Relay acces denied with permit_tls_clientcerts

Mon, 28 Sep 2009 05:20:15 -0700 

Hi, 
i recently tried to install a postfix server with TLS and client 
authentication required. Testing the installation with Thunderbird 
looked good: server certificate show, client certificate requested and 
postfix log shows TLS OK but finaly I got the message 5.7.1 Relay 
access denied. 


postconf -n 
========= 
alias_database = hash:/etc/aliases 
alias_maps = hash:/etc/aliases 
append_dot_mydomain = no 
biff = no 
config_directory = /etc/postfix 
inet_interfaces = all 
mailbox_size_limit = 0 
mydestination = hostname.com, nas, localhost.localdomain, localhost 
myhostname = my.hostname.com 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 
readme_directory = no 
recipient_delimiter = + 
relay_clientcerts = hash:/etc/postfix/relay_clientcert 
relayhost = [smtp.gmail.com]:587 
smtp_enforce_tls = yes 
smtp_sasl_auth_enable = yes 
smtp_sasl_password_maps = hash:/etc/postfix/password 
smtp_sasl_security_options = 
smtp_tls_CAfile = /etc/postfix/cacert.pem 
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) 
smtpd_client_restrictions = permit_tls_clientcerts, permit_mynetworks, 
reject_unauth_destination 
smtpd_tls_CAfile = /etc/postfix/cacert.pem 
smtpd_tls_ask_ccert = yes 
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 
smtpd_tls_fingerprint_digest = sha1 
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key 
smtpd_tls_loglevel = 1 
smtpd_tls_req_ccert = yes 
smtpd_tls_security_level = encrypt 
smtpd_tls_session_cache_database = btree:${data_directory}/ 
smtpd_scache 
========= 


log entry: 
========= 
Sep 25 10:38:58 nas postfix/smtpd[18263]: connect from unknown 
[78.142.185.79] 
Sep 25 10:38:58 nas postfix/smtpd[18263]: setting up TLS connection 
from unknown[78.142.185.79] 
Sep 25 10:39:06 nas postfix/smtpd[18263]: unknown[78.142.185.79]: 
Trusted: subject_CN=Stefan Selbitschka, issuer=QV Schweiz ICA, 
fingerprint=71:4C:85:$ 
Sep 25 10:39:06 nas postfix/smtpd[18263]: Trusted TLS connection 
established from unknown[78.142.185.79]: TLSv1 with cipher DHE-RSA- 
AES256-SHA (256/25$ 
Sep 25 10:39:06 nas postfix/smtpd[18263]: NOQUEUE: reject: RCPT from 
unknown[78.142.185.79]: 554 5.7.1 <stefa...@gmx.at>: Relay access 
denied; from=<s$ 
Sep 25 10:39:30 nas postfix/smtpd[18263]: lost connection after RCPT 
from unknown[78.142.185.79] 
Sep 25 10:39:30 nas postfix/smtpd[18263]: disconnect from unknown 
[78.142.185.79] 
========= 


relay_clientcert: 
========= 
71:4C:85:2B:B8:1E:60:3C:66:A0:DC:BB:7A:66:23:03:51:50:A7:12     OK 
========= 


thanks for help 


best regards 


stefan

Reply via email to