Postfix not sending to external emails

[CapnJoe]

Okay bear with me. I was asked to look at a server that hadn't been updated in four years. One update of Webmin killed the postfix, something I had never touched and I've learned a lot browsing and googling all weekend. I'll be as clear as I can.

The issue is "554 5.7.1 <test@example.com>: Relay access denied" when emailing from a virtual domain. There are three domains with some 184 email accounts setup under postfix.admin.

The following contains some sanitized data. *PUBLICDOMAIN* is one of the 'virtual domains' and *HOSTDOMAIN* is the unmanaged service address:

Results of nmap smtp.*PUBLICDOMAIN*.com from my home PC:

Code:

Nmap scan report for smtp.*PUBLICDOMAIN*.com (67.225.2**.2**)
Host is up (0.034s latency).
rDNS record for 67.225.2**.2**: host.*HOSTDOMAIN.com
Not shown: 90 filtered ports
PORT     STATE  SERVICE  VERSION
22/tcp   open   ssh      OpenSSH 4.3 (protocol 2.0)
25/tcp   open   smtp     Postfix smtpd
80/tcp   open   http     Apache httpd
443/tcp  open   ssl/http Apache httpd
465/tcp  closed smtps
631/tcp  closed ipp
993/tcp  open   ssl/imap Dovecot imapd
995/tcp  open   pop3s?
8000/tcp closed http-alt
8080/tcp open   http     Apache Tomcat/Coyote JSP engine 1.1

Results of mxtoolbox smtp.*PUBLICDOMAIN*.com:

Code:

Status	Result
	OK - 67.225.2**.2** resolves to host.*HOSTDOMAIN*.com
	OK - Reverse DNS matches SMTP Banner
	OK - Supports TLS.
	0 seconds - Good on Connection time
	OK - Not an open relay.
	0.374 seconds - Good on Transaction Time

EHLO please-read-policy.mxtoolbox.com
250-mail.*HOSTDOMAIN*.com
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [47 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [47 ms]
RCPT TO: <test@example.com>
554 5.7.1 <test@example.com>: Relay access denied [78 ms]
QUIT
221 2.0.0 Bye [47 ms]

ls -la /etc/postfix

Code:

[root@HOSTNAME postfix]# ls -la
drwxr-xr-x  3 root root     4096 May 21 08:07 .
drwxr-xr-x 88 root root    12288 May 21 01:13 ..
-rw-r--r--  1 root root    17832 Apr 15 17:03 access
drwxr-xr-x  2 root root     4096 May 21 07:48 backups
-rw-r--r--  1 root root     3550 Apr 15 17:03 bounce.cf.default
-rw-r--r--  1 root root    11175 Apr 15 17:03 canonical
-rw-r--r--  1 root root     9920 Apr 15 17:03 generic
-rw-r--r--  1 root root    16838 Apr 15 17:03 header_checks
-rw-r--r--  1 root root       20 Apr 14  2008 header_checks.rpmsave
-rw-r--r--  1 root root    11942 Apr 15 17:03 LICENSE
-rw-r--r--  1 root root     1963 May 21 08:07 main.cf
-rw-r--r--  1 root root     1192 Apr 15 17:03 makedefs.out
-rw-r--r--  1 root root     1192 Jul 20  2007 makedefs.out.rpmsave
-rw-r--r--  1 root root     4137 Apr 15 17:03 master.cf
-rw-r--r--  1 root root     3965 May 20 17:12 master.cf.rpmsave
-rw-r--r--  1 root root     1579 May 20 16:04 postconf.txt
-rw-r--r--  1 root root    17639 Apr 15 17:03 postfix-files
-rwxr-xr-x  1 root root     6366 Apr 15 17:03 postfix-script
-rwxr-xr-x  1 root root    22564 Apr 15 17:03 post-install
-rw-------  1 root root     1024 May 21 18:26 prng_exch
-rw-r--r--  1 root root     6805 Apr 15 17:03 relocated
lrwxrwxrwx  1 root root        8 May 20 09:56 ssl -> /etc/ssl
-rw-r--r--  1 root root     1629 Apr 15 17:03 TLS_LICENSE
-rw-r--r--  1 root root    12081 Apr 15 17:03 transport
-rw-r--r--  1 root root    12288 Dec 22  2010 transport.db
-rw-r--r--  1 root root       39 May 13  2009 transport.rpmsave
-rw-r--r--  1 root root    11984 Apr 15 17:03 virtual
-rw-r-----  1 root postfix   126 Sep 18  2008 virtual_alias.cf
-rw-r-----  1 root postfix   174 Nov 20  2008 virtual_domains.cf
-rw-r-----  1 root postfix   174 Sep 18  2008 virtual_mailbox.cf

ls -la /etc/postfix/backups ( where I've had different variations of main.cf archived {post breaking sadly} )

