Reindl Harald <[email protected]> wrote: > Am 25.12.2013 18:26, schrieb Andreas Meyer:> Reindl Harald > <[email protected]> wrote: > > > >> Am 25.12.2013 15:29, schrieb Andreas Meyer: > >>> If I define $rcmail_config['smtp_server'] = '78.47.3.18'; instead of > >>> $rcmail_config['smtp_server'] = ''; the users get a Relay access denied. > >>> > >>> Whereby Roundcube takes the first IP of the subnet 78.47.3.17 and I > >>> assume, this is the reason for the denied access. > >> > >> youndcube does take nothing > >> 78.47.3.17 is the IP from which roundcube connects to the mailserver
why? 78.47.3.17 is not known by any mailservice at the host. Just because it is not blocked at the firewall? # netstat -pantu |grep master tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.18:587 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.19:587 0.0.0.0:* LISTEN 2246/master tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 2246/master tcp 0 0 213.239.207.165:587 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.18:465 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.19:465 0.0.0.0:* LISTEN 2246/master tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN 2246/master tcp 0 0 213.239.207.165:465 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.22:25 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.21:25 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.18:25 0.0.0.0:* LISTEN 2246/master tcp 0 0 78.47.3.19:25 0.0.0.0:* LISTEN 2246/master tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2246/master tcp 0 0 213.239.207.165:25 0.0.0.0:* LISTEN 2246/master > > The Relay access denied only happens when I set > > $rcmail_config['smtp_server'] = '78.47.3.18'; > > > > This is necessary so that Roundcube connects to the smtpd running > > in the same host instead of connecting directly to the pickup of > > postfix. The reason is the smtpd_restriction_classes restriction > > of postfix to work. > > *SMTP authentication* > > nobody should ever send any single message to be relayed without user/password > why? because you have no clue which clients account was hacked in case of spam > and you can do *nothing* to stop it without kill the whole service > > // SMTP server host (for sending mails) > $rcmail_config['smtp_server'] = 'tls://your-mailserver'; $rcmail_config['smtp_server'] = '78.47.3.18'; > // SMTP port (default is 25; 465 for SSL) > $rcmail_config['smtp_port'] = 587; the clients submit on port 25. Why do I get a Relay access denied? The clients are authenticated per login with username and password and are allowed to relay per SASL. It works as soon Roundube connetcs with $rcmail_config['smtp_server'] = ''; > // SMTP username (if required) if you use %u as the username Roundcube will > use the current username for login > $rcmail_config['smtp_user'] = '%u'; > > // SMTP password (if required) if you use %p as the password Roundcube will > use the current user's password for login > $rcmail_config['smtp_pass'] = '%p'; > > // SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use best > server supported one) > $rcmail_config['smtp_auth_type'] = 'PLAIN'; > > >>> Dec 25 15:14:47 delta anup/smtpd[32664]: connect from > >>> sites.anup.de[78.47.3.17] > >>> Dec 25 15:14:47 delta anup/smtpd[32664]: NOQUEUE: reject: RCPT from > >>> sites.anup.de[78.47.3.17]: 554 5.7.1 > <[email protected]>: Relay access denied; from=<[email protected]> > to=<[email protected] > >>> Dec 25 15:14:47 delta anup/smtpd[32664]: disconnect from > >>> sites.anup.de[78.47.3.17] > >>> > >>> How do I prevent this? > >> > >> whitelist the roundcube IP on the mailserver or configure SMTP > >> authentication properly > >> roundcube is a mail-client like any other (Outlook, Thunderbird..) > >> so handle it the same way > > > > Connections of other MUAs are no problem. > > hopefully not with authentication Everybody who wants to relay has to authenticate. I thought whith Roundcube this is done as soon someone can login. In every MUA I can specify what outgoing SMTP-Server and incoming IMAP-Server to use. Where can this be done in Roundube? > > How do I tell Roundcube > > to connect to the MTA with 78.47.3.18 instead of 78.47.3.17, which > > is no IP known to the MTA or known in virtual_mailbox_domains? > > please learn about networking - the outgoing IP is nothing you tell roundcube > it is your TCP stack! You tell me if I specify $rcmail_config['smtp_server'] = '78.47.3.18'; users are not allowed to send, but they are authenticated. Why does the problem not occure if I set $rcmail_config['smtp_server'] = ''; ? 78.47.3.18 is known to the mailserver as a virtual_mailbox_domains I do not understand what is happening. Andreas _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
