Relay access denied

Question

Relay access denied

Hi

We have recently configured a mail server with snow leopard 10.6.
The mail server seems to work properly, it receives messages from every domain, but only send them to the local domain.
When we try to see the log, we can only see a relay access denied message.
How can I see a more detailed message? How can I fix this issue (not sending to no local domains)?
If I put access relay host gmail.com the relay access denied message dissapears when sending mails to gmail.com domain but it remains without sending the email to that domain. Any help will be wellcome. Tell me if you need some log files,...

Thanks

Message was edited by: Iker Etxebarria

Mac mini server, Mac OS X (10.6), Server

Posted on Nov 8, 2010 8:20 AM

Reply

Answer 1

Nov 8, 2010 8:59 AM in response to Iker Etxebarria

This is the postconfig -n output
always_bcc = angela.blanco.gonzalez@gmail.com
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
header_checks = pcre:/etc/postfix/custom headerchecks
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local recipientmaps =
mail_owner = _postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox sizelimit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 52428800
mydestination = $myhostname, localhost.$mydomain, localhost, essbilbao.net, $mydomain
mydomain = essbilbao.net
mydomain_fallback = localhost
myhostname = mail.essbilbao.net
mynetworks = 127.0.0.0/8,essbilbao.net,gmail.com,hotmail.com,essbilbao.com
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp heloname = mail.essbilbao.net
smtp sasl_passwordmaps =
smtp sasl_tls_securityoptions = noanonymous
smtp usetls = yes
smtpd clientrestrictions = permit_mynetworks permit saslauthenticated reject rblclient zen.spamhaus.org permit
smtpd enforcetls = no
smtpd helorequired = yes
smtpd helorestrictions = reject invalid_helohostname reject non_fqdn_helohostname
smtpd pw_server_securityoptions = login,plain,gssapi,cram-md5
smtpd recipientrestrictions = permit saslauthenticated permit_mynetworks reject unauthdestination check policyservice unix:private/policy permit
smtpd sasl_authenable = yes
smtpd tlsCAfile = /etc/certificates/macmini.local.E81B14044BAD6ABFE7133B3D1A05D62EDDA8A3FD.chain. pem
smtpd tls_certfile = /etc/certificates/macmini.local.E81B14044BAD6ABFE7133B3D1A05D62EDDA8A3FD.cert.p em
smtpd tls_excludeciphers = SSLv2, aNULL, ADH, eNULL
smtpd tls_keyfile = /etc/certificates/macmini.local.E81B14044BAD6ABFE7133B3D1A05D62EDDA8A3FD.key.pe m
smtpd tlsloglevel = 0
smtpd use_pwserver = yes
smtpd usetls = no
tls randomsource = dev:/dev/urandom
unknown local_recipient_rejectcode = 550
virtual aliasmaps = $virtual_maps

Reply

Answer 2

Camelot

Level 9

54,333 points

Nov 8, 2010 10:26 AM in response to Iker Etxebarria

There is no way on earth this line is correct:

mynetworks = 127.0.0.0/8,essbilbao.net,gmail.com,hotmail.com,essbilbao.com

This command (in conjunction with the snmpdclientrestrictions tells postfix to accept mail from 127.0.0.1 (localhost), essbilbao.net (150.241.211.132), essbilbao.com (74.55.53.210), gmail.com (74.125.224.21) and hotmail.com (64.4.20.174).

NO other IP addresses will be accepted. This includes machines on your local LAN

The mynetworks setting should contain the IP addresses of your trusted network systems - typically 127.0.0.1 and the LAN addresses of your network (e.g. 192.168.1.0/24).

Beyond that you need to look at the mail log (/var/log/mail.log) to look at why messages are getting rejected.

Reply

Answer 3

Nov 9, 2010 1:17 AM in response to Camelot

Thank you very much for the answer.
We changed it but it still without working.
/var/log/mail.log doesn't output any information about it. Nothing! How can increase the log level?

The messages goes to the server (data: (250, '2.0.0 Ok: queued as B587024A7BB')) and we can see them in the Server Admin tool. In this tool the error message is "mail transport unavailable"

Message was edited by: Iker Etxebarria

Reply

Answer 4

David_x

Level 4

3,011 points

Nov 9, 2010 5:15 AM in response to Iker Etxebarria

Iker Etxebarria wrote:
/var/log/mail.log doesn't output any information about it. Nothing! How can increase the log level?

Settings-> Logging. Increase SMTP log level to 'Information'

Reply

Answer 5

Nov 10, 2010 3:29 AM in response to Iker Etxebarria

Thank you very much. The log was increased.
Finally we discovered that it was a DNS problem. We reinstalled OSX and works fine.
Thanks again

Reply