On Jul 11, 2011, at 11:17 PM, Mike Morris wrote: > On 07/11/2011 10:12 PM, Ron Garret wrote: >> >> On Jul 11, 2011, at 9:31 PM, Stan Hoeppner wrote: >> >>> On 7/11/2011 8:12 PM, Ron Garret wrote: >>>> I'm trying to set up a relay host with authentication according to these >>>> instructions: >>>> >>>> http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/ >>>> >>>> but it's not working. I know my SMTP server is set up properly because I >>>> can send mail using various other clients, but postfix is apparently not >>>> even attempting to authorize. Here are the relevant lines from main.cf: >>>> >>>> relayhost = secure.genesisgroup.info >>>> smtp_sasl_auth_enable = yes >>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >>>> smtp_sasl_security_options = >>>> >>>> Here is a log excerpt from my server from a successful login from a >>>> different client (python smtplib): >>>> >>>> Jul 11 17:59:57 vm01 postfix/smtpd[812]: connect from >>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >>>> Jul 11 17:59:58 vm01 postfix/smtpd[812]: A567C4CA949: >>>> client=ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10], >>>> sasl_method=LOGIN, sasl_username=XXX >>>> >>>> and here's the same thing when Postfix tries to connect between the same >>>> two machines: >>>> >>>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: connect from >>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >>>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: NOQUEUE: reject: RCPT from >>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]: 554 5.7.1 >>>> <ron.gar...@gmail.com>: Relay access denied; >>>> from=<r...@sunfire-offices.com> to=<ron.gar...@gmail.com> proto=ESMTP >>>> helo=<mail.sunfire-offices.com> >>>> >>>> As you can see, postfix is not even attempting to authorize. >>>> >>>> What am I doing wrong? >>> >>> You're not telling us what you're attempting to accomplish for starters. >> >> Sorry, I thought that would be clear from the context. I'm trying to do >> exactly what you say: >> >>> When you specify relayhost you're telling Postfix to forward all non >>> local outbound mail to a gateway instead of delivering it directly to >>> internet MX destinations. >> >> Yes, that is exactly what I'm trying to do. The reason is that mail sent >> directly from an EC2 instance is usually flagged as spam by many mail >> recipients because the reverse DNS doesn't resolve properly. >> >>> You're showing smtpd logging, but the relayhost parameter applies to >>> smtp, not smtpd. Your logging shows a host connecting to your Postfix >>> server, not your Postfix server connecting to secure.genesisgroup.info. >> >> >> The log excerpts are taken from the postfix server on >> secure.genesisgroup.info, which is the machine I want to use to relay >> outbound mail from the EC2 instance. Sorry that wasn't clear. >> >>> Either you don't understand the relayhost parameter, or I simply don't >>> understand your goal here, or probably both. >> >> >> Well, I'm clearly missing something. But I don't think it's the relayhost >> parameter. >> >> rg >> > > As stated by Jeroen, supplying the list with the output of 'postconf -n' > would be much more preferred than sending the entire output of > 'postconf'. There is no need for people to wade through hundreds of > lines that are configured for default values.
Sorry, I'm still kinda new at this. > The server at secure.genesisgroup.info only advertises AUTH support > after STARTTLS. Therefore, in order to successfully authenticate with > that server from the client at 184.73.65.10, the following configuration > changes will need to be made on 184.73.65.10: > > Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at > least a setting of 'may'. This will allow the SMTP client to attempt > STARTTLS connections with remote hosts. Ah. I thought SASL implied TLS, but I guess it doesn't. So I tried adding: smtp_sasl_security_options = auth smtp_tls_security_level = may And now I get "unknown mail transport error" on the client side, and this on the server side: Jul 11 23:30:51 vm01 postfix/smtpd[22169]: connect from ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] Jul 11 23:30:52 vm01 postfix/smtpd[22169]: lost connection after EHLO from ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] Jul 11 23:30:52 vm01 postfix/smtpd[22169]: disconnect from ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] > Set smtp_sasl_security_options = noanonymous (or whatever is > appropriate). The remote server at secure.genesisgroup.info advertises > the following: AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN > > Read the TLS_README and SASL_README files for more information. Will do. At least now I know where to look to make further progress. Thanks! rg
