[afnog] Failing to receive inbound emails

Moses Muya mouzmuyer at gmail.com
Mon Jan 23 10:51:24 UTC 2012


Hi,type 'sudo gedit  /etc/posfix/relay_recipients' and add the relevant
email address(es)  to the list followed by a space and 'ok' e.g '
example at example.com        ok'.Save the file then type 'sudo postmap
/etc/postfix/relay_recipients' .That's it! Enjoy your emails!

On 23 Jan 2012 13:40, "Rumbidzayi Gadhula" <rumbiles at gmail.com> wrote:

>
>
> I have a postfix email installation on linux. I can send emails to other
> domains and my ISP relays the emails. However I get relay access denied
> messages when I send emails to my domain. I get the following error
> message,
>
> *Delivery to the following recipient failed permanently:
>
> *
> *     *
>
> *test at yyyyy.ac.zw*
>
> *
> Technical details of permanent failure:*
>
> *Google tried to deliver your message, but it was rejected by the
> recipient domain. We recommend contacting the other email provider for
> further information about the cause of this error. The error that the other
> server returned was: 550 550 unknown user test at yyyyy.ac.zw(state 17)*
>
> On the firewall interface I am getting the following error
>
>
>  *Jan 18 15:54:57 xxxxx-SERVER postfix/smtpd[31115]: NOQUEUE: reject:
> RCPT from ssss.ttttttt.com[aaa.bbb.ccc.49]: 554 5.7.1 <test at yyyyy.ac.zw>:
> Relay access denied; from=<> to=<test at yyyyy.ac.zw> proto=SMTP helo=<
> ssss.ttttttt.com>*
> **
>
> I have two email servers, 192.168.1.2 hosting xxxxx domain,  works fine
> and 192.168.1.10 with the yyyyy domain failing to receive emails. I am
> using the same ISP for routing emails. The xxxxx domain is the one
> registered usng the public address  that I am also using for domain yyyyy.
> How do I configure my firewall to direct traffic for yyyyy domain to the
> 192.168.1.10 server? See my current  firewall configuration below
>
> PIX Version 6.3(3)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password Ya33doEYpauqoRPP encrypted
> passwd Ya33doEYpauqoRPP encrypted
> hostname xxxxxA
> domain-name xxxxx.co.zw
> fixup protocol dns maximum-length 512
> fixup protocol ftp 21
> no fixup protocol h323 h225 1720
> no fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol rsh 514
> fixup protocol rtsp 554
> no fixup protocol sip 5060
> no fixup protocol sip udp 5060
> fixup protocol skinny 2000
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol tftp 69
> names
> name 192.168.1.3 hotspot
> name 192.168.1.2 xxxxx
> name 192.168.1.10 yyyyy
> access-list inbound deny icmp any any
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq www
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq smtp
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8080
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq domain
> access-list inbound permit udp any host aaa.bbb.ddd.14 eq domain
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq ftp
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 4848
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 81
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 3000
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8000
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8005
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8443
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8009
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq https
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq ssh
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8081
> access-list inbound permit tcp any host aaa.bbb.ddd.14 eq 8082
> access-list 101 permit ip any any
> pager lines 24
> mtu outside 1500
> mtu inside 1500
> ip address outside aaa.bbb.ddd.14 255.255.255.252
> ip address inside 192.168.1.1 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm location 192.168.1.6 255.255.255.255 inside
> pdm logging informational 100
> pdm history enable
> arp timeout 14400
> global (outside) 10 interface
> nat (inside) 10 0.0.0.0 0.0.0.0 0 0
> alias (inside) xxxxx aaa.bbb.ddd.14 255.255.255.255
> static (inside,outside) tcp interface smtp xxxxx smtp netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface www xxxxx www netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface 8080 xxxxx 8080 netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface ftp xxxxx ftp netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface 81 xxxxx 81 netmask 255.255.255.255
> 0 0
> static (inside,outside) tcp interface 4848 xxxxx 4848 netmask
> 255.255.255.255 0 0
> access-group inbound in interface outside
> route outside 0.0.0.0 0.0.0.0 aaa.bbb.ddd.13 1
> route inside 192.168.0.0 255.255.255.0 hotspot 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> 1:00:00
> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> aaa-server LOCAL protocol local
> aaa authentication telnet console LOCAL
> aaa authentication http console LOCAL
> http server enable
> http 192.168.1.0 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> telnet aaa.bbb.ddd.12 255.255.255.252 outside
> telnet 192.168.1.0 255.255.255.0 inside
> telnet timeout 50
> ssh timeout 60
> console timeout 0
> dhcpd dns aaa.bbb.ccc.1 aaa.bbb.ccc.4
> username admin password fuqXsBJRQmphzmcC encrypted privilege 15
> terminal width 80
> Cryptochecksum:2d70437ecde3ce671db45b421f97351f
> : end
>
>
> Regards,
>
> R Gadhula
>
>
> --
> *Senior Systems Administrator
> UZCHS- NECTAR
> Ward C10, Parirenyatwa Hospital
> Mazoe St, Avondale
> Harare
> Tel: +263772 148 889/890 x 320
> Cell:0772588210*
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20120123/d34a96fb/attachment-0001.html>


More information about the afnog mailing list