# Able to recieve mail if sent locally but not from the net

## nerrad

Hi people i am using postfix and am able to send emails betwen each account using usermin locally but when i try to send it from the net via gmail i get the following response:

```

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

     x@x.com

Message will be retried for 2 more day(s)

Technical details of temporary failure: 

TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:

[83.151.xxx.xx. (0): Destination address required]

```

>> Destination address required mean---- What destination address? Email? mail server? local pub?[/code]

I am using mydomain.com to redirect my domain to my servers and have set the mx record to point to my mail server.

What have i done wrong?

----------

## magic919

Try sending one from other than Gmail and see if you get a better error message.

----------

## nerrad

Hi thanks for the help,

I signed up with yahoo and sent one from there and got this response:

```
Hi. This is the qmail-send program at yahoo.com.

I'm afraid I wasn't able to deliver your message to the following 

addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<x@x.com>:

83.151.x.x does not like recipient.

Remote host said: 554 <web86803.mail.ukl.yahoo.com[217.12.13.45]>: 

Client host rejected: Access denied

Giving up on 83.151.x.x.
```

I also tried with Hotmail and got no response and no mail delivered! (How rude! :p)

Results from Lycos:

```
This is the Postfix program at host webmail-outgoing.us4.outblaze.com.

I'm sorry to have to inform you that your message could not be

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

         The Postfix program

<x@x.com>: host 83.151.x.x[83.151.x.x] said: 554

     <webmail-outgoing.us4.outblaze.com[205.158.62.67]>: Client host rejected:

     Access denied (in reply to RCPT TO command)
```

I also sent one from my ISP's account but just like Hotmail no response!! and no email

----------

## magic919

Your Postfix must be turning them away then.  You'll see it in your logs.  You can run tests locally to show this.  Telnet port 25 and run through manually.

----------

## nerrad

```
Oct  7 14:58:42 stuff-for-you postfix/smtpd[2603]: starting TLS engine

Oct  7 14:58:43 stuff-for-you postfix/smtpd[2603]: connect from qproxy.gmail.com[72.14.204.207]

Oct  7 14:58:44 stuff-for-you postfix/smtpd[2603]: NOQUEUE: reject: RCPT from qproxy.gmail.com[72.14.204.207]: 554 <qproxy.gmail.com[72.14.204.207]>: Client host rejected: Access denied; from=<its.xxxx@xxxx.com> to=<xxx@xxx.com> proto=ESMTP helo=<qproxy.gmail.com>

Oct  7 14:58:44 stuff-for-you postfix/smtpd[2603]: disconnect from qproxy.gmail.com[72.14.204.207]
```

and when i telnet from my machine to my mail machine i get:

```
554 <unknown[10.0.0.10]>: Client host rejected: Access denied
```

So i think we are pretty safe in assuming that the postfix program is denying everyone apart from mail sent or recieved on my mail server.

So how do i allow other hosts to drop off mail into my users mailboxes without having an open relay for all to abuse?

I have set it so that users have to authenticate via a secure connection before sending mail through me but i didnt realise this would apply for when other mail deamons try to drop mail off!

Aghh

What can i do?

Please help!!!

----------

## magic919

It's a matter of opening up Postfix a touch.  It is set up not to relay and you'll only let them drop in mail that's destined for your domain(s) and maybe just your usernames.

Stick your Postfix main.cf and let us see what it needs.

