# Postfix +SMTP +Allow Relay

## CobraNMU

Well, my postfix installation seems to be working great now except for one portion. We have several mail servers which don't appear to be allowed to relay through the server. Some of the old asp sites don't allow for user/pass so I need those to be allowed to pass through.

My current settings:

main.cf

mynetworks = cidr:/etc/postfix/network_table

smtpd_recipient_restrictions =

        permit_mynetworks,

network_table

208.75.220.0/24 OK

208.88.128.0/24 OK

current log file

Aug 15 10:17:55 [postfix/smtpd] connect from unknown[208.88.128.9]

Aug 15 10:17:55 [postfix/smtpd] warning: unknown[208.88.128.9]: SASL LOGIN authentication failed: authentication failure

Aug 15 10:17:55 [postfix/smtpd] lost connection after AUTH from unknown[208.88.128.9]

Aug 15 10:17:55 [postfix/smtpd] disconnect from unknown[208.88.128.9]

Aug 15 10:17:55 [postfix/smtpd] connect from unknown[208.88.128.9]

Aug 15 10:17:55 [postfix/smtpd] warning: unknown[208.88.128.9]: SASL LOGIN authentication failed: authentication failure

Aug 15 10:17:55 [postfix/smtpd] lost connection after AUTH from unknown[208.88.128.9]

Aug 15 10:17:55 [postfix/smtpd] disconnect from unknown[208.88.128.9]

What am I missing here?

----------

## kashani

Did you postmap the network file after you edited it? The other possibility is that the syntax is off. http://www.postfix.org/cidr_table.5.html shows this sort of config.

```

 smtpd_client_restrictions =

      cidr:/etc/postfix/client.cidr

```

kashani

----------

## steveb

Could you post your whole main.cf and master.cf?

// SteveB

----------

## kashani

What Steve said, but use ponstconf -n. We don't need to see nine pages of commented out crap.

kashani

----------

## steveb

 *kashani wrote:*   

> What Steve said, but use ponstconf -n. We don't need to see nine pages of commented out crap.

 Thanks kashani. You are right. postconf -n should be enough. The config part CobraNMU has posted is okay. And I suspect a client restriction or another restriction messing up things. So we need more configuration from Postfix and not just some small extract.

// SteveB

----------

## CobraNMU

biff = no

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

content_filter = smtp-amavis:[127.0.0.1]:10024

daemon_directory = /usr/lib64/postfix

debug_peer_level = 1

default_destination_concurrency_limit = 20

empty_address_recipient = MAILER-DAEMON

home_mailbox = .maildir/

html_directory = /usr/share/doc/postfix-2.4.6-r2/html

inet_interfaces = all

local_destination_concurrency_limit = 2

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maximal_queue_lifetime = 1d

message_size_limit = 32200000

mydomain = wsol.com

mynetworks = cidr:/etc/postfix/network_table

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

queue_minfree = 120000000

readme_directory = /usr/share/doc/postfix-2.4.6-r2/readme

relay_domains = $transport_maps

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtpd_recipient_restrictions = permit_mynetworks,       check_client_access hash:/etc/postfix/client_access,    check_sender_access hash:/etc/postfix/sender_access,       permit_sasl_authenticated,      reject_non_fqdn_hostname,       reject_non_fqdn_sender, reject_non_fqdn_recipient,         reject_unauth_destination,      reject_unauth_pipelining,       reject_invalid_hostname,        reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org,        reject_rbl_client bl.spamcop.net,       reject_rbl_client sbl-xbl.spamhaus.org

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

transport_maps = hash:/etc/postfix/transport

unknown_local_recipient_reject_code = 550

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:1001

virtual_mailbox_base = /mnt/fs1

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_limit = 51200000

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_minimum_uid = 1001

virtual_overquota_bounce = yes

virtual_transport = virtual

virtual_uid_maps = static:1001

----------

## kashani

I'd try the following since I'm fairly certain that mynetworks is not designed for OK and REJECT codes. 

```

mynetworks = 127.0.0.0/8

smtpd_recipient_restrictions = permit_mynetworks, cidr:/etc/postfix/client.cidr, check_client_access hash:/etc/postfix/client_access, etc etc etc

```

kashani

----------

## CobraNMU

Kashani....

You are the man! That worked great.

Thanks again. That's twice in a row you've saved my butt.

Rob

----------

## steveb

 *kashani wrote:*   

> I'd try the following since I'm fairly certain that mynetworks is not designed for OK and REJECT codes.

 Right and wrong. If used the way CobraNMU has used the CIDR map in mynetworks, the result is ignored. *http://www.postfix.org/postconf.5.html#mynetworks wrote:*   

> a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup result is ignored)

 

// SteveB

----------

