Why relay access denied?

General eFa discussion
Post Reply
blason
Posts: 13
Joined: 26 Dec 2012 06:47

Why relay access denied?

Post by blason » 27 Dec 2012 20:54

I have below setup but strangely reverse mails are being denied where it shouldnt. Am I missing anything?


mail.test.net [192.168.1.135] -------------->mail.bara.net [192.168.1.133] ------RELAY zim.bara.net:25--------------->zim.bara.net [192.168.1.134]


Mail from test.net reaches properly to user@bara.net but reply messages are being denied by mai.bara.net with RELAY ACCESS DENIED


Dec 27 21:31:15 mail postfix/smtpd[4002]: connect from zim.bara.net[192.168.1.134]
Dec 27 21:31:15 mail postfix/smtpd[4002]: NOQUEUE: reject: RCPT from zim.bara.net[192.168.1.134]: 554 5.7.1 <test1@test.net>: Relay access denied; from=<bara@bara.net> to=<test1@test.net> proto=ESMTP helo=<zim.bara.net>
Dec 27 21:31:15 mail postfix/smtpd[4002]: disconnect from zim.bara.net[192.168.1.134]

blason
Posts: 13
Joined: 26 Dec 2012 06:47

Re: Why relay access denied?

Post by blason » 28 Dec 2012 07:06

Not sure what went wrong but messages are still being denied by Baruwa. Plus why messages are being kept in hold queue and how do I disable that setting

Dec 28 08:01:47 mail postfix/policy-spf[2524]: : Policy action=PREPEND Received-SPF: pass (test.net: 192.168.1.135 is authorized to use 'test@test.net' in 'mfrom' identity (mechanism 'mx' matched)) receiver=mail.bara.net; identity=mailfrom; envelope-from="test@test.net"; helo=mail.test.net; client-ip=192.168.1.135
Dec 28 08:01:47 mail postfix/smtpd[2520]: 4E5272C004F: client=mail.test.net[192.168.1.135]
Dec 28 08:01:47 mail postfix/cleanup[2525]: 4E5272C004F: hold: header Received: from mail.test.net (mail.test.net [192.168.1.135])??by mail.bara.net (Postfix) with ESMTP id 4E5272C004F??for <manish@bara.net>; Fri, 28 Dec 2012 08:01:46 +0100 (CET) from mail.test.net[192.168.1.135]; from=<test@test.net> to=<manish@bara.net> proto=ESMTP helo=<mail.test.net>

blason
Posts: 13
Joined: 26 Dec 2012 06:47

Re: Why relay access denied?

Post by blason » 28 Dec 2012 07:44

OK - I somehow managed to resolve the issue by commenting below lines.

#smtpd_client_restrictions = permit_sasl_authenticated
#smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
#smtpd_helo_restrictions = permit_sasl_authenticated check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname
#smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, rbl_policy, spf_policy
#smtpd_data_restrictions = permit_sasl_authenticated, reject_unauth_pipelining

Now I would like to understand couple of points. Since the baruwa is in a gateway role wondering how it can authenticate users which are actually on other server. What consequences this would cause?

User avatar
darky83
Site Admin
Posts: 537
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Why relay access denied?

Post by darky83 » 28 Dec 2012 08:09

Hi Blason,

By commenting out those lines you will have a pretty much ineffective spam filter :-) so I would recommend changing that back.
I Guess you want to use the EFA system also as a outgoing relay, currently that is not implemented but that will be available in version 0.3 (expect it to be available somewhere end jan/begin feb)

Also user authentication is not available, currently EFA is just a 'plane spam filter', authentication (AD auth for example) is on the wish list but don't expect it to be available pretty soon (that is if you want to try to build it your self it can be available much sooner of course :-) )

d.
Version eFa 4.x now available!

User avatar
darky83
Site Admin
Posts: 537
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Why relay access denied?

Post by darky83 » 28 Dec 2012 22:31

I just added this feature to the 0.3 configure script so you can enable internal networks for mail relaying through EFA when 0.3 is released.
Version eFa 4.x now available!

blason
Posts: 13
Joined: 26 Dec 2012 06:47

Re: Why relay access denied?

Post by blason » 30 Dec 2012 13:55

Hi Darky,

Yes, since Baruwa Appliance is acting as a gateway wanted to have a outgoing relay as well. So, you mean right now Baruwa can only be used as a incoming server and wont be used for outgoing relay? I am trying to send a mail through Baruwa and I get Relay access denied message, is it because of that?

Dec 30 14:38:31 mail postfix/smtpd[8957]: NOQUEUE: reject: RCPT from zim.bara.net[192.168.1.134]: 554 5.7.1 <test1@test.net>: Relay access d enied; from=<bara1@bara.net> to=<test1@test.net> proto=ESMTP helo=<zim.bara.net>


test.net [192.168.1.135] <---------->mail.bara.net [192.168.1.133]<---------->zim.bara.net [192.168.1.134] ======== Incoming works fine


zim.bara.net [192.168.1.134] ---------> mail.bara.net [192.168.1.133] ----------------> test.net [192.168.1.135] ========= Relay Access Denied

User avatar
darky83
Site Admin
Posts: 537
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Why relay access denied?

Post by darky83 » 30 Dec 2012 15:52

Well see this post: http://forum.efa-project.org/viewtopic.php?f=5&t=219

I explained there how you can configure relaying for some hosts you should use that to allow your 192.168.1.0/24 range to relay through the system.
Version eFa 4.x now available!

blason
Posts: 13
Joined: 26 Dec 2012 06:47

Re: Why relay access denied?

Post by blason » 30 Dec 2012 16:38

OK - Simply adding subnet in mynetworks doesnt work. Let me try following the said changes.

Oh BTW, just wondering how can I have baruwa to scan internal mails for AS/AV?

Post Reply