Loading ...
Sorry, an error occurred while loading the content.

Re: Allowing relay from IP subnet

Expand Messages
  • jeffrey j donovan
    ... Greetings what version of osx server ? if osx 10.7 or higher and you have included the ServerApp there are two mail configs; One is for the System One
    Message 1 of 4 , Mar 4, 2013
    • 0 Attachment
      On Mar 4, 2013, at 9:03 AM, Andy Smith <asmith@...> wrote:

      > Hi,
      >
      > I have the simple requirement to allow email relay from other local machines to a (Mac OS X) postfix server.

      > <snip>
      > mynetworks = 127.0.0.0/8, [::1]/128, 192.168.16.0/24
      > <sniP>
      >
      > thanks in advance for any tips,
      >
      > thanks, Andy.

      Greetings

      what version of osx server ? if osx 10.7 or higher and you have included the " ServerApp " there are two mail configs;

      One is for the System
      One is for the ServerApp. The setting are located in /Library/Server/Mail/config/postfix

      -j
    • Andy Smith
      ... Thanks for your reply Jeffrey! Yes there it is in my original post: config_directory = /Library/Server/Mail/Config/postfix I guess this means that the
      Message 2 of 4 , Mar 4, 2013
      • 0 Attachment
        Quoting jeffrey j donovan <donovan@...>:

        >
        > what version of osx server ? if osx 10.7 or higher and you have
        > included the " ServerApp " there are two mail configs;
        >
        > One is for the System
        > One is for the ServerApp. The setting are located in
        > /Library/Server/Mail/config/postfix


        Thanks for your reply Jeffrey! Yes there it is in my original post:

        config_directory = /Library/Server/Mail/Config/postfix

        I guess this means that the Library folder takes presidence over all
        the config in /etc? Anyway, Im going to give it a test but looks like
        this was my issue,

        thanks a lot, Andy.
      • Viktor Dukhovni
        ... If this were your configuration, logs for connections from these clients would be verbose. Are they? ... This is an Apple-specific customization, make sure
        Message 3 of 4 , Mar 4, 2013
        • 0 Attachment
          On Mon, Mar 04, 2013 at 03:03:03PM +0100, Andy Smith wrote:

          > debug_peer_list = 192.168.16.19 192.168.16.141

          If this were your configuration, logs for connections from these
          clients would be verbose. Are they?

          > imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

          This is an Apple-specific customization, make sure it is appropriate
          for your site.

          > mynetworks = 127.0.0.0/8, [::1]/128, 192.168.16.0/24

          This is generally sufficient to permit hosts in 192.168.16.0/24 to
          relay, with no further non-default settings.

          > smtpd_client_restrictions =
          > permit_mynetworks
          > permit_sasl_authenticated
          > permit

          This is pointless, it is equivalent to the default:

          smtpd_client_restrictions =

          Just remove this setting from main.cf.

          > smtpd_recipient_restrictions =
          > permit_mynetworks,
          > reject_unauth_destination

          This is the default setting, just remove this from main.cf (don't
          set it empty, rather don't assign any value at all, e.g. comment
          it out).

          > smtpd_tls_ciphers = medium
          > tls_random_source = dev:/dev/urandom

          These are harmless, but pointless unless you enable TLS via
          "-o ..." options in master.cf.

          > smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

          You should not customize cipher exclusion for no reason. The
          defaults work better.

          Are there any "smtpd -o ..." options in master.cf?

          > use_sacl_cache = yes

          Apple-specific, find out what it does.

          > Mar 4 12:33:52 server.domain.com postfix/smtpd[7340]: connect from
          > unknown[192.168.16.19]
          > Mar 4 12:33:52 server.domain.com postfix/smtpd[7340]: NOQUEUE:
          > reject: RCPT from unknown[192.168.16.19]: 554 5.7.1
          > <asmith@...>: Relay access denied; from=<root@...>
          > to=<asmith@...> proto=ESMTP helo=<iMac-de-Ana-Bru-2.domain.com>
          > Mar 4 12:33:52 server.domain.com postfix/smtpd[7340]: disconnect
          > from unknown[192.168.16.19]

          No evidence of debug logging, likely your Postfix is not using
          the main.cf file you're showing.

          > I'm left with the understanding
          > that smtpd_client_restrictions = permit_mynetworks
          > permit_sasl_authenticated permit should be sufficient but it doesnt
          > work.

          This setting has no effect at all.

          > I also tried adding the smtpd_recipient_restrictions config
          > line as this wasn't present initially, but this made no difference.

          This is the default, and permits clients in mynetworks. So likely
          your server is using a different main.cf file.

          --
          Viktor.
        Your message has been successfully submitted and would be delivered to recipients shortly.