----------

## nerrad

```
smtpd_sasl_auth_enable = yes 

smtpd_sasl_security_options = noanonymous 

smtpd_sasl_local_domain = 

broken_sasl_auth_clients = yes 

smtpd_client_restrictions = permit_sasl_authenticated, reject 

smtpd_use_tls=yes 

smtpd_tls_auth_only = yes 

smtpd_tls_key_file = /etc/ssl/postfix/server.key 

smtpd_tls_cert_file = /etc/ssl/postfix/server.crt 

smtpd_tls_CAfile = /etc/ssl/postfix/server.pem 

smtpd_tls_loglevel = 3 

smtpd_tls_received_header = yes 

smtpd_tls_session_cache_timeout = 3600s 

tls_random_source = dev:/dev/urandom 

# Global Postfix configuration file. This file lists only a subset

# of all 300+ parameters. See the postconf(5) manual page for a

# complete list.

#

# The general format of each line is: parameter = value. Lines

# that begin with whitespace continue the previous line. A value can

# contain references to other $names or ${name}s.

#

# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF

# POSTFIX STILL WORKS AFTER EVERY CHANGE.

# SOFT BOUNCE

#

# The soft_bounce parameter provides a limited safety net for

# testing.  When soft_bounce is enabled, mail will remain queued that

# would otherwise bounce. This parameter disables locally-generated

# bounces, and prevents the SMTP server from rejecting mail permanently

# (by changing 5xx replies into 4xx replies). However, soft_bounce

# is no cure for address rewriting mistakes or mail routing mistakes.

#

#soft_bounce = no

# LOCAL PATHNAME INFORMATION

#

# The queue_directory specifies the location of the Postfix queue.

# This is also the root directory of Postfix daemons that run chrooted.

# See the files in examples/chroot-setup for setting up Postfix chroot

# environments on different UNIX systems.

#

queue_directory = /var/spool/postfix

# The command_directory parameter specifies the location of all

# postXXX commands.

#

command_directory = /usr/sbin

# The daemon_directory parameter specifies the location of all Postfix

# daemon programs (i.e. programs listed in the master.cf file). This

# directory must be owned by root.

#

daemon_directory = /usr/lib/postfix

# QUEUE AND PROCESS OWNERSHIP

#

# The mail_owner parameter specifies the owner of the Postfix queue

# and of most Postfix daemon processes.  Specify the name of a user

# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS

# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In

# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED

# USER.

#

mail_owner = postfix

# The default_privs parameter specifies the default rights used by

# the local delivery agent for delivery to external file or command.

# These rights are used in the absence of a recipient user context.

# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.

#

#default_privs = nobody

# INTERNET HOST AND DOMAIN NAMES

# 

# The myhostname parameter specifies the internet hostname of this

# mail system. The default is to use the fully-qualified domain name

# from gethostname(). $myhostname is used as a default value for many

# other configuration parameters.

#

#myhostname = stuff-for-you.com

#myhostname = virtual.domain.tld

# The mydomain parameter specifies the local internet domain name.

# The default is to use $myhostname minus the first component.

# $mydomain is used as a default value for many other configuration

# parameters.

#

#mydomain = domain.tld

# SENDING MAIL

# 

# The myorigin parameter specifies the domain that locally-posted

# mail appears to come from. The default is to append $myhostname,

# which is fine for small sites.  If you run a domain with multiple

# machines, you should (1) change this to $mydomain and (2) set up

# a domain-wide alias database that aliases each user to

# user@that.users.mailhost.

#

# For the sake of consistency between sender and recipient addresses,

# myorigin also specifies the default domain name that is appended

# to recipient addresses that have no @domain part.

#

myorigin = $myhostname

#myorigin = $mydomain

# RECEIVING MAIL

# The inet_interfaces parameter specifies the network interface

# addresses that this mail system receives mail on.  By default,

# the software claims all active interfaces on the machine. The

# parameter also controls delivery of mail to user@[ip.address].

#

# See also the proxy_interfaces parameter, for network addresses that

# are forwarded to us via a proxy or network address translator.

#

# Note: you need to stop/start Postfix when this parameter changes.

#

#inet_interfaces = all

#inet_interfaces = $myhostname

#inet_interfaces = $myhostname, localhost

# The proxy_interfaces parameter specifies the network interface

# addresses that this mail system receives mail on by way of a

# proxy or network address translation unit. This setting extends

# the address list specified with the inet_interfaces parameter.

#

# You must specify your proxy/NAT addresses when your system is a

# backup MX host for other domains, otherwise mail delivery loops

# will happen when the primary MX host is down.

#

#proxy_interfaces =

#proxy_interfaces = 1.2.3.4

