[SOLVED] Relay Access Denied

dthompson

Well-Known Member
Nov 23, 2011
146
14
58
Canada
www.digitaltransitions.ca
Hi all!

I have a 2 node cluster. I relay all my internal email for customers off of one of the 2 nodes. It has been this way for eons. It has worked flawlessly for eons. Now, this afternoon our of nowhere the relay server decided to it would no longer relay any mails from that email server. My other email server however it is still accepting and relaying. When I relay off of the other server in the cluster, it appears to work.

This is the error that I am seeing in the logs at this point:

Aug 18 17:42:30 swarmx1 postfix/smtpd[33719]: connect from hc1.digidns.ca[192.168.9.11]
Aug 18 17:42:30 swarmx1 postfix/smtpd[33719]: Anonymous TLS connection established from hc1.digidns.ca[192.168.9.11]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Aug 18 17:42:30 swarmx1 postfix/smtpd[33719]: NOQUEUE: reject: RCPT from hc1.digidns.ca[192.168.9.11]: 554 5.7.1 <david@domain.ca>: Recipient address rejected: Rejected by SPF: 192.168.9.11 is not a designated mailserver for dthompson%40domain.com (context mfrom, on swarmx1.mailhive.ca); from=<dthompson@domain.com> to=<david@domain.ca> proto=ESMTP helo=<hc1.digidns.ca>
Aug 18 17:42:30 swarmx1 postfix/smtpd[33719]: disconnect from hc1.digidns.ca[192.168.9.11] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

I get this part:
Code:
Rejected by SPF: 192.168.9.11 is not a designated mailserver

However, this setup has been in play for a long time like this. I've added the internal servers to the white list. My other servers are also setup the same way and do not exhibit this issue. I'm fairly stumped and am looking for help here.

Thank you.
 
Last edited:
I assume that the logs are from a PMG system (and not a downstream server)...

Rejected by SPF: 192.168.9.11 is not a designated mailserver

This would indicate that you have:
a) enabled SPF in the Mail Proxy (GUI->Configuration->Mail Proxy -> Options)
b) are sending your outbound mail to the external port of PMG (defaults to 25) instead of the internal one (defaults to 26)?
c) the ip of your internal server 192.168.9.11 is not in the Mail Proxy Whitelist (GUI->Configuration->Mail Proxy -> Whitelist)

why this issue surfaced now is nothing that the logs can answer - maybe the DNS server you have configured in PMG now answers with the external SPF record for the domain? maybe the downstream server started relaying via the external port recently?

I hope this helps!
 
  • Like
Reactions: fiona and dmlc

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!