Postfix Issue

[Marius Lewies]

Hi,

 

I am new to Postfix and have taken over the admin thereof.

 

We have a situation where a certain email address get  the following error.  All other mail gets relayed.

 

SMTP error from remote mail server after RCPT TO:<mari...@vegaspartnerlounge.dk>:
host maila.vegaspartnerlounge.dk [196.14.16.67]:
554 5.7.1 <mari...@vegaspartnerlounge.dk>: Relay access denied

 

Below is the main.cf file.  The email address is added to all_ad_recipients and the domain to relay_domains.  I have checked and we are not black listed

 

What am I missing?

 

Thanking you in advance.

Regards

Marius

 

 

# Debian specific:  Specifying a file name will cause the first

# line of that file to be used as the name.  The Debian default

# is /etc/mailname.

#myorigin = /etc/mailname

 

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

biff = no

 

# appending .domain is the MUA's job.

append_dot_mydomain = no

 

# Uncomment the next line to generate "delayed mail" warnings

#delay_warning_time = 4h

 

readme_directory = /usr/share/doc/postfix

 

# TLS parameters

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

smtpd_use_tls=yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

 

myhostname = mxgw.verpakt.com

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = verpakt.com

mydestination =

relayhost =

mynetworks = 127.0.0.0/8, 192.168.135.0/24

mailbox_command = procmail -a "$EXTENSION"

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

html_directory = /usr/share/doc/postfix/html

message_size_limit = 10485760

local_transport = error:No local mail delivery

local_recipient_maps =

virtual_alias_maps = hash:/etc/postfix/virtual

relay_recipient_maps = hash:/etc/postfix/all_ad_recipients

transport_maps = hash:/etc/postfix/transport

relay_domains = hash:/etc/postfix/relay_domains

smtpd_helo_required = yes

#Neville

smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit

smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_client_access regexp:/etc/postf

ix/blacklist_clients, permit

smtpd_data_restrictions = reject_unauth_pipelining

header_checks = regexp:/etc/postfix/header_checks

root@mxgw:~# ^C

root@mxgw:~# smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit

smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_client_access regexp:/etc/postf

ix/blacklist_clients, permit

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_sender_restrictions: command not found

root@mxgw:~# smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_client_access regexp:/etc/postf

smtpd_recipient_restrictions: command not found

root@mxgw:~# ix/blacklist_clients, permit

-bash: ix/blacklist_clients,: No such file or directory

root@mxgw:~# smtpd_data_restrictions = reject_unauth_pipelining

smtpd_data_restrictions: command not found

 

 

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[Ansgar Wiechers]

On 2012-07-23 Marius Lewies wrote:
> We have a situation where a certain email address get the following
> error. All other mail gets relayed.
>
> SMTP error from remote mail server after RCPT
> TO:<mari...@vegaspartnerlounge.dk>:
> host maila.vegaspartnerlounge.dk [196.14.16.67]:
> 554 5.7.1 <mari...@vegaspartnerlounge.dk>: Relay access denied
>
> Below is the main.cf file.

As requested per the list's welcome message: do NOT post your main.cf,
but the output of "postconf -n". The latter is your active Postfix
configuration. Also post an excerpt from your mail log demonstrating the
problem.

> The email address is added to all_ad_recipients and the domain to
> relay_domains. I have checked and we are not black listed
>
> What am I missing?

Did you postmap all_ad_recipients after adding the recipient address?
And $relay_domains is a list, not a map, so the line in main.cf should
be like this:

relay_domains = /etc/postfix/relay_domains

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

[Jerry]

On Mon, 23 Jul 2012 12:19:18 +0200
Marius Lewies articulated:

> I am new to Postfix and have taken over the admin thereof.
>  

> We have a situation where a certain email address get  the following
> error.  All other mail gets relayed.
> SMTP error from remote mail server after RCPT
> TO:<mari...@vegaspartnerlounge.dk>: host maila.vegaspartnerlounge.dk
> [196.14.16.67]: 554 5.7.1 <mari...@vegaspartnerlounge.dk>: Relay
> access denied

> Below is the main.cf file.  The email address is added to

> all_ad_recipients and the domain to relay_domains.  I have checked
> and we are not black listed What am I missing?

