I’ve followed the perfect SpamSnake tutorial to build a new MX server. Thanks for this BTW.
Everything seemed to go good but now I’m trying to test the system before I change the network information to take over our existing MX and I'm having problems. When I telnet to port 25 using the FQDN I end up getting a 554 Relay denied error. If I’m on the system and telnet localhost 25 I don’t get this error and the email will go through to my internal server. In that case, MailWatch doesn't log anything. Can someone please provide some information on why this might be happening?

TIA
Dave

You must authenticate on the server if you're not using localhost.

Thanks for the reply.
So is there a way to test this using telnet? I've tried the ehlo but I still end up getting relay denied. I've alos tried the AUTH PLAIN but it returns with
503 5.5.1 Error: authentication not enabled

Hey,

If you're logged in as root on your spamsnake, what happens when you try to do a telnet localhost 25?

Rocky

If I use localhost then I can run through the whole procedure and the mail is passed on to my domino server and delivered to my mailbox. I've done this with helo and ehlo with both working on localhost 25.
My mailwatch isn't loging these transactions but I'm not worried about this right now. Could be permissions or something.

Dave B.

Maybe my config can help someone see something....
postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
local_recipient_maps =
local_transport = error:No local mail delivery
mailbox_size_limit = 0
message_size_limit = 10485760
mydestination =
mydomain = city.cornwall.on.ca
myhostname = mx2.city.cornwall.on.ca
mynetworks = 127.0.0.0/8
myorigin = cornwall.ca
readme_directory = no
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_pipelining reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_rbl_client zen.spamhaus.org reject_unauth_destination
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual

And here is a telnet session result
220 mx2.server.on.ca ESMTP Postfix (Ubuntu)
ehlo here.com
250-mx2.server.on.ca
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:me@here.com
250 2.1.0 Ok
rcpt to:dboltz@here.ca
554 5.7.1 <dboltz@here.ca>: Relay access denied
quit
221 2.0.0 Bye


Here is one using localhost

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mx2.server.on.ca ESMTP Postfix (Ubuntu)
ehlo here.com
250-mx2.server.on.ca
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: me@here.com
250 2.1.0 Ok
rcpt to:dboltz@here.ca
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: test message

blah
.
250 2.0.0 Ok: queued as 2405C37A573

Any ideas?
Dave

Solved....

I had a typo in my relay_domains. I had looked at a few times but I guess I saw what I wanted to see.

Dave

Great new. I knew it was something simple.

Good luck and I hope the SpamSnake is everything you want it to be.

Rocky