I'm in the process of rebuilding a mail relay server from Centos 7 (postfix
2.10.x) -> Ubuntu 22 (Postfix 3.6.x).
This is a mail relay server that will relay mail for our customers if their
IP is whitelisted in /etc/postfix/access. We have no local users and are
not doing any per-user authentication, just source IP. ISP style
environment.
We've ported our config over, which works on port 587 but not on port 25 -
we are getting "Recipient address rejected" on 25 only. I've stared at the
config quite a bit and am not spotting the issue - curious if anyone else
can?
Note that when i turned peer debugging on, it logs this section for SMTP/25
but not for 587:
>>> CHECKING Recipient address VALIDATION MAPS <<<
and it fails here. Unsure what the proper workaround is, or if some default
behaviour has changed between 2.x and 3.x causing this?
`postfinger` output attached
postfinger - postfix configuration on Mon Jul 22 07:23:45 CDT 2024
version: 1.30
--System Parameters--
mail_version = 3.6.4
hostname = envelope.myorg.net
uname = Linux envelope.myorg.net 5.15.0-112-generic #122-Ubuntu SMP Thu May 23
07:48:21 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from deb package: postfix-3.6.4-1ubuntu1.3
--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.6
debug_peer_list = 10.10.6.254
default_transport = error
inet_interfaces = 127.0.0.1, 10.10.14.93, [2001:fff:1:1::93]
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
mydomain = mail.myorg.net
myhostname = mail.myorg.net
myorigin = /etc/mailname
non_smtpd_milters = $smtpd_milters
readme_directory = no
recipient_delimiter = +
smtp_bind_address = 10.10.14.93
smtp_bind_address6 = 2001:fff:1:1::93
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/access,
permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions =
smtpd_tls_auth_only = yes
smtpd_tls_CAfile = /etc/ssl/certs/DigiCertCA.crt
smtpd_tls_cert_file = /etc/ssl/certs/_.myorg.net-2023.crt
smtpd_tls_key_file = /etc/ssl/private/_.myorg.net-2021-2024.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
--master.cf--
smtpinetn - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o milter_macro_daemon_name=ORIGINATING
pickup unixn - y 601 pickup
cleanupunixn - y - 0 cleanup
qmgrunixn - n 3001 qmgr
tlsmgr unix- - y 1000?1 tlsmgr
rewriteunix- - y - - trivial-rewrite
bounce unix- - y - 0 bounce
deferunix- - y - 0 bounce
traceunix- - y - 0 bounce
verify unix- - y - 1 verify
flushunixn - y 1000?0 flush
proxymapunix- - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtpunix- - y - - smtp
relayunix- - y - - smtp
-o syslog_name=postfix/$service_name
showqunixn - y - - showq
errorunix- - y - - error
retryunix- - y - - error
discardunix- - y - - discard
localunix- n n - - local
virtualunix- n n - - virtual
lmtpunix- - y - - lmtp
anvilunix- - y - 1 anvil
scache unix- - y - 1 scache
postlogunix-dgram n- n - 1 postlogd
maildropunix- n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucpunix- n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix- n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtpunix- n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailmanunix- n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
${user}
-- end of postfinger output --
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
