Join Log in
Score:2
QF0 avatar Server

How do I persuade a remote Postfix to allow relaying from my ISP-assigned IP address?

gu flag
QF0

Scenario: I'm testing an SMTP server on my local network, and I now need to check that it can send emails out to the net. The problem is, of course, that I'm going out via my ISP, and my ISP-assigned fixed IP address is not on DNS (I could put it on DNS, of course, but I couldn't set the reverse lookup, so it wouldn't help).

To get around this, I have Postfix set up on a remote server, and I'm trying to relay my outgoing messages through this server, to a local recipient on that server. This looks like it should be straightforward, but I'm obviously missing something. This is a new Postfix 3.6.4 setup, and main.cf contains:

mynetworks = 127.0.0.0/8, 93.184.216.34/32
smtpd_helo_restrictions = permit_mynetworks, ...
smtpd_client_restrictions = permit_mynetworks, ...

93.184.216.34 is my ISP-assigned address, and my local network is dummy-domain.com. When I try to send an email to the server I get a failure, and the server log file says:

Oct 16 13:24:42 titan postfix/smtpd[19103]: connect from my-isp[93.184.216.34]
Oct 16 13:24:42 titan postfix/smtpd[19103]: NOQUEUE: reject: RCPT from my-isp[93.184.216.34]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<a-local-recipient-address> proto=ESMTP helo=<dummy-domain.com>
Oct 16 13:24:42 titan postfix/smtpd[19103]: lost connection after RCPT from my-isp[93.184.216.34]

postconf confirms mynetworks, but it also says this:

compatibility_level = 0
smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}

Which I understand, perhaps incorrectly, to say that the default smtpd_relay_restrictions does not include permit_mynetworks, contrary to the documentation. So I explicity set this in main.cf:

smtpd_relay_restrictions = permit_mynetworks

Restarted, And postconf now reports exactly the line above. However, it still doesn't work, and the server logfile still shows the same message. Any ideas? And how do I get postconf to show me the current real settings, without having to worry about the compatibility level? Thanks.

EDIT

as per anx's answer, it turns out that smtpd_client_restrictions = permit_mynetworks ("Permit the request when the client IP address matches any network or network address listed in $mynetworks") isn't sufficient. You also need

smtpd_sender_restrictions = permit_mynetworks

with permit_mynetworks before reject_unknown_sender_domain. This all works without any changes to /etc/hosts, or any need to add anything to DNS.

128
1 + 0
Score:2
anx avatar Server
fr flag
anx

Sender address rejected: Domain not found

This one nothing to do with your mail servers sending IP or its missing reverse association. You are using a sender address with a domain that cannot be found. Look for a statement like reject_unknown_sender_domain in your smtpd_*_restrictions, and prepend something that lifts this restriction for your needs. It is probably the smtpd_sender_restrictions that you need to edit to proceed beyond this message. Or just configure an address as sender that actually can be found in DNS (again, this is independent from whether the hostname of the server sending the messages can be found in DNS).

+ 2
QF0 avatar
gu flag
QF0
Thanks. I'll edit the question to show a specific fix.
0
Reply
anx avatar
fr flag
anx
Note that you can also add your own answer, or edit an existing answer - whether it your own or not. We generally prefer the have the Question contain.. well, the question or problem description, and the answer or solution in the answer section.
2
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.