Home / server / Questions / 583372
Accepted
jmazaredo
Asked: 2014-03-21 03:09:04 +0800 CST

postfix transport relay access denied

  • 772

When message arrives from other mail server (yahoo/gmail) on my postfix server it gets denied and not being transported using the transport on my configuration. Been checking whole day can't find anything hope you guy can help me.

getting this error:

Mar 20 17:41:19 smtp postfix/smtpd[2103]: NOQUEUE: reject: RCPT from mail.com [xxx.xxx.xxx.xxx]: 554 5.7.1 user_at_transport.com: Relay access denied; from=sales_at_mail.com to=user_at_domain_on_transport.com proto=ESMTP helo= mail.com

queue_directory = /raid/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = smtp.example.com

unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554

mynetworks = /etc/postfix/mynetworks
relay_domains = /etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipient_maps
virtual_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_command = /usr/bin/procmail
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/header_checks
default_destination_concurrency_limit = 50
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.10/samples
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
lmtp_tcp_port = 2003
maximal_queue_lifetime = 7d
message_size_limit = 32000000
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
        reject_rbl_client b.barracudacentral.org
        reject_rbl_client cbl.abuseat.org
        reject_rbl_client zen.spamhaus.org
        reject_rbl_client rabl.nuclearelephant.com
        reject_rbl_client bl.spamcop.net
        permit_mynetworks
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/access
        reject_unauth_pipelining
        reject_invalid_hostname    
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
        reject_non_fqdn_sender
        reject_unknown_sender_domain
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access
        check_recipient_access hash:/etc/postfix/access
        reject_non_fqdn_recipient
        reject_unknown_recipient_domain
        permit_mx_backup
        permit_mynetworks
        reject_unauth_destination
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 30
smtpd_client_connection_limit_exceptions = 202.xxx.xxx.xxx/24
smtpd_client_event_limit_exceptions = 202.xxx.xxx.xxx/24
permit_mx_backup_networks = /etc/postfix/mynetworks
                203.xxx.xxx.xxx/32
address_verify_map = hash:/etc/postfix/verify
address_verify_sender = [email protected]
address_verify_negative_cache = yes
address_verify_negative_refresh_time = 1d
disable_vrfy_command = yes
smtpd_banner = $myhostname 
smtpd_delay_reject = no
strict_rfc821_envelopes = yes
smtpd_error_sleep_time = 0s
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
html_directory = no
bounce_queue_lifetime = 60m
biff = no
unknown_local_recipient_reject_code = 450

smtp      inet  n       -       n       -       -       smtpd
  -o content_filter=smtp-amavis:127.0.0.1:10024
  -o receive_override_options=no_address_mappings
pickup    fifo  n       -       n       60      1       pickup
  -o content_filter=
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
smtp-amavis  unix  -    -       y       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o disable_dns_lookups=yes
  -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
  -o content_filter=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o receive_override_options=no_header_body_checks
  -o smtpd_bind_address=127.0.0.1
  -o smtpd_helo_required=no
  -o smtpd_client_restrictions=
  -o smtpd_restriction_classes=
  -o disable_vrfy_command=no
  -o strict_rfc821_envelopes=yes
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
vacation    unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
postfix

1 Answers

  1. Best Answer

    To allow your server to act as a relay for other mail domains, you need to have three different pieces. First you need to tell postfix that it is responsible for the domain(s). That is normally done in the virtual_mailbox_domains option, for example

    virtual_mailbox_domains=/etc/postfix/virtual_domains.txt

    In /etc/postfix/virtual_domains.txt you would list the domains, 1 per line:

    example.net
domain.com

    Then you need to tell postfix that the final destination is not the local machine, which is done in the transport table:

    example.net smtp:[1.2.3.4] 
domain.com smtp:[mail.domain.com]

    The transport table can be configured in many ways, reading the documentation is advisable to find the best solution to your situation. The examples I have posted uses [] around the final destination, to exclude MX lookups.

    Finally, you will need an MX record for the domain you want to relay for, pointing to your mailserver.

    • 3