Postfix: Relay access denied

Question

When I telnet to my server thats running postfix and try to send an email:

MAIL FROM:<someuser@mydomain.com>
#=> 250 2.1.0 Ok

RCPT TO:<me@gmail.com>
#=> 554 5.7.1 <me@gmail.com>: Relay access denied

I couldn't really find the answer on the site or by looking at other users question/answers, I'm not sure where to start. Ideas?

---

Update

So basically looking at the docs: http://www.postfix.org/SMTPD_ACCESS_README.html (section: Getting selective with SMTP access restriction lists), I don't seem to have any of those directives in etc/postfix/main.cf

like smtpd_client_restrictions = permit_mynetworks, reject or any of the other ones, so I'm quite confused.

But really I'm going to have a rails app connect to the server and send the emails, so I'm not sure how to handle it.

Here is what my config file looks like:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = rerecipe-utils
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost, mail.rerecipe.com, rerecipe.com
relayhost =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
mynetworks = 127.0.0.0/8 204.232.207.0/24 10.177.64.0/19 [::1]/128 [fe80::%eth0]/64 [fe80::%eth1]/64

Something to note is that relayhost is blank, this is the default configuration file that was created when I installed Postfix, when testing to connect with openssl I get this:

~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=myhostname
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=myhostname
verify return:1
---
Certificate chain
 0 s:/CN=myhostname
   i:/CN=myhostname
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBqTCCARICCQDDxVr+420qvjANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDEw5y
ZXJlY2lwZS11dGlsczAeFw0xMDEwMTMwNjU1MTVaFw0yMDEwMTAwNjU1MTVaMBkx
FzAVBgNVBAMTDnJlcmVjaXBlLXV0aWxzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDODh2w4A1k0qiPNPhkrPj8sfkxpKPTk28AuZhgOEBYBLeHacTKNH0jXxPv
P3TyhINijvvdDPzyuPJoTTliR2EHR/nL4DLhr5FzhV+PB4PsIFUER7arx+1sMjz6
5l/Ubu1ppMzW9U0IFNbaPm2AiiGBQRCQN8L0bLUjzVzwoSRMOQIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBALi2vvk9TGKJubXYJbU0PKmVmsfzFK35yLqr0keiDBhK2Leg
274sWxEH3ds8mUaRftuFlXb7RYAGNlVyTuMTY3CEcnqIsH7F2McCUTpjMzu/o1mZ
O/B21CelKetBd1u79Gkrv2vWyN7Csft6uTx5NIGG2+pGi3r0gX2r0Hbu2K94
-----END CERTIFICATE-----
subject=/CN=myhostname
issuer=/CN=myhostname
---
No client certificate CA names sent
---
SSL handshake has read 1203 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4
    Session-ID-ctx: 
    Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232
    Key-Arg   : None
    Start Time: 1292985376
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN

Oddly enough when I try to send an email from the machine itself it does work:

echo test | mail -s "test subject" me@gmail.com

Answer 1

usually when you see that type of deny it's something to do with what's provisioned for access to relay, meaning what's allowed to send/relay? Did you just setup this server, has it been in place? Where are you attempting to send from? Details, please.

Answer 2

I couldn't really find the answer on the site or by looking at other users question/answers, I'm not sure where to start. Ideas?

Google for "postfix relay", and click on the first result. If you have specific questions about the documentation -- or if you've tried something and you don't think it's working as described -- let us know and we'll be glad to help.

Answer 3

usually, by default with postfix, for it to relay your message, you either should come from somewhere within mynetworks or your sender email address should be in mydestination. Of course this is default and can be changed, usually through smtpd_client_restrictions. In your example, sender is someuser@mydomain.com, which most probably is not your domain name. Your config file doesnt specify mydomain, $mydomain would be initialized from servers hostnames domain. So, since youre not coming from mynetworks and are not in mydestination, your mail is neither initiating nor ending on that postfix server, hence a relay, and that is denied.

On the other hand, when you come from the machine itself, it, 127.0.0.1, you are in mynetworks and therefore get relayed without problem.

Really tho, as larsks pointed out, there is a lot more to postfix mail relaying than just a couple "magical" config directives. You should make yourself familiar with postfix's extensive online documentation.