Jason Aleksi
2018-01-10 22:21:00 UTC
I'm having issues getting a internal development server to relay email to an external server. I have a "BRAVO" server that is used for development and sits behind a firewall. It needs to send email through the ALPHA server to either accounts on ALPHA or external. The BRAVO server will never receive email or have any available mailboxes on it; it simply sends messages out. All the messages from BRAVO can come from a single user account (multiple accounts are acceptable, but not required). ALPHA Server requires authentication and would rather just have one account to relay messages through.
Other than using Gmail as a relay, I keep getting an error 553 Sender address rejected: not owned by user. I've tried different configurations, but cannot get them to work. I'm at the point where I'm not sure where or what to look at trying. Suggestions or direction are appreciated!
-JA-
==About the servers
ALPHA server - Main mail server (running Postfix) for "example.org". No problems sending/receiving. All operations normal. I setup an email account "***@example.org" for BRAVO Authentication. I'm using Postgresql as a backend for virtual hosting. All the PGSQL statements for looking up user accounts appear to be querying correctly.
BRAVO server - Located on a private IP behind a firewall. Used as a local development server that needs email to be sent from local applications. Port 25 outbound is blocked, so the reliance on an external Mail Server (ALPHA Server) on port 587 with Authentication is needed. FQDN for this device is "devbox.example.local". Notice the .local us used internally, .org is for our external presence. The username I log into the devbox is "service"
On BRAVO server, I created a /etc/postfix/sasl/sasl_passwd and set the relay settings in the main.cf.
==>What I'm doing
When I try to send a message from BRAVO to "***@anotherdomain.com" (via ALPHA), ALPHA
==>What's happening
ALPHA Server is rejecting the email with an error 553: "Sender address rejected: not owned by user" It's almost as if the username and password specified in the sasl_passwd configuration is being ignored; but it works with Gmail.
==>Logs from /var/log/mail.log
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: connect from BRAVO[BRAVO.Public.IP x.x.x.x]
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: Anonymous TLS connection established from BRAVO[BRAVO.Public.IP x.x.x.x]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: NOQUEUE: reject: RCPT from BRAVO[BRAVO.Public.IP x.x.x.x]: 553 5.7.1 <***@devbox.example.local>: Sender address rejected: not owned by user ***@example.com; from=<***@devbox.example.local> to=<***@outsidecompany.com> proto=ESMTP helo=<devbox.example.local>
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: disconnect from BRAVO[BRAVO.Public.IP x.x.x.x] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=7/9
==>What I've tried.
1) With success, I changed my SASL_PASSWD and RELAY to use GMail on BRAVO. It works with no problem, emails are being sent on behalf of that user. Not so much when I try ALPHA Server. I really don't want to use this gmail account; and would rather use ALPHA Server
2) On ALPHA, I tried creating a subdomain and linking the ***@example.org to ***@devbox.example.local, but no success.
3) On BRAVO server, I tried creating a virtual-regexp and redirect ALL mail being sent to look as if it were coming from the relayuser. The SASL_PASSWD and Relay are configured to use the ALPHA. But I still get the same 553 error as above.
cat << 'EOF' | sudo tee -a /etc/postfix/virtual-regexp
/.+@.+/ ***@example.org
EOF
cat << 'EOF' | sudo tee -a /etc/postfix/main.cf
virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp
EOF
sudo postmap /etc/postfix/virtual-regexp
sudo touch /etc/postfix/virtual && sudo postmap /etc/postfix/virtual
Other than using Gmail as a relay, I keep getting an error 553 Sender address rejected: not owned by user. I've tried different configurations, but cannot get them to work. I'm at the point where I'm not sure where or what to look at trying. Suggestions or direction are appreciated!
-JA-
==About the servers
ALPHA server - Main mail server (running Postfix) for "example.org". No problems sending/receiving. All operations normal. I setup an email account "***@example.org" for BRAVO Authentication. I'm using Postgresql as a backend for virtual hosting. All the PGSQL statements for looking up user accounts appear to be querying correctly.
BRAVO server - Located on a private IP behind a firewall. Used as a local development server that needs email to be sent from local applications. Port 25 outbound is blocked, so the reliance on an external Mail Server (ALPHA Server) on port 587 with Authentication is needed. FQDN for this device is "devbox.example.local". Notice the .local us used internally, .org is for our external presence. The username I log into the devbox is "service"
On BRAVO server, I created a /etc/postfix/sasl/sasl_passwd and set the relay settings in the main.cf.
==>What I'm doing
When I try to send a message from BRAVO to "***@anotherdomain.com" (via ALPHA), ALPHA
==>What's happening
ALPHA Server is rejecting the email with an error 553: "Sender address rejected: not owned by user" It's almost as if the username and password specified in the sasl_passwd configuration is being ignored; but it works with Gmail.
==>Logs from /var/log/mail.log
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: connect from BRAVO[BRAVO.Public.IP x.x.x.x]
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: Anonymous TLS connection established from BRAVO[BRAVO.Public.IP x.x.x.x]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: NOQUEUE: reject: RCPT from BRAVO[BRAVO.Public.IP x.x.x.x]: 553 5.7.1 <***@devbox.example.local>: Sender address rejected: not owned by user ***@example.com; from=<***@devbox.example.local> to=<***@outsidecompany.com> proto=ESMTP helo=<devbox.example.local>
Jan 10 15:50:03 ALPHA postfix/submission/smtpd[24956]: disconnect from BRAVO[BRAVO.Public.IP x.x.x.x] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=7/9
==>What I've tried.
1) With success, I changed my SASL_PASSWD and RELAY to use GMail on BRAVO. It works with no problem, emails are being sent on behalf of that user. Not so much when I try ALPHA Server. I really don't want to use this gmail account; and would rather use ALPHA Server
2) On ALPHA, I tried creating a subdomain and linking the ***@example.org to ***@devbox.example.local, but no success.
3) On BRAVO server, I tried creating a virtual-regexp and redirect ALL mail being sent to look as if it were coming from the relayuser. The SASL_PASSWD and Relay are configured to use the ALPHA. But I still get the same 553 error as above.
cat << 'EOF' | sudo tee -a /etc/postfix/virtual-regexp
/.+@.+/ ***@example.org
EOF
cat << 'EOF' | sudo tee -a /etc/postfix/main.cf
virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp
EOF
sudo postmap /etc/postfix/virtual-regexp
sudo touch /etc/postfix/virtual && sudo postmap /etc/postfix/virtual