Warum Relay access denied ?

Matthias Doering matthias.doering at mldsc.de
Sa Nov 21 22:12:49 CET 2015 

Hi,

Ich habe hier ein Problem mit meiner neuen Postfix/ Dovecot Installation.
Ich habe das System komplett neu aufgesetzt.
Das meiste funktioniert schon. SASL, IMAP und POP Abruf via Dovecot. Ich 
kann auch direkt via LMTP Nachrichten abliefern. Auch das versenden von 
Nachrichten klappt.
Was nicht klappt ist der Empfang von Nachrichten.
Ich bekomme immer eine Relay access denied.
Ich komme einfach nicht dahinter was Ich hier falsch mache.

mail.log
 >>>>>>>>>>>>>>
Nov 21 22:06:04 mailgw01 postfix/smtpd[531]: connect from 
absenderserver.example.org[94.189.80.94]
Nov 21 22:06:05 mailgw01 postfix/smtpd[531]: Untrusted TLS connection 
established from absenderserver.example.org[94.189.80.94]: TLSv1.2 with 
cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 21 22:06:05 mailgw01 postfix/smtpd[531]: NOQUEUE: reject: RCPT from 
absenderserver.example.org[94.189.80.94]: 554 5.7.1 
<lukas at codegeeks.de>: Relay access denied; 
from=<absendermail at example.org> to=<zielmail at example.com> proto=ESMTP 
helo=<bsenderserver.example.org>
Nov 21 22:06:05 mailgw01 postfix/smtpd[531]: disconnect from 
absenderserver.example.org[94.189.80.94]
<<<<<<<<<<<<<<

postconf -n
address_verify_map = btree:/var/spool/postfix/data/verify
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_template_file = /etc/postfix/bounce.de-DE.cf
config_directory = /etc/postfix
default_database_type = btree
disable_vrfy_command = yes
double_bounce_sender = double-bounce
inet_interfaces = all
inet_protocols = all
lmtp_generic_maps = btree:/etc/postfix/lmtp_generic_maps
lmtp_tls_protocols = $smtp_tls_protocols
mailbox_size_limit = 52428800
message_size_limit = 52428800
mydestination = mailgw01.example.com, localhost
myhostname = mailgw01.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
plaintext_reject_code = 571
readme_directory = no
recipient_bcc_maps = btree:/etc/postfix/recipient_bcc_maps
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps
recipient_delimiter = +
relay_domains = btree:/etc/postfix/relay_domains
relayhost =
relocated_maps = btree:/etc/postfix/relocated_maps
sender_bcc_maps = btree:/etc/postfix/sender_bcc_maps
sender_canonical_classes = envelope_sender
sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps
show_user_unknown_table_name = no
smtp_generic_maps = btree:/etc/postfix/smtp_generic_maps
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_key_file = $smtpd_tls_key_file
smtp_tls_loglevel = 1
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_rate_limit = 20
smtpd_recipient_restrictions = check_recipient_access 
btree:/etc/postfix/access_recipient-rfc check_client_access 
cidr:/etc/postfix/access_client check_helo_access 
btree:/etc/postfix/access_helo check_sender_access 
btree:/etc/postfix/access_sender check_recipient_access 
btree:/etc/postfix/access_recipient permit_sasl_authenticated 
permit_mynetworks reject_rbl_client zen.spamhaus.org reject_rbl_client 
ix.dnsbl.manitu.net reject_rbl_client bl.spamcop.net reject_rhsbl_client 
multi.uribl.com reject_unverified_recipient permit_mx_backup 
reject_unauth_destination check_policy_service inet:10.0.0.77:10000 permit
smtpd_reject_footer = \c. Contact your postmaster/admin for technical 
assistance. He can achieve our postmaster via email: 
postmaster at mldsolutions.de In any case, please provide the following 
information in your problem report: This error message, time 
($localtime), client ($client_address) and server ($server_name).
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = inet:172.20.19.14:3659
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/postfix/certs/full_cafile_20151114.crt
smtpd_tls_dh1024_param_file = /etc/postfix/certs/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/certs/dh_512.pem
smtpd_tls_eecdh_grade = ultra
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, 
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/postfix/certs/mailgw01.mldsc.de_20151114_key.crt
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist = aNULL:-aNULL:RC4-SHA:ALL:@STRENGTH
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
transport_maps = btree:/etc/postfix/transport_maps, 
btree:/etc/postfix/relay_domains
unverified_recipient_reject_reason = Recipient address lookup failed
unverified_sender_reject_reason = Sender address lookup failed
virtual_transport = lmtp:[172.20.19.14]:24

-- 
Mit freundlichen Grüßen

Matthias Döring

Mehr Informationen über die Mailingliste Postfixbuch-users