For starters you are missing the information listed in your welcome
letter to the group.

Start by reading <http://www.postfix.com/DEBUG_README.html>, in
particular the "Reporting problems to postfi...@postfix.org"
<http://www.postfix.com/DEBUG_README.html#mail>. Including your version
of Postfix, etcetera would be useful also. You could use the output
from the postfinger tool. This can be found at
<http://ftp.wl0.org/SOURCES/postfinger>.

--
Jerry ✌
postfi...@seibercom.net
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

[Ansgar Wiechers]

Please keep this on-list. You're neither family, nor personal friend,
nor paying customer, so you're not entitled to personal support.

On 2012-07-23 Marius Lewies wrote:
> Did you postmap all_ad_recipients after adding the recipient address?

> = Yes did run a ./getadusers and verified that address does exsist.

That was not the question.

I don't know what the command "getadusers" does, but I assume that it's
a script querying users' mail addresses from AD and writing them to a
file. Does the script run the postmap command on the file afterwards?
And how did you verify that the address exists.

> Should I do somtehinge else with "postmap" what is the meaning?

You need to run the command to convert the (plain text) map into the
database file that Postfix uses. You can also use the command to check
the map for existence of a particular key, e.g.:

postmap -q mari...@vegaspartnerlounge.dk \
hash:/etc/postfix/all_ad_recipients

> And $relay_domains is a list, not a map, so the line in main.cf should

> be like this: = This used to work before new address was added. All
> other domains within the file is relaying. What is the difference
> between a map and a list?

A map is mapping one thing to another thing. Hence the name.

f...@example.com x
b...@example.com x
...

For some maps the right-hand value defines the action to be taken (e.g.
DUNNO, REJECT, OK). For $relay_recipient_maps, however, the right-hand
value merely needs to exist, which will indicate a valid address.

A list OTOH is just a list, i.e. a flat file with one item per line.

example.com
example.org
...

> relay_domains = /etc/postfix/relay_domains
>
> Postconf -n result
[...]
> relay_domains = hash:/etc/postfix/relay_domains

Fix that.

[...]
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_non_fqdn_recipient,
> reject_unauth_destination,

This is barely safe. The reject_unauth_destination restriction is the
one that prevents you from being an open relay. It should be the first
rule after those that allow relaying for selected clients (i.e.
permit_mynetworks and/or permit_sasl_authenticated).

> reject_unauth_pipelining,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client bl.spamcop.net,
> check_client_access regexp:/etc/postfix/blacklist_clients,

RBL lookups are usually more expensive than lookups in local tables, so
reject_rbl_client should go after check_client_access.

[Marius Lewies]

Nor did I think I am. This is the first time that I am using this
forum. Instead of replying to all I mistakenly replied to yourself.
If you are not prepared to assist or help and Yes I know you ALL do it
on your own time and free will I will gladly remove myself from the
list.

[James Day]

No need to get upset.

Mistakes do happen, I find myself automatically clicking the reply button instead of reply to all so you're not alone.

The people on this list are willing to help you. You just need to help yourself a bit by reading the appropriate documentation. Postfix is possibly the best documented piece of open source software and as such it is frustrating when people come to the list with issues that could be easily resolved by reading it.

PS

Polite notice: Please don't top post on the list - it makes the conversations much harder to follow.

Kind regards,

James Day

[Marius Lewies]

Hi,

Thank you for the reply James.

Referring to Ansgar reply it seems that relay_domains.db is out of
date. Ansgar suggested " You need to run the command to convert the
(plain text) map into the database file that Postfix uses" How to do or
else, where can I find the instruction to do this. This is the test I
done.

root@mxgw:/etc/postfix# postmap -q vegaspartnerlounge.dk
hash:/etc/postfix/relay_domains
postmap: warning: database /etc/postfix/relay_domains.db is older than
source file /etc/postfix/relay_domains
root@mxgw:/etc/postfix#

And Ansgar, thank for the help in any case!

Regards
Marius

[Reindl Harald]

Am 23.07.2012 16:03, schrieb Marius Lewies:

please strip qutoings a little bit!

