Re: zendesk and relay denied

Thu, 13 May 2021 12:40:29 -0700 

Hi,

> > > That is not valid relay_domains syntax.  For more help, see:
> > >
> > >     http://www.postfix.org/DEBUG_README.html#mail
> >
> > Just to be clear, I forgot to note that the check_recipient_access was
> > part of my smtpd_recipient_restrictions, not relay_domains:
>
> Posting tiny fragments of your configuration wastes everyone's time. :-(
>
> If you want help post the complete output of "postconf -nf" preserving
> all whitespace, ... (not folding or unfolding of lines).
>
> > May 12 23:02:35 xavier postfix-117/smtpd[3481802]: NOQUEUE: reject:
> > RCPT from 
> > mail-dm6nam10lp2107.outbound.protection.outlook.com[104.47.58.107]:
> > 554 5.7.1 <[email protected]>: Relay access denied;
> > from=<[email protected]> to=<[email protected]> proto=ESMTP
> > helo=<NAM10-DM6-obe.outbound.protection.outlook.com>
>
>     This was rejected by "reject_unauth_destination".

Thank you so much. I had included my smtpd_recipient_restrictions
earlier in this thread, but should have been more complete. This is
the multi-instance postfix you helped me configure some time ago. Mail
is first processed by this postfix-117 instance, sent to amavisd, then
forwarded to postfix-out where it's sent to the recipient.

always_bcc = bcc-user
authorized_submit_users = root
body_checks = regexp:$config_directory/body_checks
    regexp:$config_directory/body_checks.pcre
bounce_queue_lifetime = 2d
command_directory = /usr/sbin
compatibility_level = 2
config_directory = /etc/postfix-117
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix-117
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
    $daemon_directory/$process_name $process_id & sleep 5
default_database_type = cdb
default_process_limit = 500
default_transport = smtp:[127.0.0.1]:10024
header_checks = regexp:$config_directory/header_checks
    pcre:$config_directory/header_checks.pcre
    pcre:$config_directory/header_checks-jimsun.pcre
html_directory = no
indexed = ${default_database_type}:${config_directory}/
inet_interfaces = 209.216.111.117
inet_protocols = ipv4
initial_destination_concurrency = 20
local_header_rewrite_clients =
local_recipient_maps =
local_transport = error:5.1.1 Mailbox unavailable
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
master_service_disable =
maximal_queue_lifetime = 100d
meta_directory = /etc/postfix
mime_header_checks = pcre:$config_directory/mime_header_checks
multi_instance_enable = yes
multi_instance_group = mta
multi_instance_name = postfix-117
mydestination =
mynetworks = 127.0.0.0/8, 209.216.111.0/24
newaliases_path = /usr/bin/newaliases.postfix
policy-spf_time_limit = 3600s
postscreen_access_list = permit_mynetworks,
    cidr:$config_directory/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
    texthash:$config_directory/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = score.senderscore.com=127.0.4.[0..19]*5
    score.senderscore.com=127.0.4.[20..29]*4
    score.senderscore.com=127.0.4.[30..49]*3
    score.senderscore.com=127.0.4.[50..59]*2
    score.senderscore.com=127.0.4.[60..69]*1
    score.senderscore.com=127.0.4.[70..79]*-1
    score.senderscore.com=127.0.4.[80..89]*-2
    score.senderscore.com=127.0.4.[90..100]*-3 bb.barracudacentral.org*7
    bl.mailspike.net*4 bl.spamcop.net*4 bl.spameatingmonkey.net*4
    sip-sip24.mykey.invaluement.com=127.0.0.2*8
    ubl.unsubscore.com=127.0.0.2*1 list.dnswl.org=127.[0..255].[0..255].0*-2
    list.dnswl.org=127.[0..255].[0..255].1*-3
    list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
    dnsbl.sorbs.net=127.0.0.[10;14]*8 dnsbl.sorbs.net=127.0.0.5*7
    dnsbl.sorbs.net=127.0.0.7*4 dnsbl.sorbs.net=127.0.0.6*3
    dnsbl.sorbs.net=127.0.0.[8;9]*2 dnsbl.sorbs.net=127.0.0.4*1
postscreen_dnsbl_threshold = 8
postscreen_greet_action = enforce
postscreen_whitelist_interfaces = static:all 68.195.111.40/29 107.155.111.2
    209.216.111.0/24 209.216.112.0/24
queue_directory = /var/spool/postfix-117
readme_directory = /usr/share/doc/postfix/README_FILES
recipient_delimiter = +
relay_domains = $mydestination, example.com, nnnhelp.zendesk.com
relay_transport = $default_transport
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_data_done_timeout = 1200s
smtp_destination_recipient_limit = 1000
smtp_send_xforward_command = yes
smtp_tls_CAfile = /etc/letsencrypt/chain.pem
smtp_tls_security_level = may
smtpd_client_port_logging = no
smtpd_client_restrictions = permit_mynetworks, check_client_access
    ${indexed}client_checks, check_reverse_client_hostname_access
    pcre:$config_directory/fqrdns-042715a.pcre,
    check_reverse_client_hostname_access
    pcre:$config_directory/reverse_client_hostname_access.pcre,
    check_client_access cidr:$config_directory/client_access_blocklist
smtpd_helo_restrictions = permit_mynetworks check_helo_access
    ${indexed}helo_checks check_helo_access
    pcre:$config_directory/helo_checks.pcre permit
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
    reject_non_fqdn_sender, reject_unlisted_recipient,
    reject_unknown_recipient_domain, permit_mynetworks,
    reject_unauth_destination, reject_rhsbl_reverse_client dbl.spamhaus.org,
    reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org,
    reject_rhsbl_sender uri.mykey.invaluement.com, check_helo_access
    pcre:$config_directory/helo_checks.pcre, check_helo_access
    ${indexed}helo_checks, reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname, check_policy_service unix:private/policy-spf,
    check_policy_service inet:127.0.0.1:2501, check_recipient_access
    pcre:$config_directory/recipient_checks,
    check_recipient_access pcre:$config_directory/nnnhelp-zendesk,
    permit
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
    ${indexed}sender_checks, check_sender_access
    pcre:$config_directory/sender_checks.pcre, check_sender_access
    ${indexed}spamsources, check_sender_ns_access ${indexed}blacklist_ns.cf,
    reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/privkey.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
    btree:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_transport = $default_transport

/etc/postfix-117/nnnhelp-zendesk:
   /example\.com$/                permit

/etc/postfix-out/transport:
example.com    smtp:example-com.mail.protection.outlook.com

Reply via email to