Postfix - 5.7.1 relay access denied

Question

I'm running postfix on RHEL6:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.6 (Santiago)
# rpm -q postfix
postfix-2.6.6-6.el6_5.x86_64
# 

I'm trying to implement following:

/etc/postfix/access - access - Postfix SMTP server access table:

#        /etc/postfix/main.cf:
#            smtpd_client_restrictions =
#                check_client_access hash:/etc/postfix/access
# 
#        /etc/postfix/access:
#            1.2.3   REJECT
#            1.2.3.4 OK
# 
#        Execute  the  command  "postmap /etc/postfix/access" after
#        editing the file.

postconf - Postfix configuration utility:

# postconf -n | grep access
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
# 

/etc/postfix/access(.db):

# grep -v ^# access 
10.52.11.97 OK
# 

postmap - Postfix lookup table management:

# postmap /etc/postfix/access
# echo $?
0
# 

whenever trying to relay email, I'm getting following:

/var/log/maillog:

postfix/smtpd[1515]: connect from X.X.X[10.52.11.97]
postfix/smtpd[1515]: NOQUEUE: reject: RCPT from X.X.X[10.52.11.97]: 554 5.7.1 <X@X.X>: Relay access denied; from=<X@X.X> to=<X@X.X> proto=SMTP helo=<HELO>
postfix/smtpd[1515]: lost connection after RCPT from X.X.X[10.52.11.97]
postfix/smtpd[1515]: disconnect from X.X.X[10.52.11.97]

UPDATE

per @yoonix, @masegaloeh, I'm posting 'smtpd_*_restrictions' as well:

$ egrep 'smtp.*restriction' *
access:#               text of smtpd_end_of_data_restrictions.
access:#            smtpd_client_restrictions =
main.cf:# through Postfix.  See the smtpd_recipient_restrictions parameter
main.cf:# relay mail to.  See the smtpd_recipient_restrictions description in
master.cf:#  -o smtpd_client_restrictions=$mua_client_restrictions
master.cf:#  -o smtpd_helo_restrictions=$mua_helo_restrictions
master.cf:#  -o smtpd_sender_restrictions=$mua_sender_restrictions
master.cf:#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
master.cf:#  -o smtpd_client_restrictions=$mua_client_restrictions
master.cf:#  -o smtpd_helo_restrictions=$mua_helo_restrictions
master.cf:#  -o smtpd_sender_restrictions=$mua_sender_restrictions
master.cf:#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
$

seems like everything is commented out.

Answer 1

Well, you should tell us about your goal AND attempted solution. Without goal, we can't give you alternative solution.

Looking from the comment, looks like you want to whitelist some client to relay via your server. Postfix itself has ACL-relay mechanism via smtpd_*_restriction. To know what enabled ACL in postfix, you can run command

postconf | grep _restrictions

By default, postfix only shipped by permit_mynetworks, permit_sasl_authenticated and defer_unauth_destination in smtpd_relay_restrictions. That means, postfix will

1. permit relay if client come from IP address defined in mynetworks parameter
2. permit relay if client has successfully authenticated via SASL
3. soft reject email if recipient domain not listed in postfix address class.
4. Otherwise, permit the relay

You can also get the information about that parameter via man 5 postconf page.

That's explain why postfix allow relay from specific client when you place the its IP address in mynetworks parameter.

---

Regarding your initial solution via check_client_access, it should work too IF you place it before defer_unauth_destination. So, you must put this configuration in main.cf

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, defer_unauth_destination

Put it smtpd_client_restrictions won't work because postfix will checks the restriction each stage (..., client, helo, sender, relay, recipient, ...). For further info you can refer to Postfix SMTP relay and access control page