postfix Client host rejected: issue

nasher · Tux's lil' helper Joined: 21 Feb 2003 Posts: 125

i tried to send a mail from outside to my mailserver.

but when i try this i get this error,

554 <unknown[ipofmailserv]]>: Client host rejected: Access denied

i tried to search in this forum and i need to add a permit
i dont know what permit

because its from outside and i dont wanne have an open relay

i saw
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.

so i dont know the problem

UberLord · Posted: Tue Jan 06, 2004 3:29 pm Post subject:

If the mailserver host is bloggs.com then it should accept emails to bloggs.com

But really, you need to enable SASL on the postfix server and permit SASL authenticated clients. There's a HOW-TO on this in the Docs forum

https://forums.gentoo.org/viewtopic.php?t=56633

nasher · Tux's lil' helper Joined: 21 Feb 2003 Posts: 125

i cant auth against sasl.

the admins here dont know anything about linux.

im using webmin so they can view in mailboxes and add users

webmin uses /etc/passwd and cant work with sasl this is why i do this

my situation is now:

wan > firewall > 192.168.0.252(mailserver) spam filter > .maildir

when a user sends mail :

lan > 192.168.0.254(mailserver) > wan

.252 is an alias on eth0

UberLord · Posted: Tue Jan 06, 2004 4:23 pm Post subject:

You can configure SASL to work with /etc/passwd easily enough - my server does this.

nasher · Tux's lil' helper Joined: 21 Feb 2003 Posts: 125

can you post your main.cf and your master.cf

what i did(im not sure coz its a while a go i did this and im not at work now)

i changed
root@server # vi /etc/sasl2/smtpd.conf

pwcheck_method: sasldb

sasldb > passwd

but then, i guess i dont have something right in the main.cf with permissions from outside

(edit);
users can email without authentication to postfix because i have permit network, the solution is not to do this? they need to auth agains /etc/passwd when they are sending an email ?!

UberLord · Posted: Tue Jan 06, 2004 4:31 pm Post subject:

main.cf bits

UberLord · Posted: Tue Jan 06, 2004 4:32 pm Post subject:

nasher · Tux's lil' helper Joined: 21 Feb 2003 Posts: 125

oh man
i changed the mydomain parameter

now i've the following error

|

554 <asd@asd.orgl>: Recipient address rejected: Access denied

nasher · Tux's lil' helper Joined: 21 Feb 2003 Posts: 125

owye
problem solved

there was an other -o smtpd_recipient_restrictions= in my master.cf that points to an other ip
i changed it into

192.168.0.254:smtp inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=check_relay_domains,permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,192.168.0.0/24
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

and it works now