On 04/21/10 23:47, mouss wrote: > Oliver Schinagl a écrit : > >> Hello all, >> >> I've been trying to figure out why a new server I setup using postfix >> doesn't allow me to relay messages after I authenticate (using >> cyrus-sasl). It appears then I can authenticate just fine, but when I >> try to send a message, I get a RBL error. I obviously want my ADSL IP >> not to be whitelisted from the sending end (as it's dhcp and just a >> regular adsl ip) but I would have expected that after authentication the >> RBL would be bypassed? >> >> > Show logs that prove your claims: > 1- user was authenticated > 2- relay was denied > > for (1), you should find a line like this: > Apr 21 00:11:06 imlil postfix/smtpd[41827]: 454E8E54888: > client=ouzoud.netoyen.net[82.239.111.75], sasl_method=PLAIN, > sasl_username=mo...@ml.netoyen.net > > Sorry for forgetting,
I can post 2; I'm having troubles finding 1, because I think that's whats going wrong ;) Apr 19 14:30:36 example postfix/smtpd[26549]: connect from xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx] Apr 19 14:30:36 example postfix/smtpd[26549]: NOQUEUE: reject: CONNECT from xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx]: 554 5.7.1 Service unavailable; Client host [xx.xxx.xx.xx] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=xx.xxx.xx.xx; proto=SMTP Apr 19 14:30:36 example postfix/smtpd[26549]: too many errors after CONNECT from xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx] Apr 19 14:30:36 example postfix/smtpd[26549]: disconnect from xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx] What does work however, is if i telnet from my own host (which isn't in the pbl so it makes testing for me really hard (unless I could fake my domain temporarly to be on the pbl?) and AUTH LOGIN and send a message it does work, so sasl_auth must be working right? Apr 21 19:17:42 example postfix/smtpd[27551]: 3A47410E63: client=yyy-yy-ftth.myisp.nl[yyy.yyy.yy.yyy], sasl_method=LOGIN, sasl_username=theuser Either thunderbird isn't trying to auth at all (even though I told it to) or it gets RBLed before it could even try to auth, which is what I'm thinking. My test box, (diff server basically) which is on the pbl normally, is down for maintanance atm (broken nic :S) so all I got is users complaining unable to send mail on the new server, and I can't figure out what I have done wrong. > > >> I thought I pretty much set it up the same way as my older server, which >> accepts my mail just fine! Guess I was wrong, and I can't find the >> differences. >> >> As I've setup my server, I tried to document it as well as possible over >> at the gentoo-wiki; >> >> http://en.gentoo-wiki.com/wiki/Complete_Virtual_Mail_Server >> >> >> The entire postfix server seems to be running excellently as far as I >> can tell, except for not being able to send from remote 'internet' IP's >> that are on the PBL. >> >> Find below my postconf -n (having replaced the real hostname with >> foo.example) >> === >> postconf -n >> biff = no >> broken_sasl_auth_clients = no >> command_directory = /usr/sbin >> config_directory = /etc/postfix >> daemon_directory = /usr/lib64/postfix >> data_directory = /var/lib/postfix >> debug_peer_level = 1 >> disable_vrfy_command = yes >> home_mailbox = .maildir/ >> html_directory = /usr/share/doc/postfix-2.6.5/html >> mail_owner = postfix >> mailq_path = /usr/bin/mailq >> manpage_directory = /usr/share/man >> message_size_limit = 20480000 >> mydomain = example.com >> myhostname = foo.example.com >> mynetworks_style = host >> newaliases_path = /usr/bin/newaliases >> queue_directory = /var/spool/postfix >> readme_directory = /usr/share/doc/postfix-2.6.5/readme >> recipient_delimiter = + >> relay_domains = pgsql:/etc/postfix/pgsql/pgsql-relay-domains-maps.cf >> sendmail_path = /usr/sbin/sendmail >> setgid_group = postdrop >> smtpd_banner = $myhostname NO UCE ESMTP >> smtpd_client_restrictions = permit_mynetworks, >> permit_sasl_authenticated, permit_mx_backup, reject_rbl_client >> zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client >> bl.spamcop.net >> smtpd_delay_reject = no >> smtpd_helo_required = yes >> smtpd_helo_restrictions = reject_invalid_hostname >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, permit_mx_backup, check_policy_service >> inet:127.0.0.1:2525, reject_unauth_destination >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_authenticated_header = no >> smtpd_sasl_local_domain = >> smtpd_sasl_security_options = noanonymous >> smtpd_tls_CAfile = /etc/ssl/certs/cacert.org.pem >> smtpd_tls_auth_only = no >> smtpd_tls_cert_file = /etc/postfix/ssl/smtp.example.com_server.pem >> smtpd_tls_key_file = /etc/postfix/ssl/smtp.example.com_privatekey.pem >> smtpd_tls_loglevel = 0 >> smtpd_tls_received_header = yes >> smtpd_tls_session_cache_timeout = 3600s >> smtpd_use_tls = yes >> soft_bounce = no >> tls_random_source = dev:/dev/urandom >> unknown_local_recipient_reject_code = 550 >> virtual_alias_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-alias-maps.cf >> virtual_gid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-gid-maps.cf >> virtual_mailbox_base = /var/vmail >> virtual_mailbox_domains = >> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-domains.cf >> virtual_mailbox_limit_maps = >> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-limit-maps.cf >> virtual_mailbox_limit_override = yes >> virtual_mailbox_maps = >> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-maps.cf >> virtual_maildir_extended = yes >> virtual_maildir_limit_message = "Sorry, the recipients mailbox is >> currently full. Please try again later." >> virtual_overquota_bounce = no >> virtual_trash_count = no >> virtual_trash_name = ".Trash" >> virtual_uid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-uid-maps.cf >> >
