Hi,
i recently tried to install a postfix server with TLS and client
authentication required. Testing the installation with Thunderbird
looked good: server certificate show, client certificate requested and
postfix log shows TLS OK but finaly I got the message 5.7.1 Relay
access denied.
postconf -n
=
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = hostname.com, nas, localhost.localdomain, localhost
myhostname = my.hostname.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relay_clientcerts = hash:/etc/postfix/relay_clientcert
relayhost = [smtp.gmail.com]:587
smtp_enforce_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_tls_clientcerts, permit_mynetworks,
reject_unauth_destination
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_fingerprint_digest = sha1
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_req_ccert = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/
smtpd_scache
=
log entry:
=
Sep 25 10:38:58 nas postfix/smtpd[18263]: connect from unknown
[78.142.185.79]
Sep 25 10:38:58 nas postfix/smtpd[18263]: setting up TLS connection
from unknown[78.142.185.79]
Sep 25 10:39:06 nas postfix/smtpd[18263]: unknown[78.142.185.79]:
Trusted: subject_CN=Stefan Selbitschka, issuer=QV Schweiz ICA,
fingerprint=71:4C:85:$
Sep 25 10:39:06 nas postfix/smtpd[18263]: Trusted TLS connection
established from unknown[78.142.185.79]: TLSv1 with cipher DHE-RSA-
AES256-SHA (256/25$
Sep 25 10:39:06 nas postfix/smtpd[18263]: NOQUEUE: reject: RCPT from
unknown[78.142.185.79]: 554 5.7.1 : Relay access
denied; from=