Postfix issue Relay access denied through telnet - postfix-mta

Getting error relay access denied on a CentOS server with postfix and dovecot installed, trying to set up a catchall email on a CentOS 7 server. Fresh installation, installed Nano text editor and nothing else, pretty much a clean server in case it matters.
error im getting:
[root#accountcreator ssl]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.tmkiller.site ESMTP Postfix
EHLO howdy.com
250-mail.tmkiller.site
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: testAccount
250 2.1.0 Ok
rcpt to: myEmail#gmail.com
454 4.7.1 <myEmail#gmail.com>: Relay access denied
My main.cf file:
myhostname = mail.mydomain.site
mydomain = mydomain.site
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetwor$
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Yes, i have replaced mydomain.site with my actual domain.
/etc/hosts file:
127.0.0.1 AccountCreator AccountCreator
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4
# The following lines are desirable for IPv6 capable hosts
::1 AccountCreator AccountCreator
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdom$
::1 localhost localhost.localdomain localhost6 localhost6.localdom$
serverIP mail.mydomain.site
I've tried reinstalling the OS and starting all over through this guide:
https://hostpresto.com/community/tutorials/how-to-setup-an-email-server-on-centos7/
I've tried googling around, tried suggestions on several Stack Overflow threads, didn't manage to find a fix that resolved this issue.
I would like to get anything#mydomain.com to forward to catchall#mydomain.com.

You need to setup smtpd_relay_restrictions to allow your domain to send mail through, as it stands it appears your configuration is to only receive emails to your domain.
While you're at it, you should also configure smtpd_client_restrictions and smtpd_sender_restrictions too.
Another thing, if this is centos 7, install roundcube instead of squirrelmail for web mail. It's simpler to maintain and looks cooler.

in your case, under mynetworks you should add the IP address of your server
reload the postfix configuration.
There are other "best practices" how to accomplish this with hash: files for example, so you don't hardcode anything into your configuration, but have separate files that you can administer.
You can read more about it at the postfix official documentation here
also this looks like a typo permit_mynetworks:
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetwor$

Related

Postfix Username and Password not accepted (BadCredentials)

and thank you for reading. I know this question has been asked many times - I've read a ton of different answers, and have tried most of them. None of them have worked so far. I'm pretty new to using postfix and appreciate any assistance you can provide.
I'm using Proxmox 6.1, on Debian buster. I'm attempting to use the email function for failed backups. My domain is using Gsuite mail. I have setup the SMTP relay with both my ipv4 and ipv6 public addresses, and I have verified the credentials are correct and generated new .db each time I made a change.
My sasl_passwd
smtp-relay.gmail.com:587 root#mydomain.com:password
My main.cf (domain & ip have been edited)
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
#myhostname=pve.myisp (auto generated)
myhostname = mydomain.com
#G-Suite relay test
relayhost = smtp-relay.gmail.com:587
# Use tls
smtp_use_tls = yes
smtp_tls_security_level = encrypt
tls_random_source = dev:/dev/urandom
# Use sasl when authenticating to foreign SMTP servers
smtp_sasl_auth_enable = yes
# Path to password map file
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# List of CAs to trust when verifying server certificate
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
# Eliminates default security options which are imcompatible with gmail
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
compatibility_level = 2
Error logs:
Apr 30 16:45:52 pve postfix/qmgr[34586]: 4B3AD320C9A: from=<root#mydomain.com>, size=396, nrcpt=1 (queue active)
Apr 30 16:45:54 pve postfix/smtp[34617]: 4B3AD320C9A: SASL authentication failed; server smtp-relay.gmail.com[74.125.30.28] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials m33sm110720uad.2 - gsmtp
Apr 30 16:45:54 pve postfix/smtp[34617]: 4B3AD320C9A: to=<mypersonalemail#gmail.com>, relay=smtp-relay.gmail.com[2607:f8b0:4003:c0b::1c]:587, delay=2.6, delays=0.05/0.06/2.4/0, dsn=4.7.8, status=deferred (SASL authentication failed; server smtp-relay.gmail.com[2607:f8b0:4003:c0b::1c] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials v7sm169048ooo.20 - gsmtp)
I managed to solve my issue.
Ignore any & all gsuite documentation, and use [smtp.gmail.com]:587 instead of smtp-relay.gmail.com:587

Postfix rbl checks

I have RBL checks in postfix but it doesn't work and blacklisted IPs get through.
This is the smtpd_recipient_restrictions of my postfix's main.cf file:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client b.barracudacentral.org,
check_policy_service unix:private/policyd-spf,
check_client_access pcre:/etc/postfix/rbl_override
My IP has access to query b.barracudacentral.org and
dig +short #b.barracudacentral.org 4.3.2.1.b.barracudacentral.org.
returns 127.0.0.2 but postfix says Host not found.
postfix log:
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: dns_query: 4.3.2.1.b.barracudacentral.org (A): Host not found
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: ctable_locate: install entry key 4.3.2.1.b.barracudacentral.org
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: generic_checks: name=reject_rbl_client status=0
Please check if the smtpd process is running chrooted. For this, check the "chroot" column in master.cf.
Also note that any host in $mynetworks (permit_mynetworks) won't be blacklisted as well as any SASL authenticated client (permit_sasl_authenticated).
Note:
check_client_access pcre:/etc/postfix/rbl_override
can never act as an override to "reject_rbl_client b.barracudacentral.org" since the latter will always trigger first.

