Activating DKIM causes Relay access denied

2 posts / 0 new
Last post
#1 Tue, 03/19/2019 - 14:42
nate

Activating DKIM causes Relay access denied

So I've spent this week preparing a new server to transfer my current sites over to however like always when you think it's going well you always run into problems. I've spent all day looking around google for answers to fix the following with no luck...

When I active DKIM on my server it breaks the ability to send emails from Usermin, while I can still send emails from apple mail over SMTP and receive incoming emails on both usermin throws back the following error when I attempt to send emails:

Failed to send mail : SMTP command rcpt to: <nate@recipientemail.co.uk> failed : 554 5.7.1 <nate@recipientemail.co.uk>: Relay access denied

Then in my mail log i get this:

Mar 19 19:00:33 server1 postfix/smtpd[3258]: NOQUEUE: reject: RCPT from server1.exampledomain.co.uk[116.203.119.3]: 554 5.7.1 <nate@recipientemail.co.uk>: Relay access denied; from=<nate@exampledomain.co.uk> to=<nate@recipientemail.co.uk> proto=SMTP helo=<server1.exampledomain.co.uk>
Mar 19 19:00:33 server1 postfix/smtpd[3258]: lost connection after RCPT from server1.exampledomain.co.uk[116.203.119.3]
Mar 19 19:00:33 server1 postfix/smtpd[3258]: disconnect from server1.exampledomain.co.uk[116.203.119.3] helo=1 mail=1 rcpt=0/1 commands=2/3

I've updated my DNS with the DKIM record but when I use mxtoolbox it is quite happy with it but when sending an email to https://dkimvalidator.com it comes up with:

0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid

Now I've checked Cloudflare and I've checked my server and both DNS look to be the same for DKIM I've changed it multiple times and restarted with no change.

Can anyone show some light in this as I don't seem to be making any progress now?

Tue, 03/19/2019 - 14:45
nate

Just in case this is of any use here's my main.cf for postfix...

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.


myhostname = server1.exampledomain.co.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, server1.exampledomain.co.uk, localhost.exampledomain.co.uk, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_tls_security_level = dane
allow_percent_hack = no
mynetworks_style = subnet
smtpd_tls_security_level = may
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891