[BlueOnyx:26375] The Postfix learning curve continues
Chad Bersche
chad at bersche.com
Sat Jul 29 22:27:20 -05 2023
As I wrote to the list earlier, I've recently switched over to Postfix
mainly to allow for external authorized outbound email to be sent, and
I'm finding a few things along the way that aren't working as they had.
I'm now facing an issue that I'm not sure how to address in Postfix. I
have a number of devices in my network (BMC/ILO/iDRAC) and other
consumer devices (like NAS systems, etc.) that typically send emails
when health/status issues arise. Unfortunately, the majority of these
do not have any concept of authentication to the email server before
they try to send email. Some of these notices are sent to email
addresses that are hosted on my BlueOnyx system, but some of them also
get sent to other (remote) monitoring email addresses.
I explicitly listed the device IP addresses in the relay field, but,
obviously that's not working since the authentication isn't taking
place. Maillog shows things similar to:
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks:
name=permit_mynetworks status=0
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks:
name=reject_unauth_destination
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]:
reject_unauth_destination: emailalert at external.com
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]:
permit_auth_destination: emailalert at external.com
Jul 29 21:49:32 mail postfix/submission/smtpd[427630]: NOQUEUE: reject:
RCPT from backup-server.bersche.com[172.18.172.106]: 554 5.7.1
<emailalert at external.com>: Relay access denied; from=<chad at bersche.com>
to=<emailalert at external.com> proto=ESMTP helo=<localhost>
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks:
name=reject_unauth_destination status=2
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: >>> END Recipient
address RESTRICTIONS <<<
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: >
backup-server.bersche.com[172.18.172.106]: 554 5.7.1
<emailalert at external.com>: Relay access denied
Given that I can't update the devices to support authenticated email, is
there a path forward to allow certain known unauthenticated email
sessions to proceed? I'd not anticipated this in the update, but found
that I'd not been getting alerts/updates that I had been before the
migration and started digging.
Thanks for all the help. My experience with Postfix is much less than
Sendmail, and I'm trying to adapt.
More information about the Blueonyx
mailing list