I have recently migrated my lists from an old mailman2 server to a new mailman3 server. The new server is named listservnew and the old server is called lists. Everything is working on the new server using the new name, but after changing the DNS of lists to point to the new server, I am getting Relay Access Denied. We are running this through an F5 and the RCPT from unknown is the F5 IP address. When I add that IP to the main.cf under mynetworks, I get a different error.
Error before changing main.cf: 2025-07-20T22:14:30.381945-05:00 lstprdls01 postfix/smtpd[3713490]: NOQUEUE: reject: RCPT from unknown[10.18.3.105]: 454 4.7.1 <joetest@lists.luc.edu>: Relay access denied; from=<jkoral@luc.edu> to=<joetest@lists.luc.edu> proto=ESMTP helo=<DM1PR04CU001.outbound.protection.outlook.com>
Error after adding F5 IP to mynetworks: 2025-07-22T11:27:13.885111-05:00 lstprdls01 postfix/smtp[174935]: AB1C11C0229: to=<joetest@lists.luc.edu>, relay=lists.luc.edu[147.126.1.184]:25, delay=0.16, delays=0.11/0.01/0.04/0, dsn=5.4.6, status=bounced (mail for lists.luc.edu loops back to myself)
Any help would be greatly appreciated.
On 7/22/25 9:47 AM, jkoral@luc.edu wrote:
Error before changing main.cf: 2025-07-20T22:14:30.381945-05:00 lstprdls01 postfix/smtpd[3713490]: NOQUEUE: reject: RCPT from unknown[10.18.3.105]: 454 4.7.1 <joetest@lists.luc.edu>: Relay access denied; from=<jkoral@luc.edu> to=<joetest@lists.luc.edu> proto=ESMTP helo=<DM1PR04CU001.outbound.protection.outlook.com>
Error after adding F5 IP to mynetworks: 2025-07-22T11:27:13.885111-05:00 lstprdls01 postfix/smtp[174935]: AB1C11C0229: to=<joetest@lists.luc.edu>, relay=lists.luc.edu[147.126.1.184]:25, delay=0.16, delays=0.11/0.01/0.04/0, dsn=5.4.6, status=bounced (mail for lists.luc.edu loops back to myself)
Any help would be greatly appreciated.
Is Postfix configured per https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht...
What is the output from postconf -n?
What is the content of Mailman's var/data/postfix_lmtp? In particular, are the domains of the list addresses lists.luc.edu and not listservnew.luc.edu?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
lstprdls01:/var/log # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no compatibility_level = 3.6 inet_interfaces = all inet_protocols = all local_recipient_maps = hash:/opt/mailman/mm/var/data/postfix_lmtp mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, listservnew.luc.edu lists.luc.edu myhostname = lstprdls01.svr.luc.edu mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname owner_request_special = no readme_directory = no recipient_delimiter = + relay_domains = hash:/opt/mailman/mm/var/data/postfix_domains relayhost = smtp_tls_ciphers = high smtpd_tls_ciphers = high smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2 smtpd_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_mandatory_protocols = !TLSv1.1 TLSv1.2 TLSv1.3 tls_high_cipherlist = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 transport_maps = hash:/opt/mailman/mm/var/data/postfix_lmtp unknown_local_recipient_reject_code = 550
So, you helped me with this before and I think I got the mail to go through now, but now I am getting a different error, which I think may have to do with the aliases. The old server is using lists.luc.edu and the new server is using listservnew.luc.edu, but we still want people to use lists.luc.edu, but it be forwarded to the new server. I am getting this now. 2025-07-22T12:16:14.551521-05:00 lstprdls01 postfix/smtpd[190496]: NOQUEUE: reject: RCPT from unknown[10.18.3.105]: 550 5.1.1 <joetest@lists.luc.edu>: Recipient address rejected: User unknown in local recipient table; from=<jkoral@luc.edu> to=<joetest@lists.luc.edu> proto=ESMTP helo=<DM1PR04CU001.outbound.protection.outlook.com>
- On 7/22/25 19:26, Mihai Moldovan wrote:
- On 7/22/25 19:22, jkoral@luc.edu wrote:
lstprdls01:/var/log # postconf -n [...] mydestination = $myhostname, localhost.$mydomain, listservnew.luc.edu lists.luc.edu ^
My initial idea was that a comma might be missing at the location the caret points to, but the postfix documentation says "Specify a list of host or domain names, "/file/name" or "type:table" patterns, separated by commas and/or whitespace", so using whitespace (only) is not an issue.
