postfix can't receive mail; send OK

ssfrstlstnm · 04-24-2007, 07:06 PM

I am unable to receive mail from the outside. Any suggestions are greatly appreciated. I get this in the system log after trying to send mail from my gmail account (ip's and domain names changed to protect the guilty):

Code:

Apr 24 18:55:55 localhost postfix/smtpd[5604]: connect from nz-out-0506.google.com[64.233.162.229]
Apr 24 18:55:55 localhost postfix/smtpd[5604]: NOQUEUE: reject: RCPT from nz-out-0506.google.com[64.233.162.229]: 554 5.7.1 <myemail@gmail.com>: Sender address rejected: Access denied; from=<myemail@gmail.com> to=<stephen@mydomain.com> proto=ESMTP helo=<nz-out-0506.google.com>
Apr 24 18:55:55 localhost postfix/smtpd[5604]: disconnect from nz-out-0506.google.com[64.233.162.229]

main.cf

Code:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

delay_warning_time = 4h

# SASL parameters
#smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_sasl_authenticated,
                            permit_mynetworks,
                            reject
smtpd_recipient_restrictions =  permit_mynetworks,
                                check_client_access hash:/etc/postfix/client_access,
                                reject_unauth_destination
relay_recipient_maps = hash:/etc/postfix/relay_recipients
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes

# SASL client parameters
#smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanomymous

# TLS parameters
smtpd_use_tls = yes
smtp_use_tls = yes
smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file=$smtpd_tls_cert_file
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_tls_loglevel = 3
tls_random_source = dev:/dev/random

myhostname = mydomain.com
mydomain = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $mydomain, localhost.localdomain, localhost, mydomain1.com, mydomain2.com
local_recipient_maps =
relay_domains = $mydomain, localhost.localdomain, localhost, mydomain1.com, mydomain2.com
relayhost = mail.insightbb.com
mynetworks = 127.0.0.0/8 128.210.184.0/24 192.168.1.0/24 my.external.ip.here
home_mailbox = Maildir/
MAILDIR=$HOME/Maildir
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# smtp rewriting maps
smtp_generic_maps = hash:/etc/postfix/rewrite

relay_recipients is set up with postmap from something like this

Code:

@yahoo.com OK
@gmail.com OK
@hotmail.com OK
@purdue.edu OK
@mydomain.com OK

sasl_passwd is set up with postmap from this

Code:

mail1@gmail.com      MyPassword1
mail2@yahoo.com      MyPassword2

ramram29 · 04-24-2007, 07:27 PM

It could be that your ISP is blocking port 25.

ssfrstlstnm · 04-24-2007, 07:29 PM

Don't think that's it since google is connecting to smtpd and getting rejected (see the syslog output that I posted above).

ramram29 · 04-24-2007, 07:47 PM

Quote:

Originally Posted by ssfrstlstnm

smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject

Change it to:

Quote:

smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
permit

With what you have you are permitting only senders that are authenticated via sasl or user from your local network and every other sender is rejected including the sender from the google account.

Also make sure that you have:

Quote:

smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

Or you'll have an open relay.

ssfrstlstnm · 04-24-2007, 08:01 PM

That did it! Thanks!