Do I need to Setup Transport Maps?

kiekar

Hello,

I’m trying to relay mail from my web server with postfix installed to my mailcow mail server on the same network internally and externally which is not working. The only time it works is when I send a test email to myself

When I send a test email from the webserver I reseive replay to my email account with 5.7.1 This message does not meet our delivery requirements.

Rspamd shows the email as rejected

postfix-mailcow-1 | Apr 27 11:37:59 d31e86ec352b postfix/postscreen[1080]: CONNECT from [172.16.0.11]:45420 to [172.22.1.253]:25 postfix-mailcow-1 | Apr 27 11:37:59 d31e86ec352b postfix/postscreen[1080]: ALLOWLISTED [172.16.0.11]:45420 postfix-mailcow-1 | Apr 27 11:37:59 d31e86ec352b postfix/smtpd[1083]: connect from unknown[172.16.0.11] postfix-mailcow-1 | Apr 27 11:37:59 d31e86ec352b postfix/smtpd[1083]: Anonymous TLS connection established from unknown[172.16.0.11]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 postfix-mailcow-1 | Apr 27 11:37:59 d31e86ec352b postfix/smtpd[1083]: 7BB7162CEC: client=unknown[172.16.0.11] postfix-mailcow-1 | Apr 27 11:37:59 d31e86ec352b postfix/cleanup[1085]: 7BB7162CEC: message-id=<20250427153758.EED2C260152@cit-serv1.domain> postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/cleanup[1085]: 7BB7162CEC: milter-reject: END-OF-MESSAGE from unknown[172.16.0.11]: 5.7.1 This message does not meet our delivery requirements; from=<karl@domain> to=<karl@gmail.com> proto=ESMTP helo=<serv1.domain> postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/smtpd[1083]: disconnect from unknown[172.16.0.11] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7 postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/postscreen[1080]: CONNECT from [172.16.0.11]:45436 to [172.22.1.253]:25 postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/postscreen[1080]: ALLOWLISTED [172.16.0.11]:45436 postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/smtpd[1083]: connect from unknown[172.16.0.11] postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/smtpd[1083]: Anonymous TLS connection established from unknown[172.16.0.11]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/smtpd[1083]: 295FD62CEC: client=unknown[172.16.0.11] postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/cleanup[1085]: 295FD62CEC: message-id=<20250427153802.186FA2604ED@serv1.domain> postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/qmgr[359]: 295FD62CEC: from=<>, size=2953, nrcpt=1 (queue active) postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/smtpd[1083]: disconnect from unknown[172.16.0.11] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/lmtp[1086]: 295FD62CEC: to=<karl@domain>, relay=dovecot[172.22.1.250]:24, delay=0.5, delays=0.31/0.01/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 <karl@domain> QBLmHFpPDmhkKgAAVBNXAQ Saved) postfix-mailcow-1 | Apr 27 11:38:02 d31e86ec352b postfix/qmgr[359]: 295FD62CEC: removed
below is my postfix configuration on my web server

TLS parameters

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = serv1.domain.com
mydomain = domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = $mydomain
mydestination = $myhostname, localhost.localdomain, localhost
relayhost = [172.16.0.20]
mynetworks = 127.0.0.0/8 172.22.1.0/24 10.10.0.0/24 192.168.10.0/24 172.16.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = ipv4

outbound relay configurations

#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_security_options = noanonymous
#smtp_tls_security_level = may
#header_size_limit = 4096000
`
Do I need to setup Transport Maps to receive relayed email from my webserver?

Any help would be much appreciated

esackbauer

kiekar MESSAGE from unknown[172.16.0.11]: 5.7.1 This message does not meet our delivery requirements;

You need to add your internal web server (I guess it runs on 172.16.0.11) to the “forwarding hosts” in mailcows Admin UI.
If thats not enough add this IP to the postscreen whitelist.

For sending, create a sender dependent transport in Admin UI, and assign it to each domain.

ETNyx

Hello,

I would suggest to use those commented sasl directive and this way use your postfix as “a client”.

kiekar

esackbauer Thanks for your suggestion. It worked perfectly!