Ignore my previous recommendation.
Mihai
Here is what I have in postfox_lmtp. Do I need to add another line for joetest@lists.luc.edu as well?
joetest@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-bounces@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-confirm@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-join@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-leave@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-owner@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-request@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-subscribe@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-unsubscribe@listservnew.luc.edu lmtp:[127.0.0.1]:8024
On 7/22/25 10:25 AM, jkoral@luc.edu wrote:
Here is what I have in postfox_lmtp. Do I need to add another line for joetest@lists.luc.edu as well?
joetest@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-bounces@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-confirm@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-join@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-leave@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-owner@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-request@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-subscribe@listservnew.luc.edu lmtp:[127.0.0.1]:8024 joetest-unsubscribe@listservnew.luc.edu lmtp:[127.0.0.1]:8024
If you want to address the lists @lists.luc.edu, the list names should be, e.g. joetest@lists.luc.edu, not joetest@listservnew.luc.edu.
If you want to be able to use either domain for list mail, that's more involved. If you want this, say so and as I have time I can make suggestions., but I suspect you really only want to use the lists.luc.edu domain.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark, we would really like to use both lists.luc.edu and listservnew.luc.edu. Is that possible?
jkoral@luc.edu wrote on 2025-07-22 11:11:
we would really like to use both lists.luc.edu and listservnew.luc.edu. Is that possible?
It is possible, and since it's impossible to get 100% of users to update all future mail to the new list, it's desirable.
Is the old server still handling mail for your domain in any capacity? Depending on how mail is routed would determine where the following stuff would go.
On the server's postfix settings, in a canonical mapping file (aka $your_file_name), something like this (from my new server):
## talk mailing list talk@gtalug.org talk@lists.gtalug.org ## talk-admin@gtalug.org talk-admin@lists.gtalug.org talk-bounces@gtalug.org talk-bounces@lists.gtalug.org talk-confirm@gtalug.org talk-confirm@lists.gtalug.org talk-join@gtalug.org talk-join@lists.gtalug.org talk-leave@gtalug.org talk-leave@lists.gtalug.org talk-owner@gtalug.org talk-owner@lists.gtalug.org talk-request@gtalug.org talk-request@lists.gtalug.org talk-subscribe@gtalug.org talk-subscribe@lists.gtalug.org talk-unsubscribe@gtalug.org talk-unsubscribe@lists.gtalug.org
Be sure to add entries for each list migrated from old to new list.
And be sure to run postmap $your_file_name after creating this file.
In /etc/postfix/main.cf, need to include a reference to $your_file_name something like this:
## BC_RON: redirect mail to, say, talk@gtalug.org to ## talk@lists.gtalug.org: ## ## Invoke the mm2 line when decommissioning Mailman v2 on old server: recipient_canonical_maps = hash:/etc/postfix/recipient_canonical.map, hash:/etc/mailman3/mm2_to_mm3_gtalug.org_to_lists.gtalug.org.map
I found I also had to configure "Acceptable aliases" in "Message Acceptance" in each list's Settings for it to not reject mail to old address with "Implicit destination" errors.
All that should get you pointed in the right direction...
On 7/22/25 11:11 AM, jkoral@luc.edu wrote:
Mark, we would really like to use both lists.luc.edu and listservnew.luc.edu. Is that possible?
I think you can do this and have it completely automated by following the setup at https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht... and setting the alias domain of the listservnew.luc.edu to lists.luc.edu.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (4)
-
jkoral@luc.edu -
Mark Sapiro -
Mihai Moldovan -
Ron