Google Compute Services VM and mailman

Bill R asked:

I have a VM with Google running mailman 2.1.29 and it is rejecting inbound emails quoting the Google Compute Services name (new-xxxx.c.agile-being-nnnnnn.internal) and "Relay access denied". The hostname has been set to the active DNS name and /etc/hosts file reflects the same. But I cannot figure out where it is getting the "agile-being" name from.

Thanks for any suggestions!

Additional Details: OS = Rocky 8.4, SMTP = Postfix 3.5.8

[Log extract]

Jul 20 19:33:57 myhosts postfix/smtpd[207044]: 23FCD80062C8: client=mail-oi1-f182.google.com[209.85.167.182]
Jul 20 19:33:57 myhosts postfix/cleanup[207052]: 23FCD80062C8: message-id=<CACRzxksX7et7g68YEddA7fz92LqAswLKNtLM+CaX0EmXg0y
[email protected]>
Jul 20 19:33:57 myhosts postfix/qmgr[207037]: 23FCD80062C8: from=<[email protected]>, size=3610, nrcpt=1 (queue a
ctive)
Jul 20 19:33:57 myhosts postfix/smtpd[207044]: disconnect from mail-oi1-f182.google.com[209.85.167.182] ehlo=2 starttls=1 m
ail=1 rcpt=1 bdat=1 quit=1 commands=7
Jul 20 19:33:57 myhosts postfix/local[207053]: 23FCD80062C8: to=<[email protected]>, relay=local, delay=0.66, delays=0.56/0.01/
0/0.09, dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman post myhosts)
Jul 20 19:33:57 myhosts postfix/qmgr[207037]: 23FCD80062C8: removed
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: connect from localhost[::1]
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<myhosts.org>
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: disconnect from localhost[::1] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
Jul 20 19:33:59 myhosts postfix/smtpd[207044]: connect from localhost[::1]
Jul 20 19:34:00 myhosts postfix/smtpd[207044]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<myhosts.org>
Jul 20 19:34:00 myhosts postfix/smtpd[207044]: disconnect from localhost[::1] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5

[main.cf]

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
mydomain = myhosts.org
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
smtpd_banner = myhosts.org ESMTP Server
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:2525
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    check_client_access hash:/etc/postfix/helo_client_exceptions,
    check_sender_access      hash:/etc/postfix/sender_checks,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    check_client_access hash:/etc/postfix/rbl_client_exceptions,
    reject_unknown_hostname,
    reject_unknown_client,
    reject_unverified_recipient,
    reject_unverified_sender,
    reject_rbl_client bl.spamcop.net,
    reject_rhsbl_client rhsbl.sorbs.net,
    reject_rbl_client dul.dnsbl.sorbs.net
smtpd_enforce_tls                = no
smtpd_tls_loglevel               = 1
smtpd_use_tls                    = yes
smtpd_discard_ehlo_keywords =

My answer:


The mynetworks setting should contain the IP addresses for localhost, but someone has deleted the primary address for localhost, ::1, from the list. Restore this setting.

For example:

mynetworks = [::1]/128, 127.0.0.0/8

The mynetworks setting may also be removed entirely. In this case trusted networks will be localhost and those on the same LAN as your host (in GCE, those VMs sharing a VPC network).


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.