Dual delivery Google Apps and Postifx (server reject mail from the domain on google)

g-suitepostfixsmtp

This is the scenario:

I have a server with Postfix and some domains, and now, one of this domains want to use Gmail Google Apps only in a couple of accounts.

The end-user configure the domain with Google MX registrys, configure the mail accounts in Google and the other accounts points to my server.

I've configured the external accounts with transport to the MX.

When I send an email for example, from Hotmail, if the account is configured in Google Apps, google keep the mail, and if the account is in my server, then google transport the email to my server.

When internal accounts from my server send mails, I can decide what I do with it and transport to local account or to google.

The problem is:

When the accounts in Google Apps with my client domain try to send mails to same domain accounts, but in my server, my postfix reject this emails with the next message:

30 14:00:28 ***** postfix/smtpd[13400]: NOQUEUE: reject: RCPT from mail-la0-f43.google.com[209.85.215.43]: 553 5.7.1 <client-on-google@domain.com>: Sender address rejected: not logged in; from=<client-on-google@domain.com> to=<client-on-my-server@domain.com> proto=ESMTP helo=<mail-la0-f43.google.com>

This is normal, but… how I can permit relay from google to this users/domain only?

I call to Google Apps support, and they say they don't permit smtp auth on my server to send this mails.

Another solution?

Best Answer

I solve it with Postfix white list managed by ISPConfig:

Mail -> Global filters -> Postfix Whitelist Just add a new mail with the filter type "Sender".

This permit all the traffic from the mail/domain specified.

Related Solutions

Linux – How to correct Postfix’ ‘Relay Access Denied’

TLS just enables encryption on the smtp session and doesn't directly affect whether or not Postfix will be allowed to relay a message.

The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:

smtpd_recipient_restrictions =
    permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    permit_mynetworks
    reject_unauth_destination

To explain those rules:

permit_sasl_authenticated

permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.

check_recipient_access

This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)

permit_mynetworks

This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.

Based on that configuration, your mail client will need to use SMTP Authentication before being allowed to relay messages. I'm not sure what database SASL is using. That is specified in /usr/lib/sasl2/smtpd.conf Presumably it also uses the same database as your virtual mailboxes, so you should be able enable SMTP authentication in your mail client and be all set.

Ubuntu – How to Setup Mail Server with Google Apps

Easiest way to do this is to avoid using exim and to use sSMTP which is a lightweight MTA.

All you need to do is install it:

sudo apt-get install ssmtp mailutils

and configure it (edit /etc/ssmtp/ssmtp.conf) to use your Google Mail servers see:

root=noreply@yourdomain.com
mailhub=smtp.gmail.com:587
UseSTARTTLS=yes
UseTLS=yes
AuthUser=youremail@yourdomain.com
AuthPass=password
FromLineOverride=YES

I've been using this set-up for a while now and it just works - It's also nice to not need to be running exim when it's not necessary and let Google's mail servers handle everything for you.

Related Topic