1

I just setup a Postfix instance and added a few names to /etc/aliases. For example, take this:

root: toor, nobody
foo: root, root@gmail.com
foo2: foo, example@example.com

I ran newaliases successfully and now every time I send an e-mail to foo2 from any e-mail address in the same domain (let's say bar.bar) it gets properly delivered. Every time someone else sends an e-mail to foo2@bar.bar it bounces as Recipient address rejected: Access denied.

Output of postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
config_directory = /etc/postfix
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps # Not sure about this
mailbox_size_limit = 0
mydestination = foo.bar.bar, bar.bar, www.bar.bar, localhost, localhost.localdomain
myhostname = foo.bar.bar
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
recipient_delimiter = +
relayhost = relay.bar.bar
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay.credentials.txt
smtp_sasl_security_options =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file = /etc/postfix/foo.crt
smtpd_tls_key_file = /etc/postfix/foo.key
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

On success:

Mar 31 18:50:20 foo postfix/submission/smtpd[18213]: connect from unknown[1.2.3.4]
Mar 31 18:50:22 foo postfix/submission/smtpd[18213]: 6DBFFFFFF5: client=unknown[1.2.3.4], sasl_method=PLAIN, sasl_username=user
Mar 31 18:50:23 foo postfix/cleanup[18228]: 6DBFFFFFF5: message-id=<A6786A26-31BD-426B-8F3E-8572073A3182@bar.bar>
Mar 31 18:50:23 foo postfix/qmgr[15467]: 6DBFFFFFF5: from=<user@bar.bar>, size=528, nrcpt=1 (queue active)
Mar 31 18:50:23 foo postfix/cleanup[18228]: 1B4C750013: message-id=<A6786A26-31BD-426B-8F3E-8572073A3182@bar.bar>
Mar 31 18:50:23 foo postfix/local[18234]: 6DB404FFF5: to=<foo2@bar.bar>, relay=local, delay=1, delays=0.96/0.02/0/0.03, dsn=2.0.0, status=sent (forwarded as 1B4C750013)
Mar 31 18:50:23 foo postfix/qmgr[15467]: 1B4C750013: from=<user@bar.bar>, size=659, nrcpt=3 (queue active)
Mar 31 18:50:23 foo postfix/qmgr[15467]: 6DB404FFF5: removed
Mar 31 18:50:23 foo postfix/smtp[18235]: 1B4C750013: to=<example@example.com>, orig_to=<foo2@bar.bar>, relay=relay.bar.bar[2.4.6.8]:587, delay=0.56, delays=0.03/0.02/0.4/0.1, dsn=2.0.0, status=sent (250 Delivery in progress)
[...] More deliveries locally [...]

On fail:

Mar 31 18:57:52 foo postfix/submission/smtpd[20657]: connect from unknown[3.6.9.12]
Mar 31 18:57:52 foo postfix/submission/smtpd[20657]: NOQUEUE: reject: RCPT from unknown[3.6.9.12]: 554 5.7.1 <foo2@bar.bar>: Recipient address rejected: Access denied; from=<external@gmail.com> to=<foo2@bar.bar> proto=ESMTP helo=<external.server.gmail.com>
Mar 31 18:57:52 foo postfix/submission/smtpd[20657]: disconnect from unknown[3.6.9.12]

The content of master.cf

smtp       inet  n       -       -       -       -       smtpd
submission inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_wrappermode=no
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes -o
    smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_type=dovecot -o
    smtpd_sasl_path=private/auth
pickup     fifo  n       -       -       60      1       pickup
cleanup    unix  n       -       -       -       0       cleanup
qmgr       fifo  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       -       1000?   1       tlsmgr
rewrite    unix  -       -       -       -       -       trivial-rewrite
bounce     unix  -       -       -       -       0       bounce
defer      unix  -       -       -       -       0       bounce
trace      unix  -       -       -       -       0       bounce
verify     unix  -       -       -       -       1       verify
flush      unix  n       -       -       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       -       -       -       smtp
relay      unix  -       -       -       -       -       smtp
showq      unix  n       -       -       -       -       showq
error      unix  -       -       -       -       -       error
retry      unix  -       -       -       -       -       error
discard    unix  -       -       -       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       -       -       -       lmtp
anvil      unix  -       -       -       -       1       anvil
scache     unix  -       -       -       -       1       scache
maildrop   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
    ($recipient)
ifmail     unix  -       n       n       -       -       pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
    $recipient
scalemail-backend unix - n       n       -       2       pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
    ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}

I also happen to know by fact that relay.bar.bar works perfectly and is not causing the problems. Any help?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
PseudoPredictable
  • 11
  • 3
  • Please post the maillog when (1) mail sending process is success and (2) when it failed – masegaloeh Mar 31 '15 at 11:11
  • 1
    Thanks for the maillog. Looks like related with submission service. Could you post the output of `postconf -Mf`? – masegaloeh Mar 31 '15 at 16:04
  • All the configuration lines for a service in the `master.cf` should start with a `-o` appended by a single parameter option. Looks like you messed up the newlines. – sebix Apr 02 '15 at 08:04
  • The new lines appear perfect in the master.cf. Everything that starts with -o is in a new line. Maybe it happened during Copy Paste? – PseudoPredictable Apr 03 '15 at 07:53
  • Any other suggestions that can be tried to make this system work? There doesn't seem to be a problem w/ newlines. – PseudoPredictable Apr 21 '15 at 16:30
  • Anyway, the normal case is external@gmail.com should be connected to smtp service instead of submission. So why some client [3.6.9.12] send email via submission (port 587) with sender external@gmail.com? – masegaloeh Sep 03 '15 at 22:42

1 Answers1

0

In submission line of master.cf, you have overriden parameter smtpd_recipient_restrictions with this line

-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

It means, you are only permitted email from your networks or email submitted by the SASL-authenticated client.

On your first log (success case), your client successfully authenticated himself against SASL.

Mar 31 18:50:22 foo postfix/submission/smtpd[18213]: 6DBFFFFFF5: client=unknown[1.2.3.4], sasl_method=PLAIN, sasl_username=user

So, it will permitted by postfix.

On your second log (failed case), your client wasn't authenticated. That's why the email was rejected.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106