On Sat, Feb 28, 2009 at 11:47 AM, Sahil Tandon <[email protected]> wrote:
> On Sat, 28 Feb 2009, Big Pizzle wrote: > > > Hi all, > > > > I've just set up Postfix 2.3.3 to authenticate against a MySQL database > to > > support Virtual Domains, and I'm able to send mail to any domain which > > Postfix knows about, but when I send an e-mail to an outside address such > as > > hotmail, yahoo, etc. I get the following error message in the logs: > > > > Feb 27 22:09:52 juter1 postfix/smtpd[27104]: NOQUEUE: reject: RCPT from > > h-68-167-178-13.snid.cod.net[xx.xxx.xxx.xx]: 554 5.7.1 < > [email protected]>: > > Relay access denied; from=<[email protected]> to=<[email protected]> > > proto=SMTP helo=<homebase> > > If you're going to obfuscate the IP, at least take care to similarly cloak > your client's hostname! > > % host h-68-167-178-13.snid.cod.net > h-68-167-178-13.snid.cod.net has address 82.98.86.161 > Thanks, but that isn't my IP - guess I did a pretty good job eh? If you want me to point out WHERE you can find my IP, it's in the first portion of that hostname - cod.net isn't my provider. :) > > > Here are my main.cf configs: > > Instead, follow the directions in the DBEUG_README, and paste the output of > 'postconf -n'. alias_maps = broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = localhost, $myhostname invalid_hostname_reject_code = 450 local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_reject_code = 450 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = xxx.yyy.com mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 450 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop show_user_unknown_table_name = no smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:10000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/ mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 10000 virtual_transport = virtual virtual_uid_maps = static:10000 > > > > When telnetting to port 25, and issuing the EHLO command, I get the > > following: > > > > 250-jupiter1.national.com > > 250-PIPELINING > > 250-SIZE 10240000 > > 250-ETRN > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250 DSN > > > > I don't see anywhere where it shows what authentication mechanism I am > > using. Could this be the issue? I want people to be required to > > authenticate if they are going to be sending mail from this server to > > external addresses. 'My Server Requires Authentication' is checked in my > > mail client. > > Your server appears configured to support SASL but not TLS (following EHLO, > it does not announce STARTTLS support to the SMTP client). You need to > show > your postconf output, specifically the smtpd_mumble_restrictions, which is > where you can require SASL authentication to relay mail externally. From > your question, I suspect you are conflating SASL and TLS. See: > http://www.postfix.org/TLS_README.html > http://www.postfix.org/SASL_README.html It was my understanding that TLS was for secure connections - do I need TLS as well in order for SASL to work? > > > -- > Sahil Tandon <[email protected]> >
