Link to home
Start Free TrialLog in
Avatar of Ricky Nguyen
Ricky NguyenFlag for Australia

asked on

Postfix Mail Relay for Local Network

Hi Experts,

I've been trying to setup my Postfix Email Server but having no luck so I bought a book call "The Book of Postfix". In Chapter 4, it says, in order to allow local network to relay, we just need to configure "mynetworks" as per below statement.


Is this correct? I was told differently from another posting:

https://www.experts-exchange.com/questions/27695984/Postfix-Relay-Access-Denied-Error-554-5-7-1.html

Shouldn't you need to configure SASL in order to relay?

Any comments would be appreciated.

Regards,
Rick
Avatar of arnold
arnold
Flag of United States of America image

SASL deals with users authenticating prior to sending.  mynetworks defines who can relay through the server without the need to authenticate on the local network.
You would not want to define a Public (external IP/Range of IPs) as allowed to relay through your server as the other post referenced unless:
1) you own and have full control of the segments in question.
2) You make sure if you do not own the segments to remove them from the configuration once you no longer control them.  While it is not likely that the next party that gets those IP allocated will know that your email server is open to them to relay through, it is best to maintain a concise definition/configuration.
Avatar of Ricky Nguyen

ASKER

Ok thanks arnold. But all ive been trying to do is to send a test mail from the local network or more speecifically send from the server itself. Why would it reject my mails for relaying if im on the local network and as u just said should be allowed without authentication?

Could u think of any other reason for postfix to reject my mails relaying?
Need to see the logs detailing the error to know what might be going on.
How are you trying to send emails from the server?
Do you use a web interface with a form that emails? (check whether the apache user is blocked from sending)
Are you using mail/mailx to compose the message?
SOLUTION
Avatar of David Beveridge
David Beveridge
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Of course if you wanted to use SASL then you'd need an entry in there for it too.
And you'd need to provide all the other parameters to configure SASL.
Hi arnold/bevhost, thanks for your replies.

Bevhost, I just want to get the basics first then add the extra layers later. So don't really want to tackle SASL setup right now, unless you say its an easier approach..

I tried uninstalling and re-installing postfix because I thought I made a mess of it but now not even sending mail within local network is working.

Please see log below:
User generated image
Main.cf:
User generated image
Sorry arnold, I was using telnet to send emails.
mynetworks defined the source IPs from which connecting clients can relay.
Nothing from the public network will be allowed to relay with the exception of the relay_domain. That brings, you should request attention and have the last few mages removed given you have a defined relay_domains which sets your server as a relay for the domain and could be used to spam that domain.

Are you certain that the relayhost should be using port 2525?
I'm certain the relayhost is using port 2525.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok here it is
User generated image
Not sure where the quota of 100. Need to check with tzo.
They seem to only allow 100 connections/transmissions from you.
It seems as this host is designated for email client setup versus an email server relaying through them.
They store and forward emails for me. So I need to be able to handle the mail when it arrives as well as direct my email server to point to them ie. mail.omr.tzo.com when sending emails.
Check with them what the quota means? Is this a time based limitation, or as indicated a connection count based limitation.
Many thanks experts. I'll raise my follow up question in a new post.