problem with postfix mx backup and smtp gateway for my costumers

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

problem with postfix mx backup and smtp gateway for my costumers

rcaamer
Hello  ,

I have set up a postfix server for my costumers .

It acts as mx backup and smtp gateway .

the smtp gateway works , but postfix for mx backup said : relay access denied .

I rented a dedicated server for it so i have just only one public_ip

my main.cf

inet_interfaces = all
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mydestination =
myhostname = smtp.x.com
mynetworks = localhost.localdomain 127.0.0.0/8 my_ip_static_dedicated_server static_ip_from_mycostumer static_ip_from_mycostumer2 static_ip_from_mycostumer2
myorigin = c.com
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_mx_backup
transport_maps = hash:/etc/postfix/transport

My transport file

customer1.com smtp:mx.customer1.com
customer2.com smtp:mx2.customer2.com
...

My master.cf

smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
#local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

Have you got any ideas ?

THanks

Best regard


Ps: I know, i must set up sasl for gateway smtp but it's the next step :)




Reply | Threaded
Open this post in threaded view
|

Re: problem with postfix mx backup and smtp gateway for my costumers

Wietse Venema
Benjamin Gerard:
> Hello  ,
>
> I have set up a postfix server for my costumers .
>
> It acts as mx backup and smtp gateway .
>
> the smtp gateway works , but postfix for mx backup said : relay access denied .

Specify relay_domains in main.cf, as described in
http://www.postfix.org/STANDARD_CONFIGURATION_README.html

        Wietse
Reply | Threaded
Open this post in threaded view
|

RE: problem with postfix mx backup and smtp gateway for my costumers

rcaamer

I forgot it when I write the post but relay_domain is set .

I re post in good format my main.cf

myhostname = smtp.x.com
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
myorigin = altheys.com
mynetworks = localhost.localdomain 127.0.0.0/8 my_ip_public ip_costumer1
ip_costumer2 ..
relay_domain = $mydestination, costumer1.com, costumer2.com, ...
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
transport_maps = hash:/etc/postfix/transport
#virtual_alias_maps = hash:/etc/postfix/virtual
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
inet_interfaces = all

My transport file

customer1.com smtp:mx.customer1.com
customer2.com smtp:mx2.customer2.com
...

My master.cf

smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
#local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n
- - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient) ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - -
pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail
argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FR user=list
argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

Best regard

-----Message d'origine-----
De : [hidden email]
[mailto:[hidden email]] De la part de Wietse Venema
Envoyé : mercredi 4 juin 2008 15:02
À : Benjamin Gerard
Cc : '[hidden email]'
Objet : Re: problem with postfix mx backup and smtp gateway for my costumers

Benjamin Gerard:
> Hello  ,
>
> I have set up a postfix server for my costumers .
>
> It acts as mx backup and smtp gateway .
>
> the smtp gateway works , but postfix for mx backup said : relay access
denied .

Specify relay_domains in main.cf, as described in
http://www.postfix.org/STANDARD_CONFIGURATION_README.html

        Wietse

Reply | Threaded
Open this post in threaded view
|

RE: problem with postfix mx backup and smtp gateway for my costumers

rcaamer
Sorry forgot the post , i put relay_domain not relay_domains I don't
understand  why  postconf -n say there is no errors ?
, it's ok mx backup works , thanks .

...





-----Message d'origine-----
De : [hidden email]
[mailto:[hidden email]] De la part de Gerard Benjamin
Envoyé : mercredi 4 juin 2008 15:11
À : [hidden email]
Objet : RE: problem with postfix mx backup and smtp gateway for my costumers


I forgot it when I write the post but relay_domain is set .

I re post in good format my main.cf

myhostname = smtp.x.com
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
myorigin = altheys.com
mynetworks = localhost.localdomain 127.0.0.0/8 my_ip_public ip_costumer1
ip_costumer2 ..
relay_domain = $mydestination, costumer1.com, costumer2.com, ...
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
transport_maps = hash:/etc/postfix/transport
#virtual_alias_maps = hash:/etc/postfix/virtual
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
inet_interfaces = all

My transport file

customer1.com smtp:mx.customer1.com
customer2.com smtp:mx2.customer2.com
...

My master.cf

smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
#local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n
- - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient) ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - -
pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail
argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FR user=list
argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

Best regard

-----Message d'origine-----
De : [hidden email]
[mailto:[hidden email]] De la part de Wietse Venema
Envoyé : mercredi 4 juin 2008 15:02
À : Benjamin Gerard
Cc : '[hidden email]'
Objet : Re: problem with postfix mx backup and smtp gateway for my costumers

Benjamin Gerard:
> Hello  ,
>
> I have set up a postfix server for my costumers .
>
> It acts as mx backup and smtp gateway .
>
> the smtp gateway works , but postfix for mx backup said : relay access
denied .