Digital Ocean and GMAIL smtp server give error

I am using Symfony2 on Digital Ocean Ubuntu 12.04.5 LTS (GNU/Linux 3.2.0-24-virtual i686).
Everything is working on my localhost, but do not work on Digital Ocean Server,
Here is error message when I try to register user in my web with Activation Email enabled :
Connection could not be established with host smtp.gmail.com [Connection timed out #110]
500 Internal Server Error - Swift_TransportException
and error stacktrace :
$this->_stream = #stream_socket_client($host.':'.$this->_params['port'], $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, stream_context_create($options));
if (false === $this->_stream) {
throw new Swift_TransportException(
'Connection could not be established with host '.$this->_params['host'].
' ['.$errstr.' #'.$errno.']'
);
Output from server terminal :
yusuf#xwzxc:~$ telnet smtp.gmail.com 465
Trying 74.125.130.108...
Trying 74.125.130.109...
Trying 2404:6800:4003:c01::6c...
telnet: Unable to connect to remote host: Network is unreachable
any help will be greatly appreciated.
Thanks
In order to curb spam and abuse, some new user accounts at DigitalOcean have their SMTP ports blocked by default. Unfortunately there are sometimes false positives. It sounds like this might have been the case for you. If you open a support ticket, the team would be happy to remove that block for you
As a temporary solution I have changed the smtp.gmail.com by the IP
You can get the IP by: ping smtp.gmail.com on the command line.

postfix: force authentication from localhost

Commenting
mynetworks = 127.0.0.0/8
users with shell on system can again send emails using postfix:
main.cf
#mynetworks =
[...]
smtpd_recipient_restrictions =
check_policy_service inet:127.0.0.1:10031
permit_mynetworks,
permit_inet_interfaces,
# reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
So, also put:
reject_mynetworks,
same problem
I only need force SASL authentication either from lan and from 127.0.0.1 too.
Commenting out mynetworks implies postfix to generate mynetworks based on the value of mynetworks_style
So set mynetworks to empty string to fix this.

postfix virtualdomain - message bouncing - unknown user error in maillog

I have configured the virtual domain in postfix 2.x
Please check the configuration below:
virtual_mailbox_domains = ghhdomain.com, krdomain.com, murugeshdomain.com
#setup virtual domains mailbase for mailboxes
virtual_mailbox_base = /var/spool/mail
#create lookup file that maps email addresses to respective mailboxes
virtual_mailbox_map = hash:/etc/postfix/virtual
#who will be the owner of the mailbox file
virtual_uid_maps = static:503
virtual_gid_maps = static:503"
added to /etc/postfix/virtual
info#ghhdomain.com ghhdomain/info
info#krdomain.com krdomain/info"
done postmap /etc/postfix/virtual
while testing
Escape character is '^]'.
220 mail.murugeshdomain.com ESMTP Postfix
ehlo ghhdomain.com
250-mail.murugeshdomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
And.. When I do mail from: info#ghhdomain.com and rcpt to:info#ghhdomain.com
I get the enter code hereror in the log.
bounced - unknown user "info#ghhdomain.com
What is that missing,
TIA
Hari
Here you use the virtual_mailbox_map = hash:/etc/postfix/virtual, ie you use the virtual alias file for the virtual mailbox map. You are not suppose to do this.
So please use different files for virtual alias and virtual mailbox
So you can use,
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/vmailbox:
info#ghhdomain.com ghhdomain/info
info#krdomain.com krdomain/info
you can verify more details in this link
make aliases for local accounts/users
in /etc/postfix/main.cf edit :
virtual_alias_maps = mysql:/etc/postfix/virtual-alias-maps.cf
regexp:/etc/postfix/local-users-aliases
# ---- put everything on same line ---------
Now Postfix will build aliases list from mysql table (you can use and/or hash from file ... postfix accept a list of sources) and using regular expresion from file
write local-users-aliases
echo "/^(webmaster|www|ftp|postmaster|root|MAILER-DAEMON|abuse)/ u_mail#u_domain" >
/etc/postfix/local-users-aliases
after /etc/init.d/postfix restart any mail sent to postmaster fro ex will go to u_mail#u_domain

Resources