Server Fault Asked by NPE on December 11, 2020
I am trying to configure Postfix so that it would accept mail from authenticated clients outside $mynetworks.
When I try to send a test email from my iPhone, which is configured to use port 25, SSL and password authentication, the mail gets rejected by Postfix. I get the following in /var/log/mail.info:
Oct 25 17:41:35 mailhost postfix/smtpd[6136]: warning: 212.183.x.x:
hostname host212-183-x-x.uk.access.vodafone.net verification
failed: Name or service not knownOct 25 17:41:35 mailhost
postfix/smtpd[6136]: connect from unknown[212.183.x.x]Oct 25
17:41:39 mailhost postfix/smtpd[6136]: NOQUEUE: reject: RCPT from
unknown[212.183.x.x]: 554 5.7.1 : Client
host rejected: Access denied; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<[10.25.x.x]>Oct 25
17:41:39 mailhost postfix/smtpd[6136]: disconnect from
unknown[212.183.x.x]
Here are all my main.cf settings that have to do with SASL/TLS:
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
How do I establish that the session is indeed authenticated?
How do I go about troubleshooting this further?
After much experimentation it turned out I had to add permit_sasl_authenticated to smtpd_client_restrictions (not to be confused with smtpd_recipient_restrictions).
This has fixed it.
Correct answer by NPE on December 11, 2020
i solve with this:
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
Answered by Alexis Antonio Cruz Cerda on December 11, 2020
I solved my problem by adding "smtpd_sasl_auth_enable" line to my main.cf and then restart postfix.(there was no problem with webmail I just get the access denied error on Thunderbird)
smtpd_sasl_auth_enable = yes
Answered by user463626 on December 11, 2020
Test from a system with telnet/openssl http://www.postfix.org/SASL_README.html#server_test I don't know if the iPhone supports starttls, so you may want to test against 465 and 587 for ssl support. I think also you have it setup to only accept authentication if ssl is used.
Answered by becomingwisest on December 11, 2020
The parameters you are specifying on the line:
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Are the likely culprit.
More on how to configure postfix relaying and access control can be found in the documentation.
Looks like you'll want to start by adding *.vodafone.net domain to the list of allowed domains for relaying.
Answered by WerkkreW on December 11, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP