On 11.11.20 10:30, Chris Green wrote:
Subject: Getting 'Relay access denied' from one LAN host but not from
another - why?
I have Postfix 3.4.13 running on my xubuntu 20.04 system.
It's configured to send outgoing E-Mail to my hosting provider's smart
host and to deliver incoming E-Mail to local users (basically just me).
This has been working for several years.
Also configured a while ago and working OK are some local E-Mail
senders such as a backup system on the LAN which send any backup error
messages to me. I have just tested this by sending a test error
message and this works OK, see this bit of mail.log:-
Nov 11 10:10:39 esprimo postfix/smtpd[2245946]: connect from
pibackup.zbmc.eu[192.168.1.108]
Nov 11 10:10:39 esprimo postfix/smtpd[2245946]: D36AC2C059A:
client=pibackup.zbmc.eu[192.168.1.108]
Nov 11 10:10:39 esprimo postfix/cleanup[2245950]: D36AC2C059A: message-id=<> Nov
11 10:10:39 esprimo postfix/qmgr[1320]: D36AC2C059A: from=<root@pibackup>, size=433,
nrcpt=1 (queue active)
Nov 11 10:10:39 esprimo postfix/smtpd[2245946]: disconnect from
pibackup.zbmc.eu[192.168.1.108] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 11 10:10:39 esprimo postfix/local[2245951]: D36AC2C059A:
to=<chris@esprimo>, relay=local, delay=0.08, delays=0.01/0.01/0/0.06,
dsn=2.0.0, status=sent (delivered to command: /home/chris/.mutt/bin/filter.py)
Nov 11 10:10:39 esprimo postfix/qmgr[1320]: D36AC2C059A: removed
this message is not relayed, but delivered locally.
However E-Mail sent from another system on the LAN (a Draytek 2820n
router) is being rejected with "Relay access denied" and I don't
understand why. Here is the mail.log output:-
Nov 9 09:41:09 esprimo postfix/smtpd[1894400]: connect from
2820n.zbmc.eu[192.168.1.20]
Nov 9 09:41:09 esprimo postfix/smtpd[1894400]: NOQUEUE: reject: RCPT from
2820n.zbmc.eu[192.168.1.20]: 454 4.7.1 <[email protected]>: Relay access denied;
from=<[email protected]> to=<[email protected]> proto=SMTP helo=<isbd.co.uk>
Nov 9 09:41:09 esprimo postfix/smtpd[1894400]: disconnect from
2820n.zbmc.eu[192.168.1.20] helo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
Nov 9 10:09:54 esprimo postfix/smtpd[1897924]: connect from
2820n.zbmc.eu[192.168.1.20]
Nov 9 10:09:54 esprimo postfix/smtpd[1897924]: NOQUEUE: reject: RCPT from
2820n.zbmc.eu[192.168.1.20]: 454 4.7.1 <[email protected]>: Relay access denied;
from=<[email protected]> to=<[email protected]> proto=SMTP helo=<isbd.co.uk>
Nov 9 10:09:54 esprimo postfix/smtpd[1897924]: disconnect from
2820n.zbmc.eu[192.168.1.20] helo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
I can't understand why one message is delivered while the other is
rejected.
this message is not to be delivered locally, but to relayed.
# See /usr/share/postfix/main.cf.dist for a commented, more complete
version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package
for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = esprimo.zbmc.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zbmc.eu
mydestination = zbmc.eu esprimo.zbmc.eu, esprimo, chris.zbmc.eu
relayhost = [mail.gandi.net]:465
# relayhost = [mail.gridhost.co.uk]:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
message_size_limit = 120480000
compatibility_level = 2
Shouldn't that permit_mynetworks allow E-Mail from 2820n.zbmc.eu[192.168.1.20]
as it does allow it from pibackup.zbmc.eu[192.168.1.108]? Can anyone
suggest what might be wrong?
only if 192.168.1.20 was in your mynetworks list, and it is not.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
