| View previous topic :: View next topic |
| Author |
Message |
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
 Posted: Sat Mar 03, 2007 3:47 pm Post subject: Postfix: Relay Access Denied (fixed) |
 |
|
*IF* I send e-mail through squirrelmail (in a sense, sending mail through 127.0.0.1 of the server), I can send mail to any domain I want.
But if I send mail through a mail client on my machine to a domain besides one that belongs to the server, postfix puts out this error:
| Code: | Mar 3 10:39:40 cybergrunge postfix/smtpd[29649]: connect from ebx-cust-66-208-179-40.americainter.net[66.208.179.40]
Mar 3 10:39:40 cybergrunge postfix/smtpd[29649]: NOQUEUE: reject: RCPT from ebx-cust-66-208-179-40.americainter.net[66.208.179.40]: 554 5.7.1 <*****@excite.com>: Relay access denied; from=<*****@cybergrunge.com> to=<*****@excite.com> proto=ESMTP helo=<[192.168.5.17]>
Mar 3 10:39:48 cybergrunge postfix/smtpd[29649]: lost connection after RCPT from ebx-cust-66-208-179-40.americainter.net[66.208.179.40]
Mar 3 10:39:48 cybergrunge postfix/smtpd[29649]: disconnect from ebx-cust-66-208-179-40.americainter.net[66.208.179.40] |
How can I make this machine accept a connection from anyone and send mail to any domain. I already have SMTP authentication turned on, so I'm not too worried about people abusing it.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Last edited by Bigun on Mon Mar 05, 2007 2:42 pm; edited 3 times in total |
|
| Back to top |
|
 |
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Sat Mar 03, 2007 3:55 pm Post subject: |
|
|
Nevermind, it's probably a Authentication issue
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Sat Mar 03, 2007 6:04 pm Post subject: |
|
|
Authentication problem fixed.. still doing the same thing:
| Code: | Mar 3 13:00:15 cybergrunge postfix/smtpd[18527]: connect from ebx-cust-66-208-179-40.americainter.net[66.208.179.40]
Mar 3 13:00:15 cybergrunge postfix/smtpd[18527]: NOQUEUE: reject: RCPT from ebx-cust-66-208-179-40.americainter.net[66.208.179.40]: 554 5.7.1 <*******@excite.com>: Relay access denied; from=<*******@cybergrunge.com> to=<*******@excite.com> proto=ESMTP helo=<[192.168.5.17]>
Mar 3 13:00:19 cybergrunge postfix/smtpd[18527]: lost connection after RCPT from ebx-cust-66-208-179-40.americainter.net[66.208.179.40]
Mar 3 13:00:19 cybergrunge postfix/smtpd[18527]: disconnect from ebx-cust-66-208-179-40.americainter.net[66.208.179.40] |
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
Ma3oxuct
Guru
Joined: 18 Apr 2003
Posts: 523
|
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Sun Mar 04, 2007 8:21 pm Post subject: |
|
|
I bet you're missing this from your main.cf
| Code: |
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Mon Mar 05, 2007 2:42 pm Post subject: |
|
|
| kashani wrote: | I bet you're missing this from your main.cf
| Code: |
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
kashani |
Thank you kashani.... that worked...
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Mon Mar 05, 2007 6:01 pm Post subject: |
|
|
Nice. smtpd_recipient_restrictions controls pretty much everything Postfix does when it comes to sending and receiving mail. Here's mine.
| Code: |
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:2501,
reject_unauth_destination,
permit
|
So I reject invalid host names like localhost.localdomain, things to don't resolve to full domains, seinding to or from domains that don't resolve, and then permit authenticate users, my networks, then grey list anything that made it this far. Remember these are always processed in order.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
|
Networking & Security