Code:

-rw-r----- 1 root root  1754 Sep 30  2008 main.cf.backup
-rw-r--r-- 1 root root  1963 May 21 03:54 main.cf.backup.21.5.2012
-rw-r--r-- 1 root root 17981 Apr 15 17:03 main.cf.default
-rw-r--r-- 1 root root 26737 May 20 18:16 main.cf.mysqlversiondefualtinstall.cf
-rw-r--r-- 1 root root  1963 May 20 09:44 main.cf.orig.backup.20-5-2012
-rw-r--r-- 1 root root 26737 May 20 17:49 main.cf.outboundworks.20-5-2012
-rw-r--r-- 1 root root  1963 May 20 16:03 main.cf.rpmsave

So everything I've read seems to point to main.cf
As it is right now

Code:

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
setgid_group = postdrop

myhostname = mail.*HOSTDOMAIN*.com
myorigin = $mydomain
mydestination = localhost.$mydomain

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

transport_maps = hash:/etc/postfix/transport

##############################
# Virtual domain setup
# control what domains and users postfix will accept mail for
##############################
virtual_mailbox_domains = mysql:/etc/postfix/virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_alias.cf
virtual_mailbox_base = /home/mail
virtual_uid_maps = static:110
virtual_gid_maps = static:110

header_checks = regexp:/etc/postfix/header_checks

debug_peer_level = 2
#debug_peer_list = cableone.net
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
        echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
        >$config_directory/$process_name.$process_id.log & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix

html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth

smtpd_sender_restrictions = permit_sasl_authenticated permit_mynetworks reject_non_fqdn_sender reject_unknown_sender_domain permit

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
disable_vrfy_command = yes
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_auth_only=yes
smtpd_tls_key_file = /etc/httpd/conf/ssl/webmail_*PUBLICDOMAIN*_com.key
smtpd_tls_cert_file = /etc/httpd/conf/ssl/webmail_*PUBLICDOMAIN*_com.bundle

smtpd_tls_log_level=3

message_size_limit=51200000

This is allowing mail from *HOSTDOMAIN* to be sent out anywhere. And all incoming mail to *PUBLICDOMAIN* works, and *PUBLICDOMAIN* to *PUBLICDOMAIN* works. But *PUBLICDOMAIN* to anything else gives

Code:

554 5.7.1 <username@domain.tld>: Relay access denied

I have tried multiple variations of editing smtpd_sender_restrictions ( if there is none I read it wont work), smtpd_recipient_restrictions, disabling smtpd_use_tls. Adding $localhost, $mydomain, gmail.com, *mygoogleappurl*.net, google.com, mycollegeurl.edu to mydestination.

I dont see where $mydomain is set and "echo $mydomain" gave nothing...

Any suggestions?

[falko]

Did you enable "Server requires authentication" in your email client?

[CapnJoe]

Yes if I do that I get.

Code:

None of the authentication methods supported by this client are supported by your server.

[CapnJoe]

Some additional thoughts, this also has Dovecot ( seems to be working just fine ) MailScanner, SpamAssassin, and Procmail (Procmail is not enabled in your Postfix configuration. The configuration file /etc/postfix/main.cf must have the mailbox_command option set to /usr/bin/procmail.) installed.

[falko]

Can you type

Code:

telnet localhost 25

on your server, and then, when it waits for input,

Code:

ehlo localhost

? What's the output?

[CapnJoe]

Code:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.*HOSTDOMAIN*.com ESMTP Postfix
ehlo localhost
250-mail.*HOSTDOMAIN*.com
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

[falko]

You should have lines like

Code:

250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

in the output, like on http://www.howtoforge.com/virtual-us...u-12.04-lts-p4

Which guide did you use to set up the system?

Can you try to add these lines in your main.cf?

Code:

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes