Hello, A question concerning SASL in Postfix. SASL works fine when I test it locally on the Postfix server, but if I am trying to authenticate to the server remotely, I see the following log messages:
smtp postfix/smtpd[14090]: >>> START Client host RESTRICTIONS <<< smtp postfix/smtpd[14090]: generic_checks: name=permit_sasl_authenticated smtp postfix/smtpd[14090]: generic_checks: name=permit_sasl_authenticated status=1 smtp postfix/smtpd[14090]: >>> START Recipient address RESTRICTIONS <<< smtp postfix/smtpd[14090]: generic_checks: name=permit_mynetworks smtp postfix/smtpd[14090]: permit_mynetworks: hostname.net 192.168.0.78 smtp postfix/smtpd[14090]: match_hostname: hostname.net ~? 127.0.0.0/8 smtp postfix/smtpd[14090]: match_hostaddr: 192.168.0.78 ~? 127.0.0.0/8 smtp postfix/smtpd[14090]: match_list_match: hostname.net: no match smtp postfix/smtpd[14090]: match_list_match: 192.168.0.78: no match smtp postfix/smtpd[14090]: generic_checks: name=permit_mynetworks status=0 smtp postfix/smtpd[14090]: generic_checks: name=reject_unauth_destination smtp postfix/smtpd[14090]: reject_unauth_destination: evgeniy.arba...@somedomain.net smtp postfix/smtpd[14090]: permit_auth_destination: evgeniy.arba...@somedomain.net smtp postfix/smtpd[14090]: ctable_locate: leave existing entry key evgeniy.arba...@somedomain.net smtp postfix/smtpd[14090]: NOQUEUE: reject: RCPT from hostname.net[192.168.0.78]: 554 5.7.1 <evgeniy.arba...@somedomain.net>: Relay access denied; from=<earba...@somedomain.net> to=<evgeniy.arba...@somedomain.net> proto=ESMTP helo=<[192.168.0.78]> smtp postfix/smtpd[14090]: generic_checks: name=reject_unauth_destination status=2 smtp postfix/smtpd[14090]: > hostname.net[192.168.0.78]: 554 5.7.1 <evgeniy.arba...@somedomain.net>: Relay access denied smtp postfix/smtpd[14090]: < hostname.net[192.168.0.78]: QUIT It appears that Postfix is trying to check smtpd_recipient_restrictions and mynetworks, although SASL authentication is successful(?) However, I want clients to authenticate from any IP address This is my $postconf -n: disable_vrfy_command = yes inet_interfaces = all local_recipient_maps = local_transport = error:no local mail delivery mydomain = somedomain.net myhostname = smtp.somedomain.net mynetworks = 127.0.0.0/8 show_user_unknown_table_name = no smtpd_client_restrictions = permit_sasl_authenticated, reject smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_tls_loglevel = 1 smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport This is a part of master.cf: 10.1.1.102:587 inet n - n - - smtpd -v -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes Note: TLS is working and the connection is being encrypted Can you tell me, why am I not able to relay mail through this server? Thank you in advance! Regards, Evgeniy
