I've been trying to avoid asking this question since "relay access
denied" problems are usually pretty silly configuration errors that I
should pick up. But I've been staring at this for three days and I'm
stumped.
Once again here's the scenario. I set up mailman3 on Ubuntu 24.04 and
it's running without a hitch, particularly now that I added the
appropriate archival commands. I decided to create a backup on an
older server of mine running Ubuntu 22.04. The setup is almost
identical except for domain names. Unfortunately, in the second setup,
I'm getting "relay access denied" to senders/recipients outside the
host domain. Things go fine to list members on the local machine.
Mailman is successfully sending admin mail to mail...@bill-oliver.com
Mail not using mailman works fine.
The domain where everything works is billoblog.com.
The domain I'm setting up is bill-oliver.com
Here's the error in syslog (mirrored in mail.log) on bill-oliver.com
trying to talk to list members oli...@billoblog.com and
bi...@billoblog.com::
Nov 1 21:24:52 mail postfix/smtpd[10193]: NOQUEUE: reject: RCPT from
162-144-108-19.bluehost.com[162.144.108.19]: 454 4.7.1
<oli...@billoblog.com>: Relay access denied;
from=<tradfp-bounces+oliver=billoblog....@bill-oliver.com>
to=<oli...@billoblog.com> proto=ESMTP helo=<162-144-108-
19.bluehost.com>
Nov 1 21:24:52 mail postfix/smtpd[10193]: disconnect from 162-144-108-
19.bluehost.com[162.144.108.19] ehlo=1 mail=2 rcpt=1/2 data=1 rset=1
quit=1 commands=7/8
Nov 1 21:24:52 mail postfix/smtpd[10193]: connect from 162-144-108-
19.bluehost.com[162.144.108.19]
Nov 1 21:24:52 mail postfix/smtpd[10193]: NOQUEUE: reject: RCPT from
162-144-108-19.bluehost.com[162.144.108.19]: 454 4.7.1
<bi...@billoblog.com>: Relay access denied;
from=<tradfp-bounces+billo=billoblog....@bill-oliver.com>
to=<bi...@billoblog.com> proto=ESMTP helo=<162-144-108-19.bluehost.com>
Nov 1 21:24:52 mail postfix/smtpd[10193]: disconnect from 162-144-108-
19.bluehost.com[162.144.108.19] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1
commands=4/5
Nov 1 21:25:48 mail dovecot: auth-worker(10954): Debug: conn unix:auth-
worker (pid=10903,uid=116): Disconnected: Connection closed (fd=-1)
Nov 1 21:25:48 mail dovecot: auth-worker(10954): Debug:
mysql(localhost): Connection finished (queries=1, slow queries=0)
Nov 1 21:27:28 mail dovecot: auth: Debug: mysql: Connection finished
(queries=0, slow queries=0)
FYI, 162-144-108-19.bluehost.com is my ip address and bluehost.com is
the VPS vendor. I don't know why that pops up, since the domain is
bill-oliver.com. I assume it's VPS-related magic.
Here are similar errors in /opt/mailman/mm/var/logs/smtp.log:
Nov 01 21:22:46 2024 (1573) Available AUTH mechanisms: LOGIN(builtin)
PLAIN(builtin)
Nov 01 21:22:46 2024 (1573) Peer: ('162.144.108.19', 51476)
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) handling
connection
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) >> b'LHLO
mail.bill-oliver.com'
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) >> b'MAIL
FROM:<bi...@billoblog.com> SIZE=1486 BODY=8BITMIME'
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) sender:
bi...@billoblog.com
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) >> b'RCPT
TO:<tra...@lists.bill-oliver.com>'
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) recip:
tra...@lists.bill-oliver.com
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) >> b'DATA'
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) >> b'QUIT'
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) connection lost
Nov 01 21:22:46 2024 (1573) ('162.144.108.19', 51476) Connection lost
during _handle_client()
Nov 01 21:22:48 2024 (1574)
<cbacd3866ebdfeeb706993996ba84e67f7db5ad9.ca...@billoblog.com>
recipients refused: {'oli...@billoblog.com': (454, b'4.7.1
<oli...@billoblog.com>: Relay access denied')}
Nov 01 21:22:48 2024 (1574)
<cbacd3866ebdfeeb706993996ba84e67f7db5ad9.ca...@billoblog.com>
recipients refused: {'bi...@billoblog.com': (454, b'4.7.1
<bi...@billoblog.com>: Relay access denied')}
Nov 01 21:22:48 2024 (1574)
<cbacd3866ebdfeeb706993996ba84e67f7db5ad9.ca...@billoblog.com> smtp to
tra...@bill-oliver.com for 2 recips, completed in 0.27154111862182617
seconds
Nov 01 21:22:48 2024 (1574)
<cbacd3866ebdfeeb706993996ba84e67f7db5ad9.ca...@billoblog.com> post to
tra...@bill-oliver.com from bi...@billoblog.com, 1448 bytes, 2 failures
Nov 01 21:22:48 2024 (1574)
<cbacd3866ebdfeeb706993996ba84e67f7db5ad9.ca...@billoblog.com> delivery
to oli...@billoblog.com failed with code 454, b'4.7.1
<oli...@billoblog.com>: Relay access denied'
Nov 01 21:22:48 2024 (1574)
<cbacd3866ebdfeeb706993996ba84e67f7db5ad9.ca...@billoblog.com> delivery
to bi...@billoblog.com failed with code 454, b'4.7.1
<bi...@billoblog.com>: Relay access denied'
Nov 01 21:24:11 2024 (1574)
<173051065026.1640.13931339026208387...@162-144-108-19.bluehost.com>
smtp to tra...@bill-oliver.com for 1 recips, completed in
0.24669885635375977 seconds
Nov 01 21:24:11 2024 (1574)
<173051065026.1640.13931339026208387...@162-144-108-19.bluehost.com>
post to tra...@bill-oliver.com from tradfp-requ...@bill-oliver.com,
1222 bytes
I have gone over my main.cf and master.cf a zillion times. Worse,
I've compared them with the same files in the setup that works, and I
can't find a significant error) though things are in a slightly
different order. I don't know if I'm missing something big or am just
a poor proofreader.
Any ideas would be appreciated.
Here's the obligatory main.cf and master.cf in /etc/postfix. I use
dovecot and virtual domains and virtual mailboxex administered using
postfixadmin.
Here's the main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete
version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to
3.6 on
# fresh installs.
compatibility_level = 3.6
#Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.bill-
oliver.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.bill-
oliver.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
transport_maps =
hash:/opt/mailman/mm/var/data/postfix_lmtp
local_recipient_maps =
hash:/opt/mailman/mm/var/data/postfix_lmtp
relay_domains =
hash:/opt/mailman/mm/var/data/postfix_domains
myhostname = mail.bill-oliver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mail.bill-
oliver.com bill-oliver.com lists.bill-oliver.com
virtual_mailbox_limit = 0
mailbox_size_limit = 0
message_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.c
f
hash:/opt/mailman/mm/var/data/postfix_vmap
#virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_base = /var/vmail
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
unknown_local_recipient_reject_code = 550
###########################################
Here's the master.cf (comments deleted) :
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticate
d,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticate
d,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf
Thanks,
billo
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/K6A4QZLS64UROV3A3MMEV6DVBYTIRSMZ/
This message sent to arch...@mail-archive.com