# The mydestination parameter specifies the list of domains that this

# machine considers itself the final destination for.

#

# These domains are routed to the delivery agent specified with the

# local_transport parameter setting. By default, that is the UNIX

# compatible delivery agent that lookups all recipients in /etc/passwd

# and /etc/aliases or their equivalent.

#

# The default is $myhostname + localhost.$mydomain.  On a mail domain

# gateway, you should also include $mydomain.

#

# Do not specify the names of virtual domains - those domains are

# specified elsewhere (see VIRTUAL_README).

#

# Do not specify the names of domains that this machine is backup MX

# host for. Specify those names via the relay_domains settings for

# the SMTP server, or use permit_mx_backup if you are lazy (see

# STANDARD_CONFIGURATION_README).

#

# The local machine is always the final destination for mail addressed

# to user@[the.net.work.address] of an interface that the mail system

# receives mail on (see the inet_interfaces parameter).

#

# Specify a list of host or domain names, /file/name or type:table

# patterns, separated by commas and/or whitespace. A /file/name

# pattern is replaced by its contents; a type:table is matched when

# a name matches a lookup key (the right-hand side is ignored).

# Continue long lines by starting the next line with whitespace.

#

# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".

#

#mydestination = $myhostname, localhost.$mydomain, localhost

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,

#   mail.$mydomain, www.$mydomain, ftp.$mydomain

# REJECTING MAIL FOR UNKNOWN LOCAL USERS

#

# The local_recipient_maps parameter specifies optional lookup tables

# with all names or addresses of users that are local with respect

# to $mydestination, $inet_interfaces or $proxy_interfaces.

#

# If this parameter is defined, then the SMTP server will reject

# mail for unknown local users. This parameter is defined by default.

#

# To turn off local recipient checking in the SMTP server, specify

# local_recipient_maps = (i.e. empty).

#

# The default setting assumes that you use the default Postfix local

# delivery agent for local delivery. You need to update the

# local_recipient_maps setting if:

#

# - You define $mydestination domain recipients in files other than

#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.

#   For example, you define $mydestination domain recipients in    

#   the $virtual_mailbox_maps files.

#

# - You redefine the local delivery agent in master.cf.

#

# - You redefine the "local_transport" setting in main.cf.

#

# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"

#   feature of the Postfix local delivery agent (see local(8)).

#

# Details are described in the LOCAL_RECIPIENT_README file.

#

# Beware: if the Postfix SMTP server runs chrooted, you probably have

# to access the passwd file via the proxymap service, in order to

# overcome chroot restrictions. The alternative, having a copy of

# the system passwd file in the chroot jail is just not practical.

#

# The right-hand side of the lookup tables is conveniently ignored.

# In the left-hand side, specify a bare username, an @domain.tld

# wild-card, or specify a user@domain.tld address.

# 

#local_recipient_maps = unix:passwd.byname $alias_maps

#local_recipient_maps = proxy:unix:passwd.byname $alias_maps

#local_recipient_maps =

# The unknown_local_recipient_reject_code specifies the SMTP server

# response code when a recipient domain matches $mydestination or

# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty

# and the recipient address or address local-part is not found.

#

# The default setting is 550 (reject mail) but it is safer to start

# with 450 (try again later) until you are certain that your

# local_recipient_maps settings are OK.

#

unknown_local_recipient_reject_code =450

# TRUST AND RELAY CONTROL

# The mynetworks parameter specifies the list of "trusted" SMTP

# clients that have more privileges than "strangers".

#

# In particular, "trusted" SMTP clients are allowed to relay mail

# through Postfix.  See the smtpd_recipient_restrictions parameter

# in postconf(5).

#

# You can specify the list of "trusted" network addresses by hand

# or you can let Postfix do it for you (which is the default).

#

# By default (mynetworks_style = subnet), Postfix "trusts" SMTP

# clients in the same IP subnetworks as the local machine.

# On Linux, this does works correctly only with interfaces specified

# with the "ifconfig" command.

# 

# Specify "mynetworks_style = class" when Postfix should "trust" SMTP

# clients in the same IP class A/B/C networks as the local machine.

# Don't do this with a dialup site - it would cause Postfix to "trust"

# your entire provider's network.  Instead, specify an explicit

# mynetworks list by hand, as described below.

#  

# Specify "mynetworks_style = host" when Postfix should "trust"

# only the local machine.

# 

#mynetworks_style = class

mynetworks_style = subnet

#mynetworks_style = host

