Facebook
Twitter
Hi Everyone,
I have been attempting to setup split delivery from Google Workspace, and while it worked just fine the first day of configuration, I now get a persistent 554 5.7.1 Access Denied Error. I have been racking my brain the last week trying to figure this out and alas, i've just about given up. I am hoping the community can point me in the right direction.
What I am trying to accomplish:
Google:
Google workspace handles my mail for exampledomain1.com, I would like to create additional email boxes for service accounts and what not without incurring additional costs from Google, so my idea was to route mail to any user that does not exist in Google Workspace to my Plesk server, where those additional mailboxes will reside.
I setup the routing rules in Google Workspace to route unknown/catch all to mail.exampledomain1.com:587
Note: Google Split Delivery routing rules does not allow me to specify credentials/auth. So I need to setup no auth email inbound from google's ip.
Postfix
- Access file created: /etc/postfix/smtpd_client_access (Public ip address for gmail and my Home network are listed here)
My main.cf file looks like such:
These are the errors I am receiving when attempting to send mail (no auth) from an IP listed in "/etc/postfix/smtpd_client_access"
smtpd_client_access format (example):
Format is as follows (Example):
35.190.247.0/24 OK
64.233.160.0/19 OK
66.102.0.0/20 OK
66.249.80.0/20 OK
72.14.192.0/18 OK
74.125.0.0/16 OK
108.177.8.0/21 OK
173.194.0.0/16 OK
209.85.128.0/17 OK
216.58.192.0/19 OK
216.239.32.0/19 OK
Would anyone happen to be able to point out where I am going wrong? I appreciate any and all assistance.
Thanks!
I have been attempting to setup split delivery from Google Workspace, and while it worked just fine the first day of configuration, I now get a persistent 554 5.7.1 Access Denied Error. I have been racking my brain the last week trying to figure this out and alas, i've just about given up. I am hoping the community can point me in the right direction.
What I am trying to accomplish:
Google:
Google workspace handles my mail for exampledomain1.com, I would like to create additional email boxes for service accounts and what not without incurring additional costs from Google, so my idea was to route mail to any user that does not exist in Google Workspace to my Plesk server, where those additional mailboxes will reside.
I setup the routing rules in Google Workspace to route unknown/catch all to mail.exampledomain1.com:587
Note: Google Split Delivery routing rules does not allow me to specify credentials/auth. So I need to setup no auth email inbound from google's ip.
Postfix
- Access file created: /etc/postfix/smtpd_client_access (Public ip address for gmail and my Home network are listed here)
My main.cf file looks like such:
These are the errors I am receiving when attempting to send mail (no auth) from an IP listed in "/etc/postfix/smtpd_client_access"
smtpd_client_access format (example):
Format is as follows (Example):
35.190.247.0/24 OK
64.233.160.0/19 OK
66.102.0.0/20 OK
66.249.80.0/20 OK
72.14.192.0/18 OK
74.125.0.0/16 OK
108.177.8.0/21 OK
173.194.0.0/16 OK
209.85.128.0/17 OK
216.58.192.0/19 OK
216.239.32.0/19 OK
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = REDACTED
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.REDACTED.io, localhost, localhost.localdomain
relayhost = [smtp-relay.gmail.com]:587
mynetworks = hash:/etc/postfix/smtpd_client_access
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
tls_server_sni_maps = hash:/var/spool/postfix/plesk/certs
smtpd_use_tls = yes
smtp_use_tls = no
disable_vrfy_command = yes
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
authorized_flush_users =
authorized_mailq_users =
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
message_size_limit = 10240000
virtual_mailbox_limit = 0
smtputf8_enable = no
recipient_canonical_maps = tcp:127.0.0.1:12346
recipient_canonical_classes = envelope_recipient,header_recipient
smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.3
smtpd_tls_protocols = TLSv1.2 TLSv1.3
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH
tls_preempt_cipherlist = yes
smtpd_tls_dh1024_param_file = /opt/psa/etc/dhparams2048.pem
smtpd_sasl_exception_networks = hash:/etc/postfix/smtpd_client_accessWould anyone happen to be able to point out where I am going wrong? I appreciate any and all assistance.
Thanks!
