I have a Google Compute VM that I would like to use as a mail server.
<https://goo.gl/6NE1wH> However, outgoing ports 25, 465, and 587 are blocked
so I must use a third-party mail service. I followed the instructions for
Mailjet <https://goo.gl/gKpcda>, but I changed inet_interfaces to all. I
have this main.cf config (I removed comments for brevity):
--------------------------------
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/letsencrypt/live/REDACTED/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/REDACTED/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = REDACTED, localhost, localhost.localdomain, localhost
relayhost = [smtp.mailgun.org]:2525
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
home_mailbox = Maildir/
alias_database = hash:/etc/aliases
--------------------------------
The contents of /etc/postfix/sasl_passwd (before it was hashed) was:
[smtp.gridhost.org]:2525 postmaster@REDACTED:REDACTED
--------------------------------
I'm intending for users to be able to connect to my server on port 25 and
send mail, which is relayed through smtp.mailgun.org. However, I can only
send mail to local users, and I receive "Server error: '454 4.7.1
<myem...@gmail.com>: Relay access denied'" when I try to send mail to remote
hosts like my Gmail account.
I figured this is a problem with my smtp_sasl security settings, and I'm not
authenticating properly. So, I tried specifying "My outgoing server (SMTP)
requires authentication", but this does not work, since it seems this is not
supported. Then, I (think) I realised that the smtp_sasl_auth is for my
server connecting to the relay. I think what I need to do is disable this
authentication for the clients, but not for connecting to the relay. That
would make my server a relay to a relay, I think.
Can anybody make sense of this? If it's relevant, I'm also using Dovecot for
IMAP.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Relay-access-denied-tp90614.html
Sent from the Postfix Users mailing list archive at Nabble.com.
