Score:0

Google Compute Services VM and mailman

ca flag

I have a VM with Google running mailman 2.1.29 and it is rejecting inbound emails quoting the Google Compute Services name (new-xxxx.c.agile-being-nnnnnn.internal) and "Relay access denied". The hostname has been set to the active DNS name and /etc/hosts file reflects the same. But I cannot figure out where it is getting the "agile-being" name from.

Thanks for any suggestions!

Additional Details: OS = Rocky 8.4, SMTP = Postfix 3.5.8

[Log extract]

Jul 20 19:33:57 myhosts postfix/smtpd[207044]: 23FCD80062C8: client=mail-oi1-f182.google.com[209.85.167.182]
Jul 20 19:33:57 myhosts postfix/cleanup[207052]: 23FCD80062C8: message-id=<CACRzxksX7et7g68YEddA7fz92LqAswLKNtLM+CaX0EmXg0y
[email protected]>
Jul 20 19:33:57 myhosts postfix/qmgr[207037]: 23FCD80062C8: from=<[email protected]>, size=3610, nrcpt=1 (queue a
ctive)
Jul 20 19:33:57 myhosts postfix/smtpd[207044]: disconnect from mail-oi1-f182.google.com[209.85.167.182] ehlo=2 starttls=1 m
ail=1 rcpt=1 bdat=1 quit=1 commands=7
Jul 20 19:33:57 myhosts postfix/local[207053]: 23FCD80062C8: to=<[email protected]>, relay=local, delay=0.66, delays=0.56/0.01/
0/0.09, dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman post myhosts)
Jul 20 19:33:57 myhosts postfix/qmgr[207037]: 23FCD80062C8: removed
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: connect from localhost[::1]
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<myhosts.org>
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: disconnect from localhost[::1] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: connect from localhost[::1]
Jul 20 19:34:00 myhosts postfix/smtpd[207044]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<myhosts.org>
Jul 20 19:34:00 myhosts postfix/smtpd[207044]: disconnect from localhost[::1] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5

[main.cf]

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
mydomain = myhosts.org
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
smtpd_banner = myhosts.org ESMTP Server
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:2525
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    check_client_access hash:/etc/postfix/helo_client_exceptions,
    check_sender_access      hash:/etc/postfix/sender_checks,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    check_client_access hash:/etc/postfix/rbl_client_exceptions,
    reject_unknown_hostname,
    reject_unknown_client,
    reject_unverified_recipient,
    reject_unverified_sender,
    reject_rbl_client bl.spamcop.net,
    reject_rhsbl_client rhsbl.sorbs.net,
    reject_rbl_client dul.dnsbl.sorbs.net
smtpd_enforce_tls                = no
smtpd_tls_loglevel               = 1
smtpd_use_tls                    = yes
smtpd_discard_ehlo_keywords =
Pit avatar
dz flag
Pit
It may be related with [this similar issue](https://stackoverflow.com/questions/17331718/relay-access-denied-on-sending-mail-other-domain-outside-of-network) from StackOverflow. Also read more about this error on this [external page](https://serversitters.com/how-to-correct-554-5-7-1-relay-access-denied-email-errors-and-prevent-them-in-the-future.html), it may be produced by firewall rules
Score:1
cz flag

The mynetworks setting should contain the IP addresses for localhost, but someone has deleted the primary address for localhost, ::1, from the list. Restore this setting.

For example:

mynetworks = [::1]/128, 127.0.0.0/8

The mynetworks setting may also be removed entirely. In this case trusted networks will be localhost and those on the same LAN as your host (in GCE, those VMs sharing a VPC network).

Bill R avatar
ca flag
Michael - Thank you that was it. lol - I missed something as obvious as that!
Bill R avatar
ca flag
There is still one issue as mailman has embedded the 1st host name (new-xxxx.c.agile-being-nnnnnn.internal) for this new server into the config.pck. The server now has its final host name which is different. How do I change the config.pck file to reflect the final host name?
Michael Hampton avatar
cz flag
@BillR That's a quite different question. You should post it separately.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.