Postfix Relay access denied

Blue_Liquid_Designs · November 29, 2012, 10:21am

I can send mail locally and externally but when receiving mail externally for local virtual domains Postfix drops the mail with the error ‘Relay access denied’ in the log file.

I’ve done a lot of debugging of this issue and after a lot of research and trial and error I’ve come to conclusion that it’s a problem with my virtual_alias_maps file.

After playing around with the virtual_alias_domain parameter and removing $virtual_alias_maps and adding mydomain.com the mail server would successfully accept external mail.

Since there will be a number of virtual machines on my server I’d rather fix the automated Virtualmin process and get it working with the default virtual_alias_domain: $virtual_alias_maps parameter.

If I’m right something in the following configuration for virtual_alias_maps is throwing off the domain parameter:


#excerpt from the /etc/postfix/virtual file
jake@tridentphotography.com.au	tridentphotography
abuse@tridentphotography.com.au	jake@tridentphotography.com.au
webmaster@tridentphotography.com.au	jake@tridentphotography.com.au
postmaster@tridentphotography.com.au	jake@tridentphotography.com.au
hostmaster@tridentphotography.com.au	jake@tridentphotography.com.au

As a note, I didn’t install Virtualmin with the installer and have configured everything manually.

Any help getting this working would be appreciated.

Eric · November 29, 2012, 2:39pm

Howdy,

The Relay Access Denied error you’re getting suggests that Postfix thinks it needs to send that email elsewhere, that it’s not trying to deliver it locally.

One possibility is that the “Mail for Domain” feature might not be enabled for that particular domain. You can check that in Edit Virtual Server -> Enabled Features.

Another thing you may want to verify… this is handled automatically when installed with the install.sh, but requires a tweak when installed manually – you’d want to make sure that in /etc/postfix/main.cf, that you have a line like this:

virtual_alias_maps = hash:/etc/postfix/virtual

Also, if you go into System Settings -> Re-Check Config, does it notice any problems?

-Eric

Locutus · November 29, 2012, 4:30pm

To which email address are you trying to deliver mail?

Can you post a full log excerpt of such an attempt, enclosed in [code][/code] tags?

Blue_Liquid_Designs · November 29, 2012, 9:24pm

Hi Locutus,

I’m sending to jake@tridentphotography.com.au.

When virtual_alias_domain is set to $virtual_alias_map the log reads:

Nov 30 08:07:47 vs-jackjack postfix/smtpd[5904]: connect from mail-ia0-f173.google.com[209.85.210.173]
Nov 30 08:07:49 vs-jackjack postfix/smtpd[5904]: NOQUEUE: reject: RCPT from mail-ia0-f173.google.com[209.85.210.173]: 554 5.7.1 <jake@tridentphotography.com.au>: Relay access denied; from=<myaddress@gmail.com> to=<jake@tridentphotography.com.au> proto=ESMTP helo=<mail-ia0-f173.google.com>
Nov 30 08:07:50 vs-jackjack postfix/smtpd[5904]: disconnect from mail-ia0-f173.google.com[209.85.210.173]

And when I manually place the domain in the virtual_alias_domain I can successfully send mail - log also attached:

Nov 30 08:12:04 vs-jackjack postfix/smtpd[15933]: connect from mail-ia0-f173.google.com[209.85.210.173]
Nov 30 08:12:06 vs-jackjack postfix/smtpd[15933]: 84FC21355119: client=mail-ia0-f173.google.com[209.85.210.173]
Nov 30 08:12:07 vs-jackjack postfix/cleanup[16117]: 84FC21355119: message-id=<CAJmJu-37KriwL9dzTpPRyOTr54YMTD0=dWocd4ixoP7P8saqjQ@mail.gmail.com>
Nov 30 08:12:07 vs-jackjack postfix/qmgr[28272]: 84FC21355119: from=<myaddress@gmail.com>, size=3572, nrcpt=1 (queue active)
Nov 30 08:12:07 vs-jackjack postfix/local[16121]: 84FC21355119: to=<tridentphotography@vs-jackjack.au.syrahost.com>, orig_to=<jake@tridentphotography.com.au>, relay=local, delay=1.2, delays=0.96/0.05/0/0.18, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
Nov 30 08:12:07 vs-jackjack postfix/qmgr[28272]: 84FC21355119: removed

Locutus · November 29, 2012, 9:35pm

I’m not really a Postfix expert (far from it), but in the configuration that Virtualmin performs in Postfix when you install it using the installer script (which is by the way the highly recommended way), the directive “virtual_alias_domains” is not used at all.

Virtualmin creates a local Linux user for every email user, and puts an entry in the virtual_alias_map, mapping the email address of the user to its Linux username.

I personally have configured Vmin to always include the full domain in usernames, separated by “@”. Example: “user@example.de”. Virtualmin then creates two Linux users, “user@example.de” and “user-example.de” pointing to the same user ID (because soem services have problems with @ in usernames).

In the virtual alias map, it puts the entry “user@example.de -> user-example.de”.

Maybe this information helps somewhat?

Blue_Liquid_Designs · November 29, 2012, 10:00pm

Hi Locutus,

Looks like that did it.

It seems Virtualmin needs the user to have the full domain name so it can correctly map.

Thanks for your input.