# Alternatively, you can specify the mynetworks list by hand, in

# which case Postfix ignores the mynetworks_style setting.

#

# Specify an explicit list of network/netmask patterns, where the

# mask specifies the number of bits in the network part of a host

# address.

#

# You can also specify the absolute pathname of a pattern file instead

# of listing the patterns here. Specify type:table for table-based lookups

# (the value on the table right-hand side is not used).

#

mynetworks = 10.0.0.7/28, 127.0.0.0/8

#mynetworks = $config_directory/mynetworks

#mynetworks = hash:/etc/postfix/network_table

# The relay_domains parameter restricts what destinations this system will

# relay mail to.  See the smtpd_recipient_restrictions description in

# postconf(5) for detailed information.

#

# By default, Postfix relays mail

# - from "trusted" clients (IP address matches $mynetworks) to any destination,

# - from "untrusted" clients to destinations that match $relay_domains or

#   subdomains thereof, except addresses with sender-specified routing.

# The default relay_domains value is $mydestination.

# 

# In addition to the above, the Postfix SMTP server by default accepts mail

# that Postfix is final destination for:

# - destinations that match $inet_interfaces or $proxy_interfaces,

# - destinations that match $mydestination

# - destinations that match $virtual_alias_domains,

# - destinations that match $virtual_mailbox_domains.

# These destinations do not need to be listed in $relay_domains.

# 

# Specify a list of hosts or domains, /file/name patterns or type:name

# lookup tables, separated by commas and/or whitespace.  Continue

# long lines by starting the next line with whitespace. A file name

# is replaced by its contents; a type:name table is matched when a

# (parent) domain appears as lookup key.

#

# NOTE: Postfix will not automatically forward mail for domains that

# list this system as their primary or backup MX host. See the

# permit_mx_backup restriction description in postconf(5).

#

#relay_domains = $mydestination

# INTERNET OR INTRANET

# The relayhost parameter specifies the default host to send mail to

# when no entry is matched in the optional transport(5) table. When

# no relayhost is given, mail is routed directly to the destination.

#

# On an intranet, specify the organizational domain name. If your

# internal DNS uses no MX records, specify the name of the intranet

# gateway host instead.

#

# In the case of SMTP, specify a domain, host, host:port, [host]:port,

# [address] or [address]:port; the form [host] turns off MX lookups.

#

# If you're connected via UUCP, see also the default_transport parameter.

#

#relayhost = $mydomain

#relayhost = [gateway.my.domain]

#relayhost = [mailserver.isp.tld]

#relayhost = uucphost

#relayhost = [an.ip.add.ress]

# REJECTING UNKNOWN RELAY USERS

#

# The relay_recipient_maps parameter specifies optional lookup tables

# with all addresses in the domains that match $relay_domains.

#

# If this parameter is defined, then the SMTP server will reject

# mail for unknown relay users. This feature is off by default.

#

# The right-hand side of the lookup tables is conveniently ignored.

# In the left-hand side, specify an @domain.tld wild-card, or specify

# a user@domain.tld address.

# 

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

# INPUT RATE CONTROL

#

# The in_flow_delay configuration parameter implements mail input

# flow control. This feature is turned on by default, although it

# still needs further development (it's disabled on SCO UNIX due

# to an SCO bug).

# 

# A Postfix process will pause for $in_flow_delay seconds before

# accepting a new message, when the message arrival rate exceeds the

# message delivery rate. With the default 100 SMTP server process

# limit, this limits the mail inflow to 100 messages a second more

# than the number of messages delivered per second.

# 

# Specify 0 to disable the feature. Valid delays are 0..10.

# 

#in_flow_delay = 1s

# ADDRESS REWRITING

#

# The ADDRESS_REWRITING_README document gives information about

# address masquerading or other forms of address rewriting including

# username->Firstname.Lastname mapping.

# ADDRESS REDIRECTION (VIRTUAL DOMAIN)

#

# The VIRTUAL_README document gives information about the many forms

# of domain hosting that Postfix supports.

# "USER HAS MOVED" BOUNCE MESSAGES

#

# See the discussion in the ADDRESS_REWRITING_README document.

# TRANSPORT MAP

#

# See the discussion in the ADDRESS_REWRITING_README document.

# ALIAS DATABASE

#

# The alias_maps parameter specifies the list of alias databases used

# by the local delivery agent. The default list is system dependent.

#

# On systems with NIS, the default is to search the local alias

# database, then the NIS alias database. See aliases(5) for syntax

# details.

# 

# If you change the alias database, run "postalias /etc/aliases" (or

# wherever your system stores the mail alias file), or simply run

# "newaliases" to build the necessary DBM or DB file.

#

# It will take a minute or so before changes become visible.  Use

# "postfix reload" to eliminate the delay.

#

#alias_maps = dbm:/etc/aliases

