On Jul 11, 2011, at 11:37 PM, Ron Garret wrote: > > On Jul 11, 2011, at 11:17 PM, Mike Morris wrote: > >> On 07/11/2011 10:12 PM, Ron Garret wrote: >>> >>> On Jul 11, 2011, at 9:31 PM, Stan Hoeppner wrote: >>> >>>> On 7/11/2011 8:12 PM, Ron Garret wrote: >>>>> I'm trying to set up a relay host with authentication according to these >>>>> instructions: >>>>> >>>>> http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/ >>>>> >>>>> but it's not working. I know my SMTP server is set up properly because I >>>>> can send mail using various other clients, but postfix is apparently not >>>>> even attempting to authorize. Here are the relevant lines from main.cf: >>>>> >>>>> relayhost = secure.genesisgroup.info >>>>> smtp_sasl_auth_enable = yes >>>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >>>>> smtp_sasl_security_options = >>>>> >>>>> Here is a log excerpt from my server from a successful login from a >>>>> different client (python smtplib): >>>>> >>>>> Jul 11 17:59:57 vm01 postfix/smtpd[812]: connect from >>>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >>>>> Jul 11 17:59:58 vm01 postfix/smtpd[812]: A567C4CA949: >>>>> client=ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10], >>>>> sasl_method=LOGIN, sasl_username=XXX >>>>> >>>>> and here's the same thing when Postfix tries to connect between the same >>>>> two machines: >>>>> >>>>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: connect from >>>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >>>>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: NOQUEUE: reject: RCPT from >>>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]: 554 5.7.1 >>>>> <ron.gar...@gmail.com>: Relay access denied; >>>>> from=<r...@sunfire-offices.com> to=<ron.gar...@gmail.com> proto=ESMTP >>>>> helo=<mail.sunfire-offices.com> >>>>> >>>>> As you can see, postfix is not even attempting to authorize. >>>>> >>>>> What am I doing wrong? >>>> >>>> You're not telling us what you're attempting to accomplish for starters. >>> >>> Sorry, I thought that would be clear from the context. I'm trying to do >>> exactly what you say: >>> >>>> When you specify relayhost you're telling Postfix to forward all non >>>> local outbound mail to a gateway instead of delivering it directly to >>>> internet MX destinations. >>> >>> Yes, that is exactly what I'm trying to do. The reason is that mail sent >>> directly from an EC2 instance is usually flagged as spam by many mail >>> recipients because the reverse DNS doesn't resolve properly. >>> >>>> You're showing smtpd logging, but the relayhost parameter applies to >>>> smtp, not smtpd. Your logging shows a host connecting to your Postfix >>>> server, not your Postfix server connecting to secure.genesisgroup.info. >>> >>> >>> The log excerpts are taken from the postfix server on >>> secure.genesisgroup.info, which is the machine I want to use to relay >>> outbound mail from the EC2 instance. Sorry that wasn't clear. >>> >>>> Either you don't understand the relayhost parameter, or I simply don't >>>> understand your goal here, or probably both. >>> >>> >>> Well, I'm clearly missing something. But I don't think it's the relayhost >>> parameter. >>> >>> rg >>> >> >> As stated by Jeroen, supplying the list with the output of 'postconf -n' >> would be much more preferred than sending the entire output of >> 'postconf'. There is no need for people to wade through hundreds of >> lines that are configured for default values. > > Sorry, I'm still kinda new at this. > >> The server at secure.genesisgroup.info only advertises AUTH support >> after STARTTLS. Therefore, in order to successfully authenticate with >> that server from the client at 184.73.65.10, the following configuration >> changes will need to be made on 184.73.65.10: >> >> Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at >> least a setting of 'may'. This will allow the SMTP client to attempt >> STARTTLS connections with remote hosts. > > Ah. I thought SASL implied TLS, but I guess it doesn't. > > So I tried adding: > > smtp_sasl_security_options = auth > smtp_tls_security_level = may > > And now I get "unknown mail transport error" on the client side, and this on > the server side:
Just for the record, this worked: smtp_sasl_security_options = noanonymous smtp_tls_security_level = may Thanks for all the responses! rg
