[BlueOnyx:26375] The Postfix learning curve continues

Chad Bersche chad at bersche.com
Sat Jul 29 22:27:20 -05 2023 

As I wrote to the list earlier, I've recently switched over to Postfix 
mainly to allow for external authorized outbound email to be sent, and 
I'm finding a few things along the way that aren't working as they had.

I'm now facing an issue that I'm not sure how to address in Postfix.  I 
have a number of devices in my network (BMC/ILO/iDRAC) and other 
consumer devices (like NAS systems, etc.) that typically send emails 
when health/status issues arise.  Unfortunately, the majority of these 
do not have any concept of authentication to the email server before 
they try to send email.  Some of these notices are sent to email 
addresses that are hosted on my BlueOnyx system, but some of them also 
get sent to other (remote) monitoring email addresses.

I explicitly listed the device IP addresses in the relay field, but, 
obviously that's not working since the authentication isn't taking 
place.  Maillog shows things similar to:

Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks: 
name=permit_mynetworks status=0
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks: 
name=reject_unauth_destination
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: 
reject_unauth_destination: emailalert at external.com
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: 
permit_auth_destination: emailalert at external.com
Jul 29 21:49:32 mail postfix/submission/smtpd[427630]: NOQUEUE: reject: 
RCPT from backup-server.bersche.com[172.18.172.106]: 554 5.7.1 
<emailalert at external.com>: Relay access denied; from=<chad at bersche.com> 
to=<emailalert at external.com> proto=ESMTP helo=<localhost>
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks: 
name=reject_unauth_destination status=2
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: >>> END Recipient 
address RESTRICTIONS <<<
Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: > 
backup-server.bersche.com[172.18.172.106]: 554 5.7.1 
<emailalert at external.com>: Relay access denied


Given that I can't update the devices to support authenticated email, is 
there a path forward to allow certain known unauthenticated email 
sessions to proceed?  I'd not anticipated this in the update, but found 
that I'd not been getting alerts/updates that I had been before the 
migration and started digging.

Thanks for all the help.  My experience with Postfix is much less than 
Sendmail, and I'm trying to adapt.

More information about the Blueonyx mailing list