#alias_maps = hash:/etc/aliases

#alias_maps = hash:/etc/aliases, nis:mail.aliases

#alias_maps = netinfo:/aliases

# The alias_database parameter specifies the alias database(s) that

# are built with "newaliases" or "sendmail -bi".  This is a separate

# configuration parameter, because alias_maps (see above) may specify

# tables that are not necessarily all under control by Postfix.

#

#alias_database = dbm:/etc/aliases

#alias_database = dbm:/etc/mail/aliases

#alias_database = hash:/etc/aliases

#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

# ADDRESS EXTENSIONS (e.g., user+foo)

#

# The recipient_delimiter parameter specifies the separator between

# user names and address extensions (user+foo). See canonical(5),

# local(8), relocated(5) and virtual(5) for the effects this has on

# aliases, canonical, virtual, relocated and .forward file lookups.

# Basically, the software tries user+foo and .forward+foo before

# trying user and .forward.

#

#recipient_delimiter = +

# DELIVERY TO MAILBOX

#

# The home_mailbox parameter specifies the optional pathname of a

# mailbox file relative to a user's home directory. The default

# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify

# "Maildir/" for qmail-style delivery (the / is required).

#

#home_mailbox = Mailbox

#home_mailbox = Maildir/

 

# The mail_spool_directory parameter specifies the directory where

# UNIX-style mailboxes are kept. The default setting depends on the

# system type.

#

#mail_spool_directory = /var/mail

#mail_spool_directory = /var/spool/mail

# The mailbox_command parameter specifies the optional external

# command to use instead of mailbox delivery. The command is run as

# the recipient with proper HOME, SHELL and LOGNAME environment settings.

# Exception:  delivery for root is done as $default_user.

#

# Other environment variables of interest: USER (recipient username),

# EXTENSION (address extension), DOMAIN (domain part of address),

# and LOCAL (the address localpart).

#

# Unlike other Postfix configuration parameters, the mailbox_command

# parameter is not subjected to $parameter substitutions. This is to

# make it easier to specify shell syntax (see example below).

#

# Avoid shell meta characters because they will force Postfix to run

# an expensive shell process. Procmail alone is expensive enough.

#

# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN

# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.

#

mailbox_command = /usr/bin/procmail

#mailbox_command = /some/where/procmail -a "$EXTENSION"

# The mailbox_transport specifies the optional transport in master.cf

# to use after processing aliases and .forward files. This parameter

# has precedence over the mailbox_command, fallback_transport and

# luser_relay parameters.

#

# Specify a string of the form transport:nexthop, where transport is

# the name of a mail delivery transport defined in master.cf.  The

# :nexthop part is optional. For more details see the sample transport

# configuration file.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must update the "local_recipient_maps" setting in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#mailbox_transport = lmtp:unix:/file/name

#mailbox_transport = cyrus

# The fallback_transport specifies the optional transport in master.cf

# to use for recipients that are not found in the UNIX passwd database.

# This parameter has precedence over the luser_relay parameter.

#

# Specify a string of the form transport:nexthop, where transport is

# the name of a mail delivery transport defined in master.cf.  The

# :nexthop part is optional. For more details see the sample transport

# configuration file.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must update the "local_recipient_maps" setting in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#fallback_transport = lmtp:unix:/file/name

#fallback_transport = cyrus

#fallback_transport =

# The luser_relay parameter specifies an optional destination address

# for unknown recipients.  By default, mail for unknown@$mydestination,

# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned

# as undeliverable.

#

# The following expansions are done on luser_relay: $user (recipient

# username), $shell (recipient shell), $home (recipient home directory),

# $recipient (full recipient address), $extension (recipient address

# extension), $domain (recipient domain), $local (entire recipient

# localpart), $recipient_delimiter. Specify ${name?value} or

# ${name:value} to expand value only when $name does (does not) exist.

#

# luser_relay works only for the default Postfix local delivery agent.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must specify "local_recipient_maps =" (i.e. empty) in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#luser_relay = $user@other.host

#luser_relay = $local@other.host

#luser_relay = admin+$local

  

