Hi everyone.
We have been accepting mail for several domains now, and mail has been
coming in successfully from a million different sources to those domains
(as it should!). But now that our pop server is behind a load balancer,
it's saying "relay not permitted". We've fixed this issue in DNS for the
customers whose DNS we control, but it's still a baffling problem.
We have a a pretty standard configuration (the part quoted below is from
the default configuration, I recall), and the server should accept mail
from anywhere that isn't on a DNSBL. It also results in a completely
different error message when it's rejected by a DNSBL, so I don't
understand where this one is coming from.
So here's my configuration. First we have the ACL that actually does the
rejecting:
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
Then the router that does the DNS lookup to determine if we're the real
recipient for that domain:
dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
# deliver mail directly to the recipient. This router is only reached
# for domains that we do not relay for. Since we most probably can't
# have broken MX records pointing to site local or link local IP
# addresses fixed, we ignore target hosts pointing to these addresses.
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
.endif
