Postfix on Cent OS no relaying to On Premise Exchange Server

Cent OS 7
postfix

I recently upgraded my on premise exchange server from 2010 to Exchange 2016 CU 9 DAG 2 Node

After the upgrade my cron jobs stopped sending emails.

 I modified the main.cf file

/usr/libexec/postfix/main.cf
[root]# vi /usr/libexec/postfix/main.cf
[root]# vi /etc/postfix/main.cf

Found two of them

restarted postfix
 systemctl restart postfix

sent test email

 echo test | mailx -s TEST admin@mynet.com

[root@]# mailq
/var/spool/mqueue is empty
      Total requests: 0
[root]#

Email is never received and it is not stuck in the q

I run logwatch cron job daily and receive none

Any ideas

Thank you

Tom
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael B. SmithExchange & Active Directory ExpertCommented:
what does the postfix transmission log say?

did you enable verbose logging on the exchange receive connector? if so, what does it say?
0
Thomas GrassiSystems AdministratorAuthor Commented:
Michael

In the file /var/log/maillog    

Aug 28 20:53:21 tgcs018 postfix/smtpd[29596]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 454 4.7.1 <admin@mynet.com>: Relay access denied; from=<root@centserver.mynet.com> to=<admin@mynet.com> proto=ESMTPhelo                                                                 =<centserver.mynet.com>


The Cent OS server is on the same subnet as the on premise exchange server.  I have Ubuntu and Raspberry PI Raspbian working fine they also are all on the same subnet.

Thoughts
0
Michael B. SmithExchange & Active Directory ExpertCommented:
Exchange does not, by default, allow relaying from anywhere. Even the same subnet.

You'll need to enable relay on the receive connector for this IP, or use authenticated SMTP to validate your access to the Exchange server.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Thomas GrassiSystems AdministratorAuthor Commented:
Michael

My receive connector does allow all my internal servers to relay mail thru

under scoping  Remote Network settings  Ip Addresses is   10.2.9.0/22

Network adapter bindings is All available IPV4   port 25

I added the ip address of the cent server to the relay connector on both dags but still getting same error relay access denied

Is there something in the main.cf that I can use?
0
Mihai BarbosTrying to tame bits. They're nasty.Commented:
Somewhere in main.cf there's a parameter mynetworks. That's what controls the relaying.
You can read more about it here
0
Barry GillChief of StaffCommented:
The relay error is not coming from Exchange. You won't find any associated logs there...

This is due to a configuration error in Postfix.

You say you have two main.cf files
/usr/libexec/postfix/main.cf
/etc/postfix/main.cf

Open in new window

What is the difference between these two? There should only be one main.cf in use and a typical CentOS installation would use /etc/postfix/main.cf. Check your startup parameters to confirm where you are getting your configs from and then go check that main.cf file out (and anything it references). A handy way to do this is by using
postconf -n

Open in new window

. This will output anything non-standard (and will hopefully show you which file is being referenced.

SO, things to look for in /etc/postfix/main.cf:
myhostname = centserver.mynet.com
mydomain = mynet.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
relayhost = $mydomain
inet_interfaces = loopback-only
mydestination =

Open in new window


Once you make changes to main.cf, make sure you don't forget to check master.cf too...
0
Thomas GrassiSystems AdministratorAuthor Commented:
Mihai

The link does not work


Barry

[root@tgcs018 /]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = loopback-only
inet_protocols = ipv4
local_transport = error: local delivery disabled
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination =
mydomain = mynet.com
myhostname = CENTSERVER.mynet.com
mynetworks = 10.2.9.0/22
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relayhost = 10.2.9.17
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

Open in new window


So that shows that the main.cf is coming from  /etc/postfix  

I renamed the main.cf in /usr/libexec/postfix     restarted postfix but no email yet


Thoughts?
0
Mihai BarbosTrying to tame bits. They're nasty.Commented:
Sorry, the link works now.

Your localhost is not in mynetworks. Change mynetworks to something like:

mynetworks = 127.0.0.0/8 10.2.9.0/22

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Mihai

That was it  needed the  127.0.0.0/8 added to mynetworks in main.cf


Barry

Thank for your help also
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.