# JUNK MAIL CONTROLS

# 

# The controls listed here are only a very small subset. The file

# SMTPD_ACCESS_README provides an overview.

# The header_checks parameter specifies an optional table with patterns

# that each logical message header is matched against, including

# headers that span multiple physical lines.

#

# By default, these patterns also apply to MIME headers and to the

# headers of attached messages. With older Postfix versions, MIME and

# attached message headers were treated as body text.

#

# For details, see "man header_checks".

#

#header_checks = regexp:/etc/postfix/header_checks

# FAST ETRN SERVICE

#

# Postfix maintains per-destination logfiles with information about

# deferred mail, so that mail can be flushed quickly with the SMTP

# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".

# See the ETRN_README document for a detailed description.

# 

# The fast_flush_domains parameter controls what destinations are

# eligible for this service. By default, they are all domains that

# this server is willing to relay mail to.

# 

#fast_flush_domains = $relay_domains

# SHOW SOFTWARE VERSION OR NOT

#

# The smtpd_banner parameter specifies the text that follows the 220

# code in the SMTP server's greeting banner. Some people like to see

# the mail version advertised. By default, Postfix shows no version.

#

# You MUST specify $myhostname at the start of the text. That is an

# RFC requirement. Postfix itself does not care.

#

#smtpd_banner = $myhostname ESMTP $mail_name

#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION

#

# How many parallel deliveries to the same user or domain? With local

# delivery, it does not make sense to do massively parallel delivery

# to the same user, because mailbox updates must happen sequentially,

# and expensive pipelines in .forward files can cause disasters when

# too many are run at the same time. With SMTP deliveries, 10

# simultaneous connections to the same domain could be sufficient to

# raise eyebrows.

# 

# Each message delivery transport has its XXX_destination_concurrency_limit

# parameter.  The default is $default_destination_concurrency_limit for

# most delivery transports. For the local delivery agent the default is 2.

#local_destination_concurrency_limit = 2

#default_destination_concurrency_limit = 20

# DEBUGGING CONTROL

#

# The debug_peer_level parameter specifies the increment in verbose

# logging level when an SMTP client or server host name or address

# matches a pattern in the debug_peer_list parameter.

#

debug_peer_level = 2

# The debug_peer_list parameter specifies an optional list of domain

# or network patterns, /file/name patterns or type:name tables. When

# an SMTP client or server host name or address matches a pattern,

# increase the verbose logging level by the amount specified in the

# debug_peer_level parameter.

#

#debug_peer_list = 127.0.0.1

#debug_peer_list = some.domain

# The debugger_command specifies the external command that is executed

# when a Postfix daemon program is run with the -D option.

#

# Use "command .. & sleep 5" so that the debugger can attach before

# the process marches on. If you use an X-based debugger, be sure to

# set up your XAUTHORITY environment variable before starting Postfix.

#

debugger_command =

    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

    xxgdb $daemon_directory/$process_name $process_id & sleep 5

# If you don't have X installed on the Postfix machine, try:

# debugger_command =

#   PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;

#   echo where) | gdb $daemon_directory/$process_name $process_id 2>&1

#   >$config_directory/$process_name.$process_id.log & sleep 5

# INSTALL-TIME CONFIGURATION INFORMATION

#

# The following parameters are used when installing a new Postfix version.

# 

# sendmail_path: The full pathname of the Postfix sendmail command.

# This is the Sendmail-compatible mail posting interface.

# 

sendmail_path = /usr/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.

# This is the Sendmail-compatible command to build alias databases.

#

newaliases_path = /usr/bin/newaliases

# mailq_path: The full pathname of the Postfix mailq command.  This

# is the Sendmail-compatible mail queue listing command.

# 

mailq_path = /usr/bin/mailq

# setgid_group: The group for mail submission and queue management

# commands.  This must be a group name with a numerical group ID that

# is not shared with other accounts, not even with the Postfix account.

#

setgid_group = postdrop

# html_directory: The location of the Postfix HTML documentation.

#

html_directory = no

# manpage_directory: The location of the Postfix on-line manual pages.

#

manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.

# This parameter is obsolete as of Postfix 2.1.

#

sample_directory = /etc/postfix

# readme_directory: The location of the Postfix README files.

#

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme

default_destination_concurrency_limit = 2

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

home_mailbox = .maildir/