Specify relay_domains in main.cf, as described in
http://www.postfix.org/STANDARD_CONFIGURATION_README.html

        Wietse

Reply | Threaded
Open this post in threaded view
|

Re: problem with postfix mx backup and smtp gateway for my costumers

Brian Evans - Postfix List
Gerard Benjamin wrote:
> Sorry forgot the post , i put relay_domain not relay_domains I don't
> understand  why  postconf -n say there is no errors ?
> , it's ok mx backup works , thanks .
>
>  
This is the reason we ask to post `postconf -n` and not main.cf.

postconf will ignore any parameters it does not recognize.  Thus, you
can analyze it for typos when you know a parameter is missing.

Brian

> ...
>
>
>
>
>
> -----Message d'origine-----
> De : [hidden email]
> [mailto:[hidden email]] De la part de Gerard Benjamin
> Envoyé : mercredi 4 juin 2008 15:11
> À : [hidden email]
> Objet : RE: problem with postfix mx backup and smtp gateway for my costumers
>
>
> I forgot it when I write the post but relay_domain is set .
>
> I re post in good format my main.cf
>
> myhostname = smtp.x.com
> mydestination =
> local_recipient_maps =
> local_transport = error:local mail delivery is disabled
> myorigin = altheys.com
> mynetworks = localhost.localdomain 127.0.0.0/8 my_ip_public ip_costumer1
> ip_costumer2 ..
> relay_domain = $mydestination, costumer1.com, costumer2.com, ...
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
> transport_maps = hash:/etc/postfix/transport
> #virtual_alias_maps = hash:/etc/postfix/virtual
> lmtp_pix_workaround_delay_time = 10s
> lmtp_pix_workaround_threshold_time = 500s
> smtp_pix_workaround_delay_time = 10s
> smtp_pix_workaround_threshold_time = 500s
> inet_interfaces = all
>
> My transport file
>
> customer1.com smtp:mx.customer1.com
> customer2.com smtp:mx2.customer2.com
> ...
>
> My master.cf
>
> smtp inet n - - - - smtpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - - 1000? 1 tlsmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - - - - smtp
> relay unix - - - - - smtp
> -o smtp_fallback_relay=
> showq unix n - - - - showq
> error unix - - - - - error
> showq unix n - - - - showq
> error unix - - - - - error
> retry unix - - - - - error
> discard unix - - - - - discard
> #local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - - - - lmtp
> anvil unix - - - - 1 anvil
> scache unix - - - - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n
> - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient) ifmail unix - n n - - pipe flags=F user=ftn
> argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - -
> pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail
> argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
> mailman unix - n n - - pipe flags=FR user=list
> argv=/usr/lib/mailman/bin/postfix-to-mailman.py
> ${nexthop} ${user}
>
> Best regard
>
> -----Message d'origine-----
> De : [hidden email]
> [mailto:[hidden email]] De la part de Wietse Venema
> Envoyé : mercredi 4 juin 2008 15:02
> À : Benjamin Gerard
> Cc : '[hidden email]'
> Objet : Re: problem with postfix mx backup and smtp gateway for my costumers
>
> Benjamin Gerard:
>  
>> Hello  ,
>>
>> I have set up a postfix server for my costumers .
>>
>> It acts as mx backup and smtp gateway .
>>
>> the smtp gateway works , but postfix for mx backup said : relay access
>>    
> denied .
>
> Specify relay_domains in main.cf, as described in
> http://www.postfix.org/STANDARD_CONFIGURATION_README.html
>
> Wietse
>
>  
Reply | Threaded
Open this post in threaded view
|

Re: problem with postfix mx backup and smtp gateway for my costumers

mouss-2
In reply to this post by rcaamer
Gerard Benjamin wrote:
> Sorry forgot the post , i put relay_domain not relay_domains I don't
> understand  why  postconf -n say there is no errors ?
>  

because it is ok to set custom variables.  However,
$ postconf relay_domain
postconf: warning: relay_domain: unknown parameter

As Brian said, always show the output of 'postconf -n', not excerpts
from main.cf.

> , it's ok mx backup works , thanks .
>  


There is one serious problem though. you don't seem to validate
recipients. This will cause backscatter. See
    http://www.postfix.org/BACKSCATTER_README.html


- if you can, get a list of valid recipients and set relay_recipient_maps.
- If you can't, then use reject_unverified_recipient in your smtpd
restrictions. The latter will however delay mail if the final server is
unreachable, but we prefer this over getting backscatter (don't think
this is "optional". you'll get blocklisted if your server sends
backscatter).
- An alternative is to ask the customers to create a catchall address
where mail to invalid users is delivered. This will get mostly spam, but
it can also get mail when the sender mistypes the recipient address.