Maybe you need to set your restrictions to more strict settings, here's my setting for smtpd restrictions, someone else may have a better config so open to discussion:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain On Sun, Jun 29, 2014 at 5:19 PM, Jerry <postfix-u...@seibercom.net> wrote: > On Sun, 29 Jun 2014 16:02:05 -0500, Edgar Pettijohn stated: > >> >>On 06/29/2014 03:40 PM, li...@rhsoft.net wrote: >>> Am 29.06.2014 22:05, schrieb Edgar Pettijohn: >>>> not sure if it matters but you have smtp_sasl_type defined twice once >>>> with cyrus and once with dovecot >>> says who? >>> >>> smtp != smtpd >>> smtp can only by cyrus and is part of the topic >>> smtpd_sasl_type is for smtpd server >>> smtp_sasl_type is for smtp client >>> >>> smtp_sasl_type = cyrus >>> smtpd_sasl_type = dovecot >>sorry didn't see the "d" > > Neither SASL and or Sender Dependent Relay appear to be working. I made some > changes to the main.cf: > > authorized_submit_users = !www, static:all > broken_sasl_auth_clients = yes > canonical_maps = hash:/usr/local/etc/postfix/canonical > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > delay_warning_time = 12h > disable_vrfy_command = yes > dovecot_destination_recipient_limit = 1 > enable_long_queue_ids = yes > html_directory = /usr/local/share/doc/postfix > inet_protocols = ipv4 > mail_owner = postfix > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > message_size_limit = 26214400 > milter_default_action = accept > mydestination = > mydomain = seibercom.net > myhostname = scorpio.seibercom.net > mynetworks_style = subnet > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > sample_directory = /usr/local/etc/postfix > sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd > smtp_sasl_security_options = noanonymous > smtp_sender_dependent_authentication = yes > smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem > smtp_tls_CApath = /usr/local/etc/postfix/certs/ > smtp_tls_note_starttls_offer = yes > smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy > smtp_tls_security_level = may > smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache > smtpd_authorized_verp_clients = $mynetworks > smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated > reject_unknown_client_hostname > smtpd_milters = unix:/var/run/clamav/clmilter.sock > smtpd_recipient_restrictions = reject_unauth_pipelining > permit_sasl_authenticated permit_mynetworks > reject_unknown_recipient_domain > reject_unauth_destination > smtpd_reject_footer = For assistance, please provide the following information > in your problem report: time ($localtime), client ($client_address) and > server ($server_name). > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_sasl_tls_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem > smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem > smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = > btree:/var/db/postfix/smtpd_tls_session_cache > tls_random_source = dev:/dev/urandom > transport_maps = hash:/usr/local/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > virtual_gid_maps = static:1002 > virtual_mailbox_base = /var/mail/vmail/seibercom/gerard > virtual_mailbox_domains = seibercom.net > virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox > virtual_minimum_uid = 100 > virtual_transport = dovecot > virtual_uid_maps = static:1002 > > maillog: > > Jun 29 17:09:21 scorpio sm-mta[36451]: STARTTLS=server, relay=localhost > [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA, > bits=128/128 > Jun 29 17:09:21 scorpio sm-mta[36451]: s5TL9Llc036451: > from=<gerard.seib...@stemnc.org>, size=363, class=0, nrcpts=1, > msgid=<20140629170921.5ffc300b@scorpio>, proto=ESMTP, daemon=Daemon0, > relay=localhost [127.0.0.1] > Jun 29 17:09:22 scorpio sm-mta[36453]: STARTTLS=client, > relay=mta6.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 > Jun 29 17:09:24 scorpio sm-mta[36453]: s5TL9Llc036451: to=<ges...@yahoo.com>, > delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30363, > relay=mta6.am0.yahoodns.net. [66.196.118.37], dsn=2.0.0, stat=Sent (ok dirdel) > > This is not being relayed through the proper ISP and there is no SASL being > used.
