# postfix rejected me

## Mala Zaba

Hi, I would like give access to my computer for send and receive mail... my pop3 is ok, but my smtp server don't work with computer are not in my network (192.168.1.2)  When a computer try send mail with my computer, I have on my port "Recipient address rejected: relay access denied."  How i can configure postfix for he accept all email from Internet (the smtp work with sasl for authentification for a minimum security)

Thanks for your help

----------

## delta407

Accepting all e-mail from the internet creates a conditition known as an open relay whereby spammers will detect your insecure mail server and use it to distribute junk mail. You do not want to have an open relay, since then you will be blacklisted by a number of sites (i.e. they won't let you connect or even accept mail from your machine indirectly), and bad things will happen to you.

What, exactly, do you want to do?

----------

## Mala Zaba

 *delta407 wrote:*   

> What, exactly, do you want to do?

 

I would like to offer a service of mail to my friends and family. They will be able to have access with no limit of 5mo and a good service Anti-Spam (spamassassin). I know that, safety it is really not good and can be useful of my server to make Spam. It is for that I installed sasl and I put the users who one access in the database of sasl. Moreover, I changed the port of postfix. But I am able to send courier only from the interior of my lan. My friends are always rejected. 

My main.cf

```
command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

relayhost = smtp1.sympatico.ca

mail_spool_directory = /var/spool/mail

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = .maildir/

debug_peer_level = 2

debugger_command =

         PATH=/usr/bin:/usr/X11R6/bin

                  xxgdb $daemon_directory/$process_name $process_id & sleep 5

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

```

----------

## mixmasterdj2002

Im having the exact same problem receiving mail from the internet, could you please tell me how you solved this problem???

Thanks

----------

## Nitro

 *Mala Zaba wrote:*   

> Hi, I would like give access to my computer for send and receive mail... my pop3 is ok, but my smtp server don't work with computer are not in my network (192.168.1.2)  When a computer try send mail with my computer, I have on my port "Recipient address rejected: relay access denied."  How i can configure postfix for he accept all email from Internet (the smtp work with sasl for authentification for a minimum security)
> 
> 

 

Take a peek @ http://www.postfix.org/basic.html#relaying and http://www.postfix.org/basic.html#mynetworks .

For example, on my server, I have: 

```
mynetworks = 192.168.1.0/24, 127.0.0.0/8

relay_domains = $mydestination

```

----------

## Forse

I am having trouble with relay too. I did read docs   :Confused:   , but still no luck...could anyone help?

```
alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

debug_peer_level = 2

default_destination_concurrency_limit = 10

home_mailbox = .maildir/

inet_interfaces = all

local_destination_concurrency_limit = 2

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain $mydomain

mydomain = goldenrain.net

myhostname = mail.goldenrain.net

mynetworks = 192.168.0.0/24, 127.0.0.0/8

mynetworks_style = class

myorigin = $myhostname

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.0.3

relay_domains = $inet_interfaces

relayhost = 127.0.0.1

sample_directory = /etc/postfix/sample

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

unknown_local_recipient_reject_code = 450
```

----------

## Torg

I get around all of this with my spamassassin install.

I use fetchmail to pull mail from various accounts, and dump em through spamassassin, and then to courier to be served back up again.

I don't run SMTP services on my box.

I use SSMTP (Comes with vcron) to redirect the servers SMTP traffic to my ISP's SMTP server instead.  This way, I can't be an open relay, and I don't have to deal with the headache that is sendmail/postfix/exim/etc....

You should also have your friends/family use their isp's smtp in their configs.

i.e. incoming server (Pop3/IMAP) is your server, and outgoing is their ISP's SMTP.  This will work for all but the most anal ISP's.

Unless you are receiving mail for a domain that's only on that server, this is an easy way to avoid this all together.

-Torg

----------

## Forse

 *Torg wrote:*   

> I get around all of this with my spamassassin install.
> 
> I use fetchmail to pull mail from various accounts, and dump em through spamassassin, and then to courier to be served back up again.
> 
> I don't run SMTP services on my box.
> ...

 

ooo...thnx but how do I get my stupido Postfix to trust everyone (sounds so corn...)???

----------

## patrickbores

 *Quote:*   

> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains

 

There's your problem. You need to have a "reject" directive at the end of your smtpd_recipient_restrictions list, or Postfix will reject all mail. Put "reject_unauth_destination" at the end of that list and see if it works.

----------

## vidigiani

Like others said, open relaying is a security hole. One alternative is to set up SSH on your box. Then just have your friends connect and tunnel to SMTP. When you tunnel you run in the context of the local host so everything will work fine, their connection will be secured by encryption, and you can allow only your friends to use the service. Furthermore, if you have a falling out with a friend it is very easy to remove them from SSH   :Laughing:  .

----------