```

Heres the contents of main.cf

Thanks again for the help really appreciate it

----------

## magic919

OK.  You have mynetworks_style and this ought to be fine.  Comment out the mynetworks = bit lower down as this is an alternative (alternate for the US) method and not needed.  That will sort out the clients on the subnet being able to use the SMTP server to send mail.

How deep do you want to go with the other stuff?  Do you just want it to work.  Are you trying to learn it.  Are you hoping to keep spam out.  Etc...

Mine uses:-

```

smtpd_helo_required = yes

smtpd_helo_restrictions =

        permit_mynetworks,

        reject_invalid_hostname

*        check_helo_access hash:/etc/postfix/helo_access

smtpd_client_restrictions =

        permit_mynetworks

        reject_rbl_client relays.ordb.org

smtpd_recipient_restrictions=

        permit_mynetworks

        reject_unauth_destination

*       check_recipient_access hash:/etc/postfix/spam_recipients

        permit

smtpd_sender_restrictions =

        permit_mynetworks

*        check_sender_access hash:/etc/postfix/sender_restrictions

        reject_unknown_sender_domain

smtpd_data_restrictions = reject_unauth_pipelining

strict_rfc821_envelopes = no

```

The bits I've marked * are part of my anti-spam bits and would need explanation and some more files in order to work.  Leave those out for now.

In general try to make only a change or two and fix one bit of functionality at a time with Postfix.  That'll stop you losing your mind working with it.

----------

## NotQuiteSane

figured this was a better place to askl vs opening a new thread, it's herlped me some, but now I'm stumped.

I'm following the wiki, and am attempting to test incoming mail.  I have 2 domains.  I send from my yahoo account and see this in the logs:

```
Nov  8 22:53:56 [postfix/smtpd] NOQUEUE: reject: RCPT from web32008.mail.mud.yahoo.com[68.142.207.105]: 554 <xxx@xxx>: Relay access denied; from=<xxx@yahoo.com> to=<xxx@xxx> proto=SMTP helo=<web32008.mail.mud.yahoo.com>

Nov  8 22:53:56 [postfix/smtpd] NOQUEUE: reject: RCPT from web32008.mail.mud.yahoo.com[68.142.207.105]: 554 <xxx@xxx>: Relay access denied; from=<xxx@yahoo.com> to=<xxx@xxx> proto=SMTP helo=<web32008.mail.mud.yahoo.com>

Nov  8 22:53:58 [postfix/smtpd] disconnect from web32008.mail.mud.yahoo.com[68.142.207.105]

[root@mike /root]#
```

I've changed my main.cf according to the above post.  i did have a typo (orginal reason for searching), but this error now shows

NQS

----------

## magic919

Okay.  Relay access denied would mean it's coming from a network other than your own (which we know) and that it is for a domain that is not a local domain that Postfix handles.

If you have more than one domain then you'll need to ensure Postfix 'knows' it should handle mail for both.  I use virtual_alias_domains to do mine.

----------

## NotQuiteSane

ok, I googled around and made these changes:

sanitized main.cf:

```
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myorigin = $myhostname

mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain

unknown_local_recipient_reject_code = 450

mynetworks_style = subnet

mynetworks = 192.168.1.0/28, 127.0.0.0/8

relayhost = $mydomain

mailbox_command = /usr/bin/procmail

debug_peer_level = 2

debugger_command =

    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

    xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme

default_destination_concurrency_limit = 2

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

home_mailbox = MAILDIR/

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination

smtpd_use_tls=yes

smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/ssl/postfix/server.key

smtpd_tls_cert_file = /etc/ssl/postfix/server.crt

smtpd_tls_CAfile = /etc/ssl/postfix/server.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks,reject_invalid_hostname

smtpd_client_restrictions = permit_mynetworks,reject_rbl_client relaays.orb.org

smtpd_recipient_restrictions= permit_mynetworks,reject_unauth_destination,permit

smtpd_sender_restrictions = permit_mynetworks,reject_unknown_sender_domain

smtpd_data_restrictions = reject_unauth_pipelining

strict_rfc821_envelopes = no

virtual_alias_maps = hash:/etc/postfix/virtual

virtual_alias_domains = hash:/etc/postfix/virtual

transport_maps = hash:/etc/postfix/transport

relay_domains = $mydestination,$transport_maps
```

transport:

```
3dogs.homelinux.net    virtual:

nqs.is-a-geek.net      virtual:
```

and virtual:

```
nqs@3dogs.homelinux.net     nqs

nqs@nqs.is-a-geek.net     nqs
```