> Referring to Ansgar reply it seems that relay_domains.db is out of
> date. Ansgar suggested " You need to run the command to convert the
> (plain text) map into the database file that Postfix uses" How to do or
> else, where can I find the instruction to do this. This is the test I
> done.
>
> root@mxgw:/etc/postfix# postmap -q vegaspartnerlounge.dk
> hash:/etc/postfix/relay_domains
> postmap: warning: database /etc/postfix/relay_domains.db is older than
> source file /etc/postfix/relay_domains
> root@mxgw:/etc/postfix#

postmap /etc/postfix/relay_domains

[James Day]

> > You need to run the command to convert the (plain text) map into the

> Referring to Ansgar reply it seems that relay_domains.db is out of date.
> Ansgar suggested " You need to run the command to convert the (plain text)
> map into the database file that Postfix uses" How to do or else, where can I
> find the instruction to do this. This is the test I done.
>
> root@mxgw:/etc/postfix# postmap -q vegaspartnerlounge.dk
> hash:/etc/postfix/relay_domains
> postmap: warning: database /etc/postfix/relay_domains.db is older than
> source file /etc/postfix/relay_domains root@mxgw:/etc/postfix#
>

> And Ansgar, thank for the help in any case!
>
> Regards
> Marius
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.

Your relay_domains file should like something like:

example.com x
example2.com x

etc...

It really doesn't matter what is on the right hand side, as long as there is something there.

This file is all well and good but cannot be used by postfix until you run the postmap command. Simple run:

postmap relay_domains

(
If you're not in the same directory as the file you'll need to put the full path, e.g:

postmap /etc/postfix/relay_domains
)

This makes the file usable by postfix - whenever you update a hash table you have to run postmap again for the change to take effect on the live configuration.

Kind regards,

James Day

[Marius Lewies]

Thank you for the help !!!

[Reindl Harald]

would you please strip your quotes a little bit
and at least remove multiple header-blocks

this starts to become complete unreadable

thank you!

Am 23.07.2012 16:39, schrieb Marius Lewies:
>
> -----Original Message-----
> From: James Day [mailto:Jame...@ontraq.com]
> Sent: Monday, July 23, 2012 4:15 PM
> To: Marius Lewies; Ansgar Wiechers; postfi...@postfix.org
> Subject: RE: Postfix Issue
>
>
>> -----Original Message-----
>> From: Marius Lewies [mailto:mari...@verpakt.com]
>> Sent: 23 July 2012 15:03
>> To: James Day; Ansgar Wiechers; postfi...@postfix.org
>> Subject: RE: Postfix Issue
>>
>>
>>
>> -----Original Message-----
>> From: James Day [mailto:Jame...@ontraq.com]
>> Sent: Monday, July 23, 2012 3:45 PM
>> To: Marius Lewies; Ansgar Wiechers; postfi...@postfix.org
>> Subject: RE: Postfix Issue
>>
>>> -----Original Message-----
>>> From: owner-pos...@postfix.org [mailto:owner-postfix-
>>> us...@postfix.org] On Behalf Of Marius Lewies
>>> Sent: 23 July 2012 14:32
>>> To: Ansgar Wiechers; postfi...@postfix.org
>>> Subject: RE: Postfix Issue
>>>

[Ansgar Wiechers]

On 2012-07-23 Marius Lewies wrote:
> Referring to Ansgar reply it seems that relay_domains.db is out of
> date. Ansgar suggested " You need to run the command to convert the
> (plain text) map into the database file that Postfix uses" How to do
> or else, where can I find the instruction to do this. This is the
> test I done.
>
> root@mxgw:/etc/postfix# postmap -q vegaspartnerlounge.dk
> hash:/etc/postfix/relay_domains
> postmap: warning: database /etc/postfix/relay_domains.db is older than
> source file /etc/postfix/relay_domains
> root@mxgw:/etc/postfix#

Please re-read my previous mail. Why is $relay_domains still a map in
your config? Change this

relay_domains = hash:/etc/postfix/relay_domains

into this

relay_domains = /etc/postfix/relay_domains

and run "/etc/init.d/postfix reload".