Postfix configuration for simple SMTP relaying

This forum is dedicated to advanced help and support :

Ask here your questions about advanced usage of Mageia. For example you may post here all your questions about network and automated installs, complex server configurations, kernel tuning, creating your own Mageia mirrors, and all tasks likely to be touchy even for skilled users.

Postfix configuration for simple SMTP relaying

Postby BlueDragon » Dec 23rd, '17, 02:40

Hi all,

I'm trying to find a solution for setting up a very basic SMTP relay system. The reason is that I'm owning a old HP printer / scanner (mfp) which can only be configured to send the scans to a given IP address on port 25, without any further authentication option available. So I state it again, there are only 2 things I can configure there: a gateway IP and a SMTP IP! Until recently I could access my ISP mail server without authentication on a given IP:25 address. Now somehow they changed something and of course they state they did not... I tried to telnet to that port and the server is simply refusing the connection. Any connection coming from my mail client though, using ssl/tls authentication on port 465, is working well. Hence the need for setting up my own mail server able to reply without authentication to the HP printer within my home LAN and to simply forward the email to the ISP mail server, over an authenticated connection. First I tried with SSMTP but then I had to realize that this would only work for the host itself. So I decided to setup postfix in a simple relay mode.

After having spend countless hours trying to find a working solution, I'm landing again here, in need of help from some more knowledgeable people than me. :?

So here is my postfix file:
Code: Select all
# This file contains only the parameters changed from a default install
# see /etc/postfix/ for a commented, fuller version of this file.

# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib64/postfix
data_directory = /var/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

# User configurable parameters

inet_interfaces = localhost
inet_protocols = all
mynetworks_style = host
#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mageia Linux)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
# enable opportunistic TLS when receiving
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# enable opportunistic TLS when sending
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
myhostname =
relayhost =
alias_maps = hash:/etc/postfix/aliases

My postfix generic file:
Code: Select all

My postfix aliases file:
Code: Select all
# Default aliases file for postfix
# this file should be in /etc or in /etc/postfix but if you want it in
# /etc/postfix you'll have to adjust your /etc/postfix/ file accordingly
# Aliases in this file will NOT be expanded in the header from
# mail, but WILL be visible over networks or from /bin/mail.
# Following alias is required by the mail protocol, RFC 822 (and by RFC2142)
# Set it to the address of a HUMAN who deals with this system's mail problems.
# For various security reasons, postfix WILL NOT deliver mail as root, so
# ensure that the root alias is aliased to a HUMAN user, as otherwise
# mail may get delivered to the $default_privs user (nobody).
postmaster: root

# Many mailers use this address to represent the empty SMTP return
# path
MAILER-DAEMON:   postmaster

# Common aliases for system accounts.
bin:      root
daemon:      root
games:      root
ingres:      root
nobody:      root
system:      root
toor:      root
foo:      root
falken:      root

# Well-known aliases.
admin:      root
manager:   root
dumper:      root
operator:   root

# traps to catch security attacks
decode:      root
moof:      root
moog:      root

# The following aliases are required by RFC 2142
info:      staff
marketing:   staff
sales:      staff
support:   staff

# Standard aliases also defined by RFC 2142
abuse:      postmaster
# reports of network infrastructure difficulties
noc:      root
# address to report secuirty problems
security:   root
# DNS administrator (DNS soa records should use this)
hostmaster:   root
# Usenet news service administrator
news:      usenet
usenet:      root
# http/web service administrator
www:      webmaster
webmaster:   root
# UUCP service administrator
uucp:      root
# FTP administrator (especially anonymouse FTP)
ftp:      root

# Commonly used group aliases:
staff:      postmaster
office:      postmaster
all:      postmaster
tech:      postmaster
ops:      postmaster

# Person who should get root's mail.  This alias
# must exist.
# CHANGE THIS LINE to an account of a HUMAN

# Note to the user: You must create the alias above!
# The root alias *must* exist under postfix because
# postfix runs as a non-privileged user and cannot
# touch a spool file which is UID/GID root
# The mapping to the postfix user is to ensure that root's mail
# doesn't get lost on a system installed out of the box.

I get following error message from the ISP mail server:
Code: Select all
554 5.7.1 <unknown[]>:
    Client host rejected: Access denied (in reply to RCPT TO command)

If my assumption is correct, I think the server is refusing the connection because the to: user / email address is not known. Actually I tried to change this user (with the generic file) to a known user but it's never changing anything. Postfix keep on picking my local account name as first part so actually uses "" as receiver and sender email address. How could I change this behaviour?

NB: My sasl_pwd file contains:
Code: Select all

Thanks for any hint!
Posts: 47
Joined: Feb 22nd, '17, 20:47

Return to Advanced support

Who is online

Users browsing this forum: No registered users and 1 guest