Loading ...
Sorry, an error occurred while loading the content.

Re: relay_domains help please

Expand Messages
  • John King
    Thanks for your comments and advice Brian, Very much appreciated. ... From: Brian Evans - Postfix List To: Postfix users
    Message 1 of 4 , Jul 30, 2009
    • 0 Attachment
      Thanks for your comments and advice Brian,

      Very much appreciated.



      ----- Original Message ----
      From: Brian Evans - Postfix List <grknight@...>
      To: Postfix users <postfix-users@...>
      Sent: Thursday, July 30, 2009 3:14:52 PM
      Subject: Re: relay_domains help please

      John King wrote:
      > All,
      >
      > I am simply trying to setup a postfix server solution (Fedora 9 is the OS) to where I can host email for multiple email domains - similar to an ISP setup.
      >
      > I am quite familiar and comfortable with setting up most of the postfix elements and am setting them up using the virtual mailbox method where the mailboxes are located at /var/spool/vmail/domainname
      >
      > I can send email to all of the mailboxes but as soon as I try or a user tries to send email from their locations / iphones or wherever, the dreaded relay_denied errors start to happen.
      >
      > I am employing different setups based on this need from different documentation I have found and am now at the point where the errors state do not list domain xyz in both virtual_mailbox_domains and relay_domains.
      >
      > I need to know which elements of main.cf I need to change to accomodate what I am trying to achieve
      >


      You do not show a log example.
      The following advice is generalized because I don't know *what* rejected
      the message.

      > here is the result of my postconf -n

      [snip]
      > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, $nowsolweb1.com

      Typo on "$nowsolweb1.com"?  I also hope that it is not in your
      virtual_mailbox_domains
      [snip]
      > relay_domains = hash:/etc/postfix/relay_domains

      No relay_recipient_maps? You can be a BackScatter source if you do not
      list who is valid.

      > smtpd_recipient_restrictions = reject_non_fqdn_sender      reject_unknown_sender_domain      reject_rbl_client cbl.abuseat.org      reject_rbl_client zen.spamhaus.org      reject_rbl_client list.dsbl.org      reject_rbl_client bl.spamcop.net      reject_rbl_client dul.dnsbl.sorbs.net      reject_rbl_client ipwhois.rfc-ignorant.org      reject_rhsbl_sender dsn.rfc-ignorant.org      reject_unverified_recipient      permit_sasl_authenticated      permit_mynetworks      reject_unauth_destination      check_policy_service inet:127.0.0.1:2501


      Generally, this will deny lots of mail with the RBL checks coming before:
      a) seeing if the mail is even yours (reject_unauth_destination)
      b) if the clients authenticated
      c) if it is in your network (a bit silly really)

      Also, cbl is included in zen and  dsbl.org is dead.
      In addition, probing blindly with reject_unverified_recipient can get
      you blacklisted.

      Suggest:
      smtpd_recipient_restrictions =
          check_recipient_access hash:/path/to/file,
          permit_mynetworks,
          permit_sasl_authenticated,
          reject_unauth_destination,
          check_policy_service inet:127.0.0.1:2501,
          reject_rbl_client zen.spamhaus.org,
          reject_rbl_client bl.spamcop.net,
          reject_rbl_client dul.dnsbl.sorbs.net,
          reject_rbl_client ipwhois.rfc-ignorant.org,
          reject_rhsbl_sender dsn.rfc-ignorant.org

      Note: rfc-ignorant.org is seen by some as a bit too strict.  It is
      better to score it.

      /path/to/file:
      #put your virtual_mailbox domains in here
      example.com  reject_unverified_recipient
    Your message has been successfully submitted and would be delivered to recipients shortly.