El 26/07/2012 15:52, /dev/rob0 escribió:
On Thu, Jul 26, 2012 at 01:45:54PM +0100, Nicolás wrote:
El 23/07/2012 12:13, Nicolás escribió:
Hi all!
I have a server with postfix with virtual users (using MySQL),
it's working ok, let's call it A. I also have a secondary server,
which I want to use to send mails even outside my local network,
let's call it B. So I'm trying to configure B to relay through A
to send e-mails. The problem is I have SMTP auth enabled on A and
I'm missing something at the config of B because I get this error:
[ ... ]
Either add the un-munged IP address of B to A's mynetworks, or
configure B to authenticate at A. SOHO_README has the excerpt from
SASL_README which describes the latter. BASIC_CONFIGURATION_README
covers the former.
If B has a dynamic IP address, the former choice is generally not
ideal. But you can do what I did: connect both sites via a VPN
tunnel, relay through the tunnel, and put the tunnel's address in
mynetworks.
Yes, that's my fault as I didn't post my mynetworks line. The B server
has a static private IP address, so I added the private range to it.
mynetworks = 127.0.0.0/8 192.168.0.0/24
I'm pasting my postconf -n at the end of the mail with the changes you
adviced me.
[...]
smtpd_sender_restrictions = hash:/etc/postfix/access
1. Deprecated syntax; this should be "check_sender_access
hash:/etc/postfix/access".
2. Bad file naming! "access" could be anything. Give your maps
sensible names, i.e., "sender_access", so you can tell at a
glance what it is supposed to do.
My bad... changed the syntax and added a descriptive name.
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
It appears that you are using Cyrus SASL. (Why? What imapd are you
using?) Did you set it up properly?
I'm not using Cyrus SASL. My postfix is integrated with Dovecot so
that's my imapd.
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Typically you should not tinker with the defaults of these.
Ok, removed.
2) Whole B main.cf config:
config_directory = /etc/postfix
relayhost = 192.168.0.14
And 192.168.0.14 is the IP address you munged out above? Why? If both
hosts are on the same LAN, why not just use A directly? Why do you
think you need B?
That IP address if the server's. Both (server and client) machines are
on the same LAN but the reason why I'm using B is because B has a
bug-tracker installed on it sending mails on each update event. So I
want to have it on a separate machine from A, because A is just the mail
server and I would like to keep it that way, that's why I'm trying to
relay B mails through A. That's the only idea I had, if you see any
better solution I'll be glad to hear it.
myhostname = socks.mydomain.es
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
Note: 192.168.0.14 is A.
3) Content of /etc/postfix/sasl/passwd:
192.168.0.1...@domain.es:password
I'm using mailx command to send mails, for example:
# echo "Bar" | mailx -s "Foo"postfix-...@gmail.com --tls=true
If your mailx(1) supports TLS, you probably also want to set a real
sender address when relaying outside your network.
Sure, it's just I was trying to make it work but finally I'll use a real
sender address.
Could someone tell me what am I doing wrong? I thought using
'smtp_sasl_auth_enable' at B would be enough to use SMTP
authentication, but it's not happening.
Any idea about this? I'm really stuck, as I found an example at
http://www.postfix.org/SASL_README.html with a very alike config,
but I can't get this working.
Again, see the list welcome message or DEBUG_README.html#mail .
Saslfinger might be useful in your case.
OK, I'll check it.
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/valid_recipients
This is not safe. What's in that map? See
SMTPD_ACCESS_README.html#danger for an explanation of why.
The map just contains a list of blocked recipients (spam addresses,
above all). I get them rejected, no 'OK' rules in it. Same on
smtpd_sender_restrictions.
[...]
reject_rbl_client bl.spamcop.net
I don't recommend Spamcop for use like this.
reject_rbl_client relays.ordb.org
This list shut down many years ago!
reject_rbl_client sbl.spamhaus.org
SBL still works but has been superceded by Zen.
check_policy_service unix:private/policy-spf
reject_unauth_destination
Changed all that.
Finally my postconf -n, after changes:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mydestination = mail.mydomain.es, localhost, localhost.localdomain,
listas.mydomain.es
myhostname = mail.mydomain.es
mynetworks = 127.0.0.0/8 192.168.0.0/24
myorigin = /etc/mailname
non_smtpd_milters = inet:127.0.0.1:12347
owner_request_special = no
policy-spf_time_limit = 3600s
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
$smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost = [mydomain.es]
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:12347
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/valid_recipients, reject_sender_login_mismatch,
permit_mynetworks, permit_sasl_authenticated, reject_rbl_client
zen.spamhaus.org, check_policy_service unix:private/policy-spf,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/mysql-virtual_identities.cf
smtpd_sender_restrictions = permit_mynetworks check_sender_access
hash:/etc/postfix/valid_senders reject_sender_login_mismatch permit
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = mysql:/etc/postfix/mysql-virtual_transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_inbox = yes
virtual_mailbox_limit_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_maildir_extended = yes
virtual_maildir_limit_message = "El usuario tiene su buzon lleno, debe
liberar espacio antes de poder recibir mas"
virtual_maildir_suffix = Maildir/
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_trash_count = yes
virtual_trash_name = .Trash
Thank you so much for your advices and help.
Regards,
Nicolás
