SMTP Authentication is a scheme which was introduced in 1999 by J. Myers of Netscape Communications and finally released as RFC 2554 (“SMTP Service Extension for Authentication”). It is partly based on the SMTP Service Extensions as defined in RFC 1869.
Using SMTP Authentication activated both on server and client, you can send email from anywhere, everywhere, even from mars. As long as authenticated, you can relay access to the smtp server.
However, there are some softwares or application which does not support SMTP Authentication like Mailman mailing list manager. If you send an email to the mailing list, the sender will be detected as “email@example.com”. This email address is not a valid account so Mailman will not be authenticated to send your email and ‘Relay access denied’ will be logged.
The only way to solve this problem is by bypassing the SMTP Auth and here are how to bypass SMTP-Authentication on Postfix (My email server is using Postfix as the MTA). We will allow relay access based-on ip address.
a. Edit /etc/postfix/main.cf and insert list of ip addresses or in CIDR format to ‘mynetworks’ option. On my case, allowing Mailman to relay to localhost (127.0.0.1/32). You can add some other ip addresses as needed.
mynetworks = 127.0.0.1/32, 203.153.xx.xx/29, 203.153.xxx.xxx/32
b. Still in the main.cf, put ‘permit_mynetworks’ value in the first order of ‘smtpd_recipient_restrictions’. You must set it in the first order, otherwise Relay access denied will be logged. Here is mine:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unauth_destination, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.ahbl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.anti-spam.org.cn, check_policy_service unix:postgrey/socket, permit
c. Reload postfix and test to send email without smtp authentication from the networks/ip addresses you have specified in ‘mynetworks’ above to domains other than the domains that already registered in your mail server.
Your email should be sent and no ‘Relay access denied’ logged.