GMAIL - Relay Access Denied

[sunnyg]

Hello,
Hoping someone can help me out, I have installed EFA5 on Rocky Linux 9, everything is working fine with the exception I cannot send emails to Gmail.

having tested using telnet from my email server I get the following result:

Code: Select all

220 efa.ghataura.net ESMTP Postfix
EHLO mail.ghataura.net
250-efa.ghataura.net
250-PIPELINING
250-SIZE 133169152
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
MAIL FROM:<test@ghataura.com>
250 2.1.0 Ok
RCPT TO:<XXXXXX@gmail.com> NOTIFY=success,failure554 5.7.1 <XXXXXX@gmail.com>: Relay access denied

I cannot seem to figure out why efa is rejecting with the error Relay access denied, all other email accounts are working as expected.

Anyone who can help would be much appriciated

[shawniverson]

Do you have SPF/DKIM set up for your domain? Google now requires it.

Also, are both your .net and .com domains defined in your transport file?

Mail Settings --> Transport Settings

And also, is your client allowed to relay via eFa, is it an allowed address?

Mail Settings --> Outbound Relay Settings

[sunnyg]

Hi,

Settings are as below:

SPF/DKIM is set up for the domain

Mail Settings --> Transport Settings

3 settings are here:
1 ghataura.ca mail.ghataura.net
2 ghataura.com mail.ghataura.net
3 ghataura.net mail.ghataura.net

And also, is your client allowed to relay via eFa, is it an allowed address?

Mail Settings --> Outbound Relay Settings
Allowed address is configured with 10.100.1.0/24

The exchange server is running in IP 10.100.1.6

[shawniverson]

That should be all you need.

In /etc/postfix/main.cf, do the following lines look okay?

mynetworks = 127.0.0.1/8 [::1]/128 10.100.1.0/24
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

[sunnyg]

Settings are as below:

mynetworks = 127.0.0.1/8 [::1]/128 10.100.1.0/24

smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

I do have the following also setup:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501
qmqpd_authorized_clients = 127.0.0.1 [::1]

if you want I can paste the whole main.cf file, so you can see all the settings that I have set.

[shawniverson]

Sure you can DM me the config and I'll review. I am at a loss as to why gmail.com is getting relay access denied and other domains aren't.

[pdwalker]

Any luck resolving this issue? I'm curious as to what the actual problem was and the solution might be interesting to read about.

[sunnyg]

Hi

the issue was being caused by IPv6, my ISP is pushing IPv6 to all devices even though i have it disabled in my windows AD, so on the exchange server i had to set the following registry entry:

Location: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
Key: DisabledComponents
Type: REG_DWORD
Value: 0xFF

This turns off everything related to IPv6 on the exchange server forcing it to use the internal IPv4 address. I also had to turn of DKIM and DMARC in EFA but i think that is more a configuration that I need to look at in more detail, but for now is not a requirement.