> On Mar 25, 2019, at 1:37 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> >> # /var/log/mail.log: >> Mar 24 18:37:35 alpha.mydomain.com postfix/postscreen[11964]: CONNECT from >> [192.168.1.4]:52147 to [192.168.1.6]:25 >> Mar 24 18:37:35 alpha.mydomain.com postfix/postscreen[11964]: PASS OLD >> [192.168.1.4]:52147 >> Mar 24 18:37:35 alpha.mydomain.com postfix/smtpd[11966]: connect from >> unknown[192.168.1.4] >> Mar 24 18:37:35 alpha.mydomain.com postfix/smtpd[11966]: NOQUEUE: reject: >> RCPT from unknown[192.168.1.4]: 554 5.7.1 <mygm...@gmail.com>: Relay access >> denied; from=<myusern...@mydomain.com> to=<mygm...@gmail.com> proto=ESMTP >> helo=<mydomain.com> > > This is likely blocked by "smtpd_relay_restrictions", or your > mynetworks setting had not yet taken effect for all the running > smtpd(8) processes.
At the moment, that directive is commented-out. I was getting reports that it was not being used: $ sudo postfix reload /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated reject_unauth_destination postfix/postfix-script: refreshing the Postfix mail system Either way, with that directive active or not, same results: Relay access denied >> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >> permit > > This is rather pointless. > >> smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks >> reject unauthdestination permit > > This is rather busted. I don’t know why. This is how the package came. >> smtpd_tls_ciphers = medium >> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL > > The default settings are better. These are the defaults it came with. >> use_sacl_cache = yes > > This must be some Apple-specific Postfix setting, are you running Apple's > Postfix binaries? They all are. Yes this is Mountain Lion (10.8.5) Server. Is there a default setup for LAN access? I find their setup rather restrictive. I’ve had issues with this setup before. Security in the LAN is tight already, so I don’t need my mail server keeping me out. Cheers _____________ Rich in Toronto @ VP
