Hi,
I have set up a Proxmox Mail Gateway in front of an internal Exchange server.Incoming mail works fine: external senders deliver to PMG, it filters and forwards to Exchange. Outgoing mail sent directly from PMG also works (via my ISP’s relayhost).
The problem: When internal systems (e.g. an application server at 192.168.1.45) try to send mail to external recipients through PMG, the connection is rejected with:
Kod
454 4.7.1 <user@extern.se>: Relay access denied
554 5.5.1 Error: no valid recipients
Kod
NOQUEUE: reject: RCPT from photo.local[192.168.1.45]: 454 4.7.1 <tomas.hermansson@sap.com>: Relay access denied; from=<immich@dmz.se> to=<tomas.hermansson@sap.com>
# Domains we receive for and forward to Exchange
relay_domains = dmz.se ubx.se hermaina.se wcv.se
transport_maps = hash:/etc/postfix/transport
# Smarthost for everything else (outgoing to Internet)
relayhost = [mailout.privat.bahnhof.se]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
# Restrictions
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
mynetworks = 127.0.0.0/8 [::1]/128 192.168.1.0/24
I have set up a Proxmox Mail Gateway in front of an internal Exchange server.Incoming mail works fine: external senders deliver to PMG, it filters and forwards to Exchange. Outgoing mail sent directly from PMG also works (via my ISP’s relayhost).
The problem: When internal systems (e.g. an application server at 192.168.1.45) try to send mail to external recipients through PMG, the connection is rejected with:
Kod
454 4.7.1 <user@extern.se>: Relay access denied
554 5.5.1 Error: no valid recipients
Kod
NOQUEUE: reject: RCPT from photo.local[192.168.1.45]: 454 4.7.1 <tomas.hermansson@sap.com>: Relay access denied; from=<immich@dmz.se> to=<tomas.hermansson@sap.com>
Current configuration (main.cf excerpt)
ini# Domains we receive for and forward to Exchange
relay_domains = dmz.se ubx.se hermaina.se wcv.se
transport_maps = hash:/etc/postfix/transport
# Smarthost for everything else (outgoing to Internet)
relayhost = [mailout.privat.bahnhof.se]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
# Restrictions
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
mynetworks = 127.0.0.0/8 [::1]/128 192.168.1.0/24
Question
- Why are my internal systems (which are in mynetworks) still rejected when sending to external domains?
- Should I adjust relay_domains, mynetworks, or another parameter to allow trusted clients to relay outgoing mail via the relayhost?
- Is it correct practice to keep my own domains in relay_domains and let everything else go via relayhost, or is there a better approach for PMG in this setup?
Last edited: