Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Google Cloud Computing Engine and relay to Mailjet

28 views
Skip to first unread message

Rafael Morales Gamboa

unread,
Jul 22, 2020, 5:08:35 PM7/22/20
to
Hello,

I have created a Google Cloud Computing Engine, which has an internal hostname (portal-pencomx) and domain (c.fresh-myth-281704.internal), but also an external domain (pencomx.org).

Google recommends to send email through and smarthost, so I have setup an account in Mailjet.

Now, if I send and email using 'mail -aFrom:us...@pencomx.org ExternalEmailAddress' everything goes fine. So I tried to use smtp_generic_maps to automatically change the sender email address, but it does not work. What I get is

Jul 22 20:51:45 portal-pencomx postfix/smtp[22740]: B3FD561FAB: to=<ExternalEmailAddress>, relay=in.mailjet.com[104.199.96.85]:587, delay=1.2, delays=0.02/0.01/1.1/0.14, dsn=4.7.1, status=deferred (host in.mailjet.com[104.199.96.85] said: 454 4.7.1 <ExternalEmailAddress>: Relay access denied (in reply to RCPT TO command))

So, it seems smtp_generic_maps works only after relay negotiation.
As you can see in my main.cf below, I have tried sender_canonical_maps, but that makes even internal email go through the relay.

main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# default_transport = error
# relay_transport = error

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = encrypt
smtpd_use_tls = yes
smtpd_enforce_tls = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = portal-pencomx.c.fresh-myth-281704.internal
# mydomain = portal-pencomx.c.fresh-myth-281704.internal
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname $mydomain localhost.$mydomain localhost
relayhost = in-v3.mailjet.com:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

smtp_sender_dependent_authentication = yes
# sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

smtp_generic_maps = hash:/etc/postfix/generic
# Forcing the from address when postfix relays over smtp
# sender_canonical_classes = envelope_sender, header_sender
# sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
# header_checks = regexp:/etc/postfix/header_checks

Any ideas?

sk

unread,
Jul 24, 2020, 2:01:11 AM7/24/20
to
As I see you have not enabled any auth for sending mail.

Could you please send telnet session to the mailjet for verifing the ability to send email from your host ?
четвер, 23 липня 2020 р. 00:08:35 UTC+3 користувач Rafael Morales Gamboa написав:

Rafael Morales Gamboa

unread,
Jul 24, 2020, 1:53:30 PM7/24/20
to
You were right. I created a user in G Suite, enable two steps authentication, created an app password and used it in postfix. It is working perfectly now. With Mailjet I could not make smtp_generic_maps to work, but it is working nicely now with GMail SMTP Relay.

Thanks.
0 new messages