AnswerBun.com

Postfix rejecting mail from authenticated clients

Server Fault Asked by NPE on December 11, 2020

I am trying to configure Postfix so that it would accept mail from authenticated clients outside $mynetworks.

When I try to send a test email from my iPhone, which is configured to use port 25, SSL and password authentication, the mail gets rejected by Postfix. I get the following in /var/log/mail.info:

Oct 25 17:41:35 mailhost postfix/smtpd[6136]: warning: 212.183.x.x:
hostname host212-183-x-x.uk.access.vodafone.net verification
failed: Name or service not known

Oct 25 17:41:35 mailhost
postfix/smtpd[6136]: connect from unknown[212.183.x.x]

Oct 25
17:41:39 mailhost postfix/smtpd[6136]: NOQUEUE: reject: RCPT from
unknown[212.183.x.x]: 554 5.7.1 : Client
host rejected: Access denied; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<[10.25.x.x]>

Oct 25
17:41:39 mailhost postfix/smtpd[6136]: disconnect from
unknown[212.183.x.x]

Here are all my main.cf settings that have to do with SASL/TLS:

smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom

How do I establish that the session is indeed authenticated?

How do I go about troubleshooting this further?

5 Answers

After much experimentation it turned out I had to add permit_sasl_authenticated to smtpd_client_restrictions (not to be confused with smtpd_recipient_restrictions).

This has fixed it.

Correct answer by NPE on December 11, 2020

i solve with this:

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject

Answered by Alexis Antonio Cruz Cerda on December 11, 2020

I solved my problem by adding "smtpd_sasl_auth_enable" line to my main.cf and then restart postfix.(there was no problem with webmail I just get the access denied error on Thunderbird)

smtpd_sasl_auth_enable = yes

Answered by user463626 on December 11, 2020

Test from a system with telnet/openssl http://www.postfix.org/SASL_README.html#server_test I don't know if the iPhone supports starttls, so you may want to test against 465 and 587 for ssl support. I think also you have it setup to only accept authentication if ssl is used.

Answered by becomingwisest on December 11, 2020

The parameters you are specifying on the line:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Are the likely culprit.

More on how to configure postfix relaying and access control can be found in the documentation.

Looks like you'll want to start by adding *.vodafone.net domain to the list of allowed domains for relaying.

Answered by WerkkreW on December 11, 2020

Add your own answers!

Related Questions

Curl verify certificate improperly

1  Asked on January 19, 2021 by jitesh-t

         

Choose best raid for SAN storage

0  Asked on January 19, 2021 by gkaveh

     

Windows to Linux Ping not working while Telnet works

1  Asked on January 17, 2021 by ehsan-sajjad

       

Configuring Heartbeat to run shell script

1  Asked on January 17, 2021 by alessandro-cardoso

         

Nginx: implementing country block with a map

0  Asked on January 15, 2021 by sandro-b

     

Server wide auth for all Virtualhosts

0  Asked on January 15, 2021

     

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP