RESOLVED SEE BELOW I have installed Centos 7. brief network layout: centos 7 is on 10.1.1.0 network - server name = zenoss dc (domain controller) 10.1.1.5 (see logs) mail server is on 172.16.1.0 network - server name = mail relay server is on 172.16.10.0 network any any rule applies between said networks for now External MX mail.cyberwatchers.com Internal Domain = cyberwatchers.local currently my centos 7 box CAN send out logwatch mail as I am getting them every morning. they are send out using [email protected] via the logwatch.conf file. Why I am getting the below errors: root attempting to send to my email using .local vs .com I do not know. I see zenoss is trying to use domain.local (10.1.1.5) my domain controller for email delivery. I am not sure why this is. see below... ISSUE: This morning I awoke and checked those logs and see 16 deferred postfix emails. when looking at the logs on my centos server: Feb 15 18:26:33 zenoss postfix/qmgr[25573]: C14C780D3559: from=<[email protected]>, size=2817, nrcpt=1 (queue active) Feb 15 18:26:33 zenoss postfix/qmgr[25573]: BA50080D355B: from=<[email protected]>, size=2837, nrcpt=1 (queue active) Feb 15 18:26:33 zenoss postfix/qmgr[25573]: 8EEA880D3560: from=<[email protected]>, size=2837, nrcpt=1 (queue active) Feb 15 18:26:33 zenoss postfix/qmgr[25573]: 2214A80D3561: from=<[email protected]>, size=2817, nrcpt=1 (queue active) Feb 15 18:26:33 zenoss postfix/smtp[25606]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused Feb 15 18:26:33 zenoss postfix/smtp[25607]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused Feb 15 18:26:33 zenoss postfix/smtp[25609]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused Feb 15 18:26:33 zenoss postfix/smtp[25611]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused Feb 15 18:26:33 zenoss postfix/smtp[25606]: C14C780D3559: to=<[email protected]>, relay=none, delay=35091, delays=35091/0.02/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused) Feb 15 18:26:33 zenoss postfix/smtp[25607]: BA50080D355B: to=<[email protected]>, relay=none, delay=34925, delays=34925/0.02/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused) Feb 15 18:26:33 zenoss postfix/smtp[25609]: 8EEA880D3560: to=<[email protected]>, relay=none, delay=11040, delays=11040/0.03/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused) Feb 15 18:26:33 zenoss postfix/smtp[25611]: 2214A80D3561: to=<[email protected]>, relay=none, delay=10921, delays=10921/0.03/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused) It would seem I need to add my relay server which is on the 172 network so the postfix config am I correct? If that is so can you please give me a few examples as to how I can do this? I am sending logs from logwatch from a few other linux machines using .com and I am sure they are going outside my network. but I am not getting errors on those boxes like I am this one. The other boxes are using sendmail not postfix. CentOS 7 came with postfix. I would like to correct my security issue correctly thanks in advance. side note: currently I have OSSEC configured to use my internal relay server, (172.16.10.2) which forwards to my internal mail server just fine. My Firewall also forwards syslog msg's to relay also which then goes to my mail server also. I would like logwatch msg's to be forwarded to the relay then to the mail server. what works: OSSEC and my firewall logs get forwarded to my relay server, my relay server then using sendmail.mc file: define(`SMART_HOST', `mail.cyberwatchers.local') then gets forwarded to my mail server. this is done without ever having to go outside my network. Now I am currently sending my logwatch logs to mail.cyberwatchers.com and this is working. However I am getting the errors. I would prefer to send them like I do using the relay. here is my postconf -n (I have attempted following some guides but I ended up breaking the conf file uninstalling and reinstalling.) root@zenoss postfix]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = localhost inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 ############################ !!! RESOLVED !!! I created an ALIAS on my DNS (domain controller) called relay.cyberwatchers.local pointing it to the relay server 172.16.10.2. I edited two parts of the main.cfg file: mydestination = relay.cyberwatchers.com, relay.cyberwatchers.local #dont think I need the .com one relayhost = relay.cyberwatchers.local ############################# I have not gotten the above error messages since. Strange but I did get this strand ONCE about an hour after the fix and nothing more. Feb 16 19:58:01 zenoss postfix/qmgr[2902]: C14C780D3559: from=<[email protected]>, size=2817, nrcpt=1 (queue active) Feb 16 19:58:01 zenoss postfix/smtp[3322]: C14C780D3559: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=126979, delays=126979/0.04/0.05/0.07, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1ta019781 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: C14C780D3559: removed Feb 16 19:58:01 zenoss postfix/smtp[3323]: BA50080D355B: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=126813, delays=126813/0.02/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0 t1H0w14E019782 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: BA50080D355B: removed Feb 16 19:58:01 zenoss postfix/smtp[3325]: 8EEA880D3560: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=102928, delays=102928/0.03/0.05/0.09, dsn=2.0.0, status=sent (250 2.0.0 t1H0w19X019784 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 8EEA880D3560: removed Feb 16 19:58:01 zenoss postfix/smtp[3326]: 2214A80D3561: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=102809, delays=102809/0.04/0.05/0.09, dsn=2.0.0, status=sent (250 2.0.0 t1H0w14I019785 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 2214A80D3561: removed Feb 16 19:58:01 zenoss postfix/smtp[3324]: 0E7D380D355C: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=103853, delays=103853/0.03/0.06/0.11, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1rY019783 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 0E7D380D355C: removed Feb 16 19:58:01 zenoss postfix/smtp[3322]: 2E2727B80D: to=<[email protected]>, orig_to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=25581, delays=25581/0.14/0.08/0.05, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1eS019793 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 2E2727B80D: removed Feb 16 19:58:01 zenoss postfix/smtp[3327]: 1B1CD7B808: to=<[email protected]>, orig_to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=25809, delays=25809/0.13/0.08/0.07, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1Wj019792 Message accepted for delivery) Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 1B1CD7B808: removed Feb 16 20:01:01 zenoss systemd: Starting Session 3 of user root. Feb 16 20:01:01 zenoss systemd: Started Session 3 of user root. Feb 16 20:01:01 zenoss CROND[3332]: (root) CMD (run-parts /etc/cron.hourly) Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3332 starting 0anacron Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3341 finished 0anacron Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3332 starting 0yum-hourly.cron Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3347 finished 0yum-hourly.cron Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: start interval Feb 16 19:58:01 Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: domain lookup hits=0 miss=2 success=0% Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: address lookup hits=0 miss=2 success=0% Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: max simultaneous domains=1 addresses=1 connection=2 IF ANYONE WANTS TO COMMENT OR HAS ANY INPUT OR ISSUES WITH THIS FIX PLEASE LET ME KNOW AS I WOULD LIKE TO SET THIS UP RIGHT. SEEMS TO BE WORKING FINE. THANKS.