[BlueOnyx:26376] Re: The Postfix learning curve continues

Larry Smith lesmith at ecsis.net
Sun Jul 30 09:21:53 -05 2023 

Chad,

  You mention "devices in my network" but it appears you have
not set your "mynetworks" parameter to include these addresses.
If you set the mynetworks to the entire network (your private net
such as 172.18.0.0/16 or appropriate) then the permit_mynetworks
would allow relay from these devices I think.

-- 
Larry Smith
lesmith at ecsis.net

On Sat July 29 2023 22:27, Chad Bersche via Blueonyx wrote:
> As I wrote to the list earlier, I've recently switched over to Postfix
> mainly to allow for external authorized outbound email to be sent, and
> I'm finding a few things along the way that aren't working as they had.
>
> I'm now facing an issue that I'm not sure how to address in Postfix.  I
> have a number of devices in my network (BMC/ILO/iDRAC) and other
> consumer devices (like NAS systems, etc.) that typically send emails
> when health/status issues arise.  Unfortunately, the majority of these
> do not have any concept of authentication to the email server before
> they try to send email.  Some of these notices are sent to email
> addresses that are hosted on my BlueOnyx system, but some of them also
> get sent to other (remote) monitoring email addresses.
>
> I explicitly listed the device IP addresses in the relay field, but,
> obviously that's not working since the authentication isn't taking
> place.  Maillog shows things similar to:
>
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks:
> name=permit_mynetworks status=0
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks:
> name=reject_unauth_destination
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]:
> reject_unauth_destination: emailalert at external.com
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]:
> permit_auth_destination: emailalert at external.com
> Jul 29 21:49:32 mail postfix/submission/smtpd[427630]: NOQUEUE: reject:
> RCPT from backup-server.bersche.com[172.18.172.106]: 554 5.7.1
> <emailalert at external.com>: Relay access denied; from=<chad at bersche.com>
> to=<emailalert at external.com> proto=ESMTP helo=<localhost>
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: generic_checks:
> name=reject_unauth_destination status=2
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: >>> END Recipient
> address RESTRICTIONS <<<
> Jul 29 22:02:30 mail postfix/submission/smtpd[429547]: >
> backup-server.bersche.com[172.18.172.106]: 554 5.7.1
> <emailalert at external.com>: Relay access denied
>
>
> Given that I can't update the devices to support authenticated email, is
> there a path forward to allow certain known unauthenticated email
> sessions to proceed?  I'd not anticipated this in the update, but found
> that I'd not been getting alerts/updates that I had been before the
> migration and started digging.
>
> Thanks for all the help.  My experience with Postfix is much less than
> Sendmail, and I'm trying to adapt.
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list