The error message NOQUEUE: reject: RCPT from ool-4355399b.dyn.optonline.net[67.85.57.155]: 454 4.7.1 indicates Postfix is refusing to relay mail to external domains (yahoo.com in this case) from unauthorized clients.
Two primary configuration problems stand out:
mynetworks_style = host
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf list.ex-mailer.com
The mynetworks_style = host setting is too restrictive. Change to:
mynetworks = 127.0.0.0/8, 67.85.57.155/32
mynetworks_style = subnet
Or for testing purposes only:
mynetworks = 0.0.0.0/0
The MySQL-based relay configuration appears correct but needs verification. Test the query manually:
mysql -u doughnuts -p postfix -e "SELECT domain FROM domain WHERE domain='telecomm.com'"
Ensure the virtual mailbox domains are properly defined:
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
For authenticated relaying, verify your Dovecot SASL configuration:
# /usr/local/etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Use swaks for comprehensive SMTP testing:
swaks --to recipient@example.com --from user@telecomm.com --server localhost --port 587 --auth LOGIN --auth-user user@telecomm.com --auth-password 'password' --tls
- Verify MySQL connection credentials in all .cf files
- Check Postfix permissions:
postfix check - Test DNS resolution for your domains
- Review mail logs in real-time:
tail -f /var/log/maillog
The error NOQUEUE: reject: RCPT from ool-4355399b.dyn.optonline.net[67.85.57.155]: 454 4.7.1 indicates Postfix is refusing to relay mail for external domains when the client isn't authenticated or listed in permitted networks.
Your current setup has several potential issues:
# Problematic configurations
mynetworks_style = host # Too restrictive
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf list.ex-mailer.com
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Here's how to properly configure relay permissions:
Option 1: Expand mynetworks
# /usr/local/etc/postfix/main.cf
mynetworks = 127.0.0.0/8, 67.85.57.155/32
mynetworks_style = subnet # More flexible than 'host'
Option 2: Proper SASL Authentication
For authenticated relaying, ensure Dovecot SASL is properly configured:
# /usr/local/etc/postfix/main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
Option 3: Relax Relay Restrictions
For testing purposes only, you could temporarily modify restrictions:
# Testing configuration (not recommended for production)
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_invalid_hostname,
warn_if_reject reject_unauth_destination,
permit
Verify your MySQL relay domains configuration works correctly:
# Test MySQL query manually
mysql -u doughnuts -p postfix -e "SELECT domain FROM domain WHERE domain='telecomm.com' AND backupmx='0' AND active='1'"
Enable detailed logging to diagnose the exact rejection point:
# /usr/local/etc/postfix/main.cf
debug_peer_level = 2
debug_peer_list = 67.85.57.155
smtpd_verbose = yes
For a secure production setup, combine these elements:
# Secure production configuration
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
Use these commands to verify your setup:
# Check Postfix configuration
postconf -n
postmap -q telecomm.com mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
# Test SMTP authentication
telnet localhost 25
EHLO example.com
MAIL FROM: <test@telecomm.com>
RCPT TO: <external@example.com>