but when I try to send mail from yahoo now I get:

```
Nov  9 21:20:16 [postfix/master] warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Nov  9 21:20:54 [postfix/qmgr] fatal: open database /etc/postfix/transport.db: Invalid argument

Nov  9 21:20:55 [postfix/cleanup] fatal: open database /etc/postfix/virtual.db: Invalid argument

Nov  9 21:20:55 [postfix/master] warning: process /usr/lib/postfix/qmgr pid 14673 exit status 1

Nov  9 21:20:55 [postfix/master] warning: /usr/lib/postfix/qmgr: bad command startup -- throttling

Nov  9 21:20:56 [postfix/master] warning: process /usr/lib/postfix/cleanup pid 14674 exit status 1

Nov  9 21:20:56 [postfix/master] warning: /usr/lib/postfix/cleanup: bad command startup -- throttling

Nov  9 21:20:58 [postfix/pickup] fatal: watchdog timeout

Nov  9 21:20:59 [postfix/master] warning: process /usr/lib/postfix/pickup pid 14599 exit status 1

Nov  9 21:20:59 [postfix/master] warning: /usr/lib/postfix/pickup: bad command startup -- throttling
```

help?  further clues to point me the right way?

NQS

----------

## magic919

Postfix is stuffed due to that config.  It is 'running' but won't do a thing.

Sort out the virtual_alias_domains and transport maps.  Looks like you haven't run postmap command against them to produce the db.

Then restart Postfix and check the logs before anything else.

----------

## NotQuiteSane

```
Nov  9 21:20:16 [postfix/master] warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Nov  9 21:20:54 [postfix/qmgr] fatal: open database /etc/postfix/transport.db: Invalid argument

Nov  9 21:20:55 [postfix/cleanup] fatal: open database /etc/postfix/virtual.db: Invalid argument

Nov  9 21:20:55 [postfix/master] warning: process /usr/lib/postfix/qmgr pid 14673 exit status 1

Nov  9 21:20:55 [postfix/master] warning: /usr/lib/postfix/qmgr: bad command startup -- throttling

Nov  9 21:20:56 [postfix/master] warning: process /usr/lib/postfix/cleanup pid 14674 exit status 1

Nov  9 21:20:56 [postfix/master] warning: /usr/lib/postfix/cleanup: bad command startup -- throttling

Nov  9 21:20:58 [postfix/pickup] fatal: watchdog timeout

Nov  9 21:20:59 [postfix/master] warning: process /usr/lib/postfix/pickup pid 14599 exit status 1

Nov  9 21:20:59 [postfix/master] warning: /usr/lib/postfix/pickup: bad command startup -- throttling

Nov 10 00:52:33 [postfix/local] A40A760B6F7: to=<nqs@mike.3dogs.homelinux.net>, orig_to=<nqs>, relay=local, delay=2227, status=sent (delivered to command: /usr/bin/procmail)

Nov 10 00:52:33 [postfix/qmgr] A40A760B6F7: removed

Nov 10 00:52:33 [postfix/local] A735560B6F8: to=<nqs@mike.3dogs.homelinux.net>, orig_to=<nqs>, relay=local, delay=1327, status=sent (delivered to command: /usr/bin/procmail)

Nov 10 00:52:33 [postfix/qmgr] A735560B6F8: removed

Nov 10 00:52:33 [postfix/local] AA95060B6F9: to=<nqs@mike.3dogs.homelinux.net>, orig_to=<nqs>, relay=local, delay=437, status=sent (delivered to command: /usr/bin/procmail)

Nov 10 00:52:33 [postfix/qmgr] AA95060B6F9: removed

Nov 10 00:52:36 [postfix/local] 2E5AB60B6C1: to=<nqs@mike.3dogs.homelinux.net>, orig_to=<nqs>, relay=local, delay=45430, status=sent (delivered to command: /usr/bin/procmail)

Nov 10 00:52:36 [postfix/qmgr] 2E5AB60B6C1: removed

Nov 10 00:52:37 [postfix/local] B4C7560B6FA: to=<nqs@mike.3dogs.homelinux.net>, orig_to=<root@mike.3dogs.homelinux.net>, relay=local, delay=8, status=sent (delivered to command: /usr/bin/procmail)

Nov 10 00:52:37 [postfix/qmgr] B4C7560B6FA: removed
```

su'ed into me and checked mutt.  test messages were there.

Thank you

NQS

----------

