Re: relay_domains help please
- Thanks for your comments and advice Brian,
Very much appreciated.
----- Original Message ----
From: Brian Evans - Postfix List <grknight@...>
To: Postfix users <postfix-users@...>
Sent: Thursday, July 30, 2009 3:14:52 PM
Subject: Re: relay_domains help please
John King wrote:
> All,You do not show a log example.
> I am simply trying to setup a postfix server solution (Fedora 9 is the OS) to where I can host email for multiple email domains - similar to an ISP setup.
> I am quite familiar and comfortable with setting up most of the postfix elements and am setting them up using the virtual mailbox method where the mailboxes are located at /var/spool/vmail/domainname
> I can send email to all of the mailboxes but as soon as I try or a user tries to send email from their locations / iphones or wherever, the dreaded relay_denied errors start to happen.
> I am employing different setups based on this need from different documentation I have found and am now at the point where the errors state do not list domain xyz in both virtual_mailbox_domains and relay_domains.
> I need to know which elements of main.cf I need to change to accomodate what I am trying to achieve
The following advice is generalized because I don't know *what* rejected
> here is the result of my postconf -n[snip]
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, $nowsolweb1.comTypo on "$nowsolweb1.com"? I also hope that it is not in your
> relay_domains = hash:/etc/postfix/relay_domainsNo relay_recipient_maps? You can be a BackScatter source if you do not
list who is valid.
> smtpd_recipient_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain reject_rbl_client cbl.abuseat.org reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org reject_rbl_client bl.spamcop.net reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client ipwhois.rfc-ignorant.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_unverified_recipient permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service inet:127.0.0.1:2501Generally, this will deny lots of mail with the RBL checks coming before:
a) seeing if the mail is even yours (reject_unauth_destination)
b) if the clients authenticated
c) if it is in your network (a bit silly really)
Also, cbl is included in zen and dsbl.org is dead.
In addition, probing blindly with reject_unverified_recipient can get
Note: rfc-ignorant.org is seen by some as a bit too strict. It is
better to score it.
#put your virtual_mailbox domains in here