Postfix Mail Relay for Local Network

Ricky Nguyen
Ricky Nguyen used Ask the Experts™
on
Hi Experts,

I've been trying to setup my Postfix Email Server but having no luck so I bought a book call "The Book of Postfix". In Chapter 4, it says, in order to allow local network to relay, we just need to configure "mynetworks" as per below statement.


Is this correct? I was told differently from another posting:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27695984.html

Shouldn't you need to configure SASL in order to relay?

Any comments would be appreciated.

Regards,
Rick
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
SASL deals with users authenticating prior to sending.  mynetworks defines who can relay through the server without the need to authenticate on the local network.
You would not want to define a Public (external IP/Range of IPs) as allowed to relay through your server as the other post referenced unless:
1) you own and have full control of the segments in question.
2) You make sure if you do not own the segments to remove them from the configuration once you no longer control them.  While it is not likely that the next party that gets those IP allocated will know that your email server is open to them to relay through, it is best to maintain a concise definition/configuration.

Author

Commented:
Ok thanks arnold. But all ive been trying to do is to send a test mail from the local network or more speecifically send from the server itself. Why would it reject my mails for relaying if im on the local network and as u just said should be allowed without authentication?

Could u think of any other reason for postfix to reject my mails relaying?
Distinguished Expert 2017

Commented:
Need to see the logs detailing the error to know what might be going on.
How are you trying to send emails from the server?
Do you use a web interface with a form that emails? (check whether the apache user is blocked from sending)
Are you using mail/mailx to compose the message?
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

David BeveridgeLinux Systems Admin
Commented:
You also need to check what you have for the smtpd_client_restrictions.
Here is a simple example.

from http://www.postfix.org/SMTPD_ACCESS_README.html

/etc/postfix/main.cf:
    # Allow connections from trusted networks only.
    smtpd_client_restrictions = permit_mynetworks, reject

Open in new window

David BeveridgeLinux Systems Admin

Commented:
Of course if you wanted to use SASL then you'd need an entry in there for it too.
And you'd need to provide all the other parameters to configure SASL.

Author

Commented:
Hi arnold/bevhost, thanks for your replies.

Bevhost, I just want to get the basics first then add the extra layers later. So don't really want to tackle SASL setup right now, unless you say its an easier approach..

I tried uninstalling and re-installing postfix because I thought I made a mess of it but now not even sending mail within local network is working.

Please see log below:
maillog
Main.cf:
maincf

Author

Commented:
Sorry arnold, I was using telnet to send emails.
Distinguished Expert 2017

Commented:
mynetworks defined the source IPs from which connecting clients can relay.
Nothing from the public network will be allowed to relay with the exception of the relay_domain. That brings, you should request attention and have the last few mages removed given you have a defined relay_domains which sets your server as a relay for the domain and could be used to spam that domain.

Are you certain that the relayhost should be using port 2525?

Author

Commented:
I'm certain the relayhost is using port 2525.
Distinguished Expert 2017
Commented:
Did you check with the server through whom you are relaying to make sure your system is allowed to relay?
use telnet and connect to the relay host. (send helo <yourservername>)  The issue will be made clear.

Author

Commented:
Ok here it is
telnet

Author

Commented:
Not sure where the quota of 100. Need to check with tzo.
Distinguished Expert 2017

Commented:
They seem to only allow 100 connections/transmissions from you.
It seems as this host is designated for email client setup versus an email server relaying through them.

Author

Commented:
They store and forward emails for me. So I need to be able to handle the mail when it arrives as well as direct my email server to point to them ie. mail.omr.tzo.com when sending emails.
Distinguished Expert 2017

Commented:
Check with them what the quota means? Is this a time based limitation, or as indicated a connection count based limitation.

Author

Commented:
Many thanks experts. I'll raise my follow up question in a new post.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial