Thanks Michael, Marcel, Lukasz for your help.
I've read this http://www.postfix.org/uce.html, indeed the problem seemed to be
at reject_unauth_destination at the beginning.
With this conf.:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
check_recipient_access regexp:/etc/postfix/mailboxfull,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
permit
Everything works nicely with or without SMTP-AUTH activation on the client.
Best wishes,
Leon
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lukasz Marciniak
Sent: Monday, July 25, 2005 9:08 PM
To: [email protected]
Subject: Re: [Web-cyradm] Changed servername problems
Marcel Hartmann wrote:
> Hi all,
>
> [EMAIL PROTECTED] wrote:
>
>>Hello,
>
> 554 <[EMAIL PROTECTED]>: Relay access denied;
> from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
>
> You have in your main.cf:
> smtpd_recipient_restrictions = reject_unauth_destination,[..]
>
> From postfix documentation:
> reject_unauth_destination
> Reject the request unless one of the following is true:
> * the resolved destination address matches $relay_domains or
> a subdomain thereof, and the address contains no sender-specified
> routing ([EMAIL PROTECTED]@domain),
> * Postfix is the final destination: any destination that
> matches $mydestination, $inet_interfaces, $virtual_alias_domains, or
> $virtual_mailbox_domains.
> The relay_domains_reject_code parameter specifies the response
> code for rejected requests (default: 554).
>
> First condition isn't true because you have no relay_domains in
> main.cf Second condition isn't true because you your postfix isn't MX
> for hotmail.com domain i gues.
>
> Please read this http://www.postfix.org/uce.html
>
> rgds,
> Lukasz
>
> Should be the permit_sasl_autenticated at the top of the list?
> Then if he is authenticated whithin pam_mysql he can relay mails.
>
Good point :-)
Here is example from one of my servers:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_unauth_destination,
check_recipient_access regexp:/etc/mail/recipient_checks,
check_policy_service unix:private/policy,
check_sender_access hash:/etc/mail/sender_ok,
check_helo_access hash:/etc/mail/helo_checks,
check_client_access regexp:/etc/mail/client_ip_checks_regexp,
check_client_access hash:/etc/mail/client_ip_checks,
check_client_access hash:/etc/mail/client_ip_unknown,
check_client_access hash:/etc/mail/client_checks,
check_sender_access hash:/etc/mail/sender_checks,
permit
And also any-spoof (one user can't write email with source email adrress of
other user):
smtpd_sender_login_maps = mysql:/etc/mail/mysql-owner.cf
in mysql-owner.cf:
select_field = username
where_field = alias
additional_conditions = and status > '0'
rgds,
Lukasz
_______________________________________________
This mailing list is hosted and supported by bit-heads GmbH |
http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm