w
irehub.net, reject_rbl_client list.dsbl.org, check_relay_domains, reject
smtpd_client_restrictions = permit_mynetworks hash:/etc/postfix/sender_access, r
eject_unknown_client
smtpd_helo_restrictions = reject_invalid_hostname, reject_unknown_hostname, reje
ct_non_fqdn_hostname
header_checks = regexp:/etc/postfix/spammers
0
 
Cyclops3590Commented:
first, remove "204.181.137.148" from relay_domains, not need
also, lets try using the warn_if_reject to see which rule is rejecting it as I'm not 100% positive

smtpd_client_restrictions = permit_mynetworks, hash:/etc/postfix/sender_access, warn_if_reject reject_unknown_client
smtpd_helo_restrictions = warn_if_reject reject_invalid_hostname, warn_if_reject reject_unknown_hostname, warn_if_reject reject_non_fqdn_hostname

i'm thinking their getting rejected because their public IP doesn't resolve to anything and/or the hostname they announce themselves as doesn't match the IP they are connecting as
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now