| View previous topic :: View next topic |
| Author |
Message |
ahuacatlan
n00b
Joined: 29 Dec 2008
Posts: 74
|
 Posted: Mon Jan 05, 2009 8:09 am Post subject: Postfix won't send to external users |
 |
|
I can receive email just fine, and read it with my IMAP client, Thunderbird. And I can send emails to local users on this same Gentoo server as me.
But when I try to send emails to external users, say a gmail user, I get the following error (from thunderbird):
| Code: | The mail server responded: 5.7.1 <mytestaccount@gmail.com>: Relay access denied. Please check the message recipients and try again.
|
How might I fix this?
Thanks |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Mon Jan 05, 2009 8:34 am Post subject: |
|
|
| You should be checking your Postfix logs. Probably find mynetworks needs setting correctly. |
|
| Back to top |
|
|
ahuacatlan
n00b
Joined: 29 Dec 2008
Posts: 74
|
| Posted: Mon Jan 05, 2009 9:33 am Post subject: |
|
|
thanks for the suggestion.
If I may ask an amateur question...
where are the postfix logs? I don't see anything obviously related to postfix or mtas in /var/log |
|
| Back to top |
|
|
ahuacatlan
n00b
Joined: 29 Dec 2008
Posts: 74
|
| Posted: Mon Jan 05, 2009 9:55 am Post subject: |
|
|
I found logs from postfix in /var/log/messages. There was a huge amount of activity logged, but this is where the error seems to be occurring:
| Code: | Jan 5 04:50:42 mail postfix/smtpd[15026]: >>> START Recipient address RESTRICTIONS <<<
Jan 5 04:50:42 mail postfix/smtpd[15026]: generic_checks: name=permit_mynetworks
Jan 5 04:50:42 mail postfix/smtpd[15026]: permit_mynetworks: unknown 12.34.56.78
Jan 5 04:50:42 mail postfix/smtpd[15026]: match_hostname: unknown ~? 127.0.0.0/8
Jan 5 04:50:42 mail postfix/smtpd[15026]: match_hostaddr: 12.34.56.78 ~? 127.0.0.0/8
Jan 5 04:50:42 mail postfix/smtpd[15026]: match_hostname: unknown ~? 10.1.1.0/24
Jan 5 04:50:42 mail postfix/smtpd[15026]: match_hostaddr: 12.34.56.78 ~? 10.1.1.0/24
Jan 5 04:50:42 mail postfix/smtpd[15026]: match_list_match: unknown: no match
Jan 5 04:50:42 mail postfix/smtpd[15026]: match_list_match: 12.34.56.78: no match
Jan 5 04:50:42 mail postfix/smtpd[15026]: generic_checks: name=permit_mynetworks status=0
Jan 5 04:50:42 mail postfix/smtpd[15026]: generic_checks: name=reject_unauth_destination
Jan 5 04:50:42 mail postfix/smtpd[15026]: reject_unauth_destination: myusername@gmail.com
Jan 5 04:50:42 mail postfix/smtpd[15026]: permit_auth_destination: myusername@gmail.com
Jan 5 04:50:42 mail postfix/smtpd[15026]: ctable_locate: leave existing entry key myusername@gmail.com
Jan 5 04:50:42 mail postfix/smtpd[15026]: NOQUEUE: reject: RCPT from unknown[12.34.56.78]: 554 5.7.1 <myusername@gmail.com>: Relay access denied; from=<user@foo.org> to=<myusername@gmail.com> proto=ESMTP helo=<ah$
Jan 5 04:50:42 mail postfix/smtpd[15026]: generic_checks: name=reject_unauth_destination status=2
Jan 5 04:50:42 mail postfix/smtpd[15026]: > unknown[12.34.56.78]: 554 5.7.1 <myusername@gmail.com>: Relay access denied
|
|
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Mon Jan 05, 2009 5:09 pm Post subject: |
|
|
| i may be reading this wrong, but it almost seems like the IP youre connecting from to try and send mail isn't listed in $mynetworks, and as such this is detected as a relay attempt |
|
| Back to top |
|
|
ahuacatlan
n00b
Joined: 29 Dec 2008
Posts: 74
|
| Posted: Mon Jan 05, 2009 5:52 pm Post subject: |
|
|
Okay, that makes sense.
But I want to disable this feature then, as mail users logging in through IMAP will always be on very different and random IPs.
Do I need to enable some type of more advanced authentication maybe? |
|
| Back to top |
|
|
ziggysquatch
Apprentice
Joined: 16 Nov 2004
Posts: 172
Location: /USA/Minnesota
|
| Posted: Mon Jan 05, 2009 6:24 pm Post subject: |
|
|
I believe you would have to set up authentication for SMTP then. I had one station that had random IP's and I had to keep updating my network_table file to allow them.
I used a script that used dig to get the current IP and then modify the network_table file accordingly.
/etc/postfix/network_table:
The 000.000.000.000 would be an IP you want to allow. Then do postmap /etc/postfix/network_table
/etc/postfix/main.cf:
| Code: |
mynetworks = 192.168.1.0/24, 127.0.0.0/8, hash:/etc/postfix/network_table
|
And here I add the reference to mynetworks. Then the script ran in a cron every 30 minutes to check that the IP of the remote host hadn't changed and if it did it would update the mynetwork file and repostmap it then reload the config.
This is how I got it to work without having to add authentication. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Mon Jan 05, 2009 7:12 pm Post subject: |
|
|
| ahuacatlan wrote: | Okay, that makes sense.
But I want to disable this feature then, as mail users logging in through IMAP will always be on very different and random IPs.
Do I need to enable some type of more advanced authentication maybe? |
If you use Dovecot for IMAP, you can use Dovecot SASL with Postfix and it's relatively painless. |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Fri Jan 09, 2009 1:24 pm Post subject: |
|
|
you might look at pulling down saslauthd, and then adding permit_sasl_authenticated to your smtpd_recipient_restrictions within main.cf
basically, if users auth against saslauthd, permit the relay
key points:
-saslauthd needed
-smtpd_sasl_auth_enable set to yes
-permit_sasl_authenticated added to smtpd_recipient_restrictions
more here |
|
| Back to top |
|
|
|
Networking & Security
