Hey all! I just registered, because I'm currently struggling with my postfix configuration! I currently want to set up the following mail-flow-scenario: internet -> postfix (relay to) -> mailserver mailserver -> (smarthost) postfix) -> internet So, I want that postfix receives all e-mail traffic and then relays it to my mailserver. Further I want that all outgoing mail should be send through the postfix server (acting as smarthost) Mailserver and Postfix-Server are not on the same subnet/ip-range this is my current configuration. I tried with smtp_client_restrictions and smtpd_recipient_restrictions . Somehow I have to allow my mailserver (with hostname/ip) only to send e-mails. But also allow all others to connect to receive e-mails The relay_recipients map contains all valid e-mail recipients The map access_clients contains the hostname and ip of my mailserver Code: ###Basic Settings myhostname = smtp1.mydomain.at mydomain = mydomain.at myorigin = $mydomain inet_interfaces = all #mydestination = $mydomain, localhost relay_domains = mydomain.at mynetworks = 127.0.0.0/8, external.ip/32 #smtpd_peername_lookup = no ###Maps local_recipient_maps = local_transport = error: local main delivery disabled transport_maps = hash:/etc/postfix/maps/transport relay_recipient_maps = hash:/etc/postfix/maps/relay_recipients ###Configuration smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/maps/access_clients, permit_sasl_authenticated, reject smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/maps/access_clients, permit_sasl_authenticated, permit_auth_destination, check_relay_domains, reject_unauth_destination #reject_unauth_pipelining, #reject_invalid_hostname, #reject_non_fqdn_recipient, #reject_non_fqdn_hostname, #reject_invalid_helo_hostname, #reject_unknown_recipient_domain, #reject_rbl_client zen.spamhaus.org, #reject_rhsbl_helo dbl.spamhaus.org, #reject_rhsbl_sender dbl.spamhaus.org smtpd_data_restrictions = reject_unauth_pipelining Currently postfix says "Client host rejected: Access denied " for alle connections! Somebody has an idea how I can achieve my scenario?
Hi, Have you managed to pin down what restriction that is causing the rejection? Is it check_client_access? If unsure, please comment out both lines with "check_client_access" and try again. If it works then. Please get back to us with the content of check_client_access.
