Postfix: Relay Access Denied after change of postfix_config in config.inc.php

I have a proper installation of Ispconfig v2.2.9 (I know that there is a higher release available, but I didn't find something in the release notes that is associated with this issue).

In order to solve the problem described in this topic http://www.howtoforge.com/forums/archive/index.php/t-3841.html I changed the postfix_config parameter in the config.inc.php to the POSTFIX-STYLE

Code:

$go_info["server"]["postfix_config"] = 2; // 1 = SENDMAIL-STYLE, 2 = POSTFIX-STYLE

After Ispconfig recreated the files local-host-names and virtusertable and also made some changes to the main.cf of postfix it was not possible to receive email anymore.
The log shows the following error message:

Code:

 postfix/smtpd[27960]: NOQUEUE: reject: RCPT from mail.gmx.net[213.165.64.20]: 554 <julian@***.de>: Relay access denied; from=<Julian.H***@***.de> to=<julian@***.de> proto=SMTP helo=<mail.gmx.net>

If I reset the postfix_config to the SENDMAIL-STYLE then everything will work fine.

So does anyone have an idea of what is going wrong here?

local-host-names:

Code:

###################################
#
# ISPConfig local-host-names Configuration File
#         Version 1.0
#
###################################
localhost
cdlg.site
localhost.cdlg.site
localhost.site
#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
static.***.clients.your-server.de
localhost.***.clients.your-server.de

virtusertable (small section only):

Code:

###################################
#
# ISPConfig virtusertable Configuration File
#         Version 1.0
#
###################################
***.de    VIRTUALDOMAIN
webmaster@***.de    web3_heder
julian@***.de    web3_heder

postconf -n:

Code:

alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 20480000
mydestination = /etc/postfix/local-host-names
mydomain = ***.clients.your-server.de
myhostname = static.***.clients.your-server.de
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual

Thanks for help.

EDIT: Parts of domain names removed (***) to avoid further spam attacks

 

The line

virtual_maps = hash:/etc/postfix/virtusertable

is included in the main.cf but not shown by the "postconf -n" command. That is probably because virtual_maps has been replaced by virtual_alias_domains and virtual_alias_maps in Postfix 2.0. (http://www.postfix.org/postconf.5.html#virtual_maps)


But I try to remove the line

virtual_alias_domains = hash:/etc/postfix/virtual

as it could make difficulties according to the issue described above.



I will report if it works, thanks for now.

EDIT: removed typing error.

 

I typed it wrong, I meant "postconf -n", sorry.

 

Please comment out the virtual_alias_domains line, restart Postfix, and post the output of

Code:

postconf -n

again.

 

Okay, the problem with the error message "Relay Access Denied" seems to be solved now by commenting out the line

virtual_alias_domains = hash:/etc/postfix/virtual

postconf -n

Code:

alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 20480000
mydestination = /etc/postfix/local-host-names
mydomain = 88-198-40-9.clients.your-server.de
myhostname = static.88-198-40-9.clients.your-server.de
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

When using the sendmail-style the parameters virtual_alias_domains and virtual_alias_maps are irrelevant because there is only local mapping used with the domains (mydestination = /etc/postfix/local-host-names) and the email-adresses (virtual_maps = /etc/postfix/virtusertable).
So it does'nt lead to a problem if the virtual_alias_maps or virtual_alias_domains is specified.

As the postfix-style removes the domains from the local-host-names and adds them to the virtusertable it becomes a problem if there is defined a virtual_alias_maps or a virtual_alias_domain.
The default value of virtual_alias_domain is virtual_alias_maps that again has the default value $virtual_maps. Therefore the virtusertable is only used if this parameters don't have a different setting.

The best solution from my point of view would be if Ispconfig comments out this parameters in the main.cf as they aren't used in any case.

-------------------------------------------------------------------

After the change above I was faced with the next error message:

Code:

postfix/smtp[30194]: 53E82318005: to=<[email protected]>, relay=none, delay=0, status=bounced (Host or domain name not found. Name service error for name=localhost.localdomain type=AAAA: Host not found)

As you can see in the first post of the thread the localhost.localdomain is missing in the local-host-names.
When using the sendmail-style this entry is automatically set by Ispconfig but with the postfix-style obviously not.
That seems to be a bug even though it is no effort to add this entry manually.


Anyway, all is working fine now, thanks for your help!

Rasputin

 

Please make sure that localhost.localdomain is listed in /etc/hosts.

 

Currently the entry localhost.localdomain is not listed in the /etc/hosts.

Is this change necessary even though it works by adding it manually to the local-host-names?

Why does Ispconfig automatically add this entry when using the sendmail style but not if using the postfix style?

 

I'd always add localhost.localdomain to the 127.0.0.1 line in /etc/hosts.