Postfix : Relay Access Denied due to ESMTP

mailmanpostfixsmtp

I have setup mailman and postfix, but the mails are not sent to through the mailing list. Postfix rejects it because the recipient domain is not added in postfix_domains.

This is my main.cf:

recipient_delimiter = +
unknown_local_recipient_reject_code = 500
owner_request_special = no
myhostname = develop.product.company.com
mynetworks = 10.92.5.5/16

# Increase deferred mail delivery frequency
queue_run_delay = 60s
minimal_backoff_time = 30s
maximal_backoff_time = 120s
# BEGIN ANSIBLE MANAGED BLOCK
recipient_delimiter = +
unknown_local_recipient_reject_code = 500
owner_request_special = no
transport_maps =  hash://opt/mailman/var/data/postfix_lmtp
local_recipient_maps =  hash://opt/mailman/var/data/postfix_lmtp
relay_domains = hash://opt/mailman/var/data/postfix_domains
# END ANSIBLE MANAGED BLOCK

The mailing lists in Mailman have been created in domain1.com and domain2.com, the file postfix_domains looks like:

# AUTOMATICALLY GENERATED BY MAILMAN ON 2017-02-09 02:43:51
#
# This file is generated by Mailman, and is kept in sync with the binary hash
# file.  YOU SHOULD NOT MANUALLY EDIT THIS FILE unless you know what you're
# doing, and can keep the two files properly in sync.  If you screw it up,
# you're on your own.

domain1.com domain1.com
domain2.com domain2.com

When I try sending a mail to that mailing list, in which persona@company.com is a subscriber, I get the following error:

postfix/smtpd[8110]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 454 4.7.1 <persona@company.com>: Relay access denied; from=<testing-mailinglist-bounces@domain1.com> to=<persona@company.com> proto=ESMTP helo=<ip-10-92-34-5.ap-northeast-1.compute.internal>

I run the following command postconf -d | grep "smtpd_r" to get the following results :

postscreen_reject_footer = $smtpd_reject_footer
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions =
smtpd_reject_footer =
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_restriction_classes =

I have read similar questions asked in this forum, but I do not find such an exact problem. Can anybody help me out with this?

Thank you!

Best Answer

Authorized networks are defined with the mynetworks configuration parameter in main.cf

As you are sending email from localhost:

postfix/smtpd[8110]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 454 4.7.1 <persona@company.com>: Relay access denied; from=<testing-mailinglist-bounces@domain1.com> to=<persona@company.com> proto=ESMTP helo=<ip-10-92-34-5.ap-northeast-1.compute.internal>

You have to allow postfix to forward email coming from localhost. Edit main.cf adding:

mynetworks = 127.0.0.0/8

Related Solutions

Linux – How to correct Postfix’ ‘Relay Access Denied’

TLS just enables encryption on the smtp session and doesn't directly affect whether or not Postfix will be allowed to relay a message.

The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:

smtpd_recipient_restrictions =
    permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    permit_mynetworks
    reject_unauth_destination

To explain those rules:

permit_sasl_authenticated

permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.

check_recipient_access

This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)

permit_mynetworks

This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.

Based on that configuration, your mail client will need to use SMTP Authentication before being allowed to relay messages. I'm not sure what database SASL is using. That is specified in /usr/lib/sasl2/smtpd.conf Presumably it also uses the same database as your virtual mailboxes, so you should be able enable SMTP authentication in your mail client and be all set.

Postfix – Fixing Mail Loops Back to Myself Issue

This happens when domain.com has an MX record (or, in the absence of an MX, an A record) that points to your Postfix server, but your Postfix server is not configured to accept mail for that domain. It's commonly seen in two situations:

You've acquired a new domain that you want to use for email, but you just forgot to add it to Postfix. There are a couple ways to do it. In my case, I'm using the virtual table to map addresses to real local users, so I list my domains in the virtual_alias_domains directive in main.cf.
The domain has its MX record set to a host that resolves to 127.0.0.1. Some malware will use this trick so they can set their return address to a valid domain, which most anti-spam measures will check for. However, the MX effectively prevents any delivery to that address, so the sender doesn't have to deal with replies or bounces.

Best Answer

Related Solutions

Linux – How to correct Postfix’ ‘Relay Access Denied’

Postfix – Fixing Mail Loops Back to Myself Issue

Related Topic