On Sat, 28 Feb 2009, Big Pizzle wrote: > On Sat, Feb 28, 2009 at 11:47 AM, Sahil Tandon <[email protected]> wrote: > > > On Sat, 28 Feb 2009, Big Pizzle wrote: > > > > > Hi all, > > > > > > I've just set up Postfix 2.3.3 to authenticate against a MySQL database > > to > > > support Virtual Domains, and I'm able to send mail to any domain which > > > Postfix knows about, but when I send an e-mail to an outside address such > > as > > > hotmail, yahoo, etc. I get the following error message in the logs: > > > > > > Feb 27 22:09:52 juter1 postfix/smtpd[27104]: NOQUEUE: reject: RCPT from > > > h-68-167-178-13.snid.cod.net[xx.xxx.xxx.xx]: 554 5.7.1 < > > [email protected]>: > > > Relay access denied; from=<[email protected]> to=<[email protected]> > > > proto=SMTP helo=<homebase> > > > > If you're going to obfuscate the IP, at least take care to similarly cloak > > your client's hostname! > > > > % host h-68-167-178-13.snid.cod.net > > h-68-167-178-13.snid.cod.net has address 82.98.86.161 > > > > Thanks, but that isn't my IP - guess I did a pretty good job eh? If you > want me to point out WHERE you can find my IP, it's in the first portion of > that hostname - cod.net isn't my provider. :)
Why obfuscate your *covad* IP when it is in the hostname? > > > Here are my main.cf configs: > > > > Instead, follow the directions in the DBEUG_README, and paste the output of > > 'postconf -n'. > > > alias_maps = > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > disable_vrfy_command = yes > html_directory = no > inet_interfaces = localhost, $myhostname $myhostname is not an interface. See: http://www.postfix.org/postconf.5.html#inet_interfaces > invalid_hostname_reject_code = 450 > local_transport = virtual > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > maps_rbl_reject_code = 450 > mydestination = $myhostname, localhost.$mydomain, localhost > myhostname = xxx.yyy.com > mynetworks = 127.0.0.0/8 > newaliases_path = /usr/bin/newaliases.postfix > non_fqdn_reject_code = 450 > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > sample_directory = /usr/share/doc/postfix-2.3.3/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > show_user_unknown_table_name = no > smtpd_helo_required = yes > smtpd_recipient_restrictions = permit_mynetworks > permit_sasl_authenticated reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_exceptions_networks = $mynetworks > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = /var/spool/postfix/private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:10000 > virtual_mailbox_base = /home/vmail > virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf > virtual_mailbox_maps = proxy:mysql:/etc/postfix/ > mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = 10000 > virtual_transport = virtual > virtual_uid_maps = static:10000 > > > > When telnetting to port 25, and issuing the EHLO command, I get the > > > following: > > > > > > 250-jupiter1.national.com > > > 250-PIPELINING > > > 250-SIZE 10240000 > > > 250-ETRN > > > 250-ENHANCEDSTATUSCODES > > > 250-8BITMIME > > > 250 DSN > > > > > > I don't see anywhere where it shows what authentication mechanism I am > > > using. Could this be the issue? I want people to be required to > > > authenticate if they are going to be sending mail from this server to > > > external addresses. 'My Server Requires Authentication' is checked in my > > > mail client. > > > > Your server appears configured to support SASL but not TLS (following EHLO, > > it does not announce STARTTLS support to the SMTP client). You need to > > show > > your postconf output, specifically the smtpd_mumble_restrictions, which is > > where you can require SASL authentication to relay mail externally. From > > your question, I suspect you are conflating SASL and TLS. See: > > http://www.postfix.org/TLS_README.html > > http://www.postfix.org/SASL_README.html > > > It was my understanding that TLS was for secure connections - do I need TLS > as well in order for SASL to work? Nay, but don't look for special announcements after EHLO to tell you that the server supports SASL. Testing SASL setup on the server is documented in the link I pasted above. Here it is again, this time with a specific section: http://www.postfix.org/SASL_README.html#server_test -- Sahil Tandon <[email protected]>
