| View previous topic :: View next topic |
| Author |
Message |
fangorn
Veteran
Joined: 31 Jul 2004
Posts: 1886
|
 Posted: Thu Jun 07, 2007 5:09 pm Post subject: postfix smtp: relay access denied, local mail works |
 |
|
Hi,
I have a final problem with my postfix mailserver setup. I followed the virtual mailhosting howto and got it running so far. Local email is working, so is squirrelmail webmail frontend. I can send Emails to other Email servers on the internet (tested with web.de address and address at work) using squirrelmail and mail or mutt on the mailserver.
I can access virtual mail accounts via imap and pop3 with thunderbird or mutt. I also can send emails to virtual email accounts on the mailserver using smtp auth and tls using remote mail clients.
What I cannot do, is send Emails to non-mailserver addresses using thunderbird or mutt on remote computers.
| Code: |
Webserver answered: 5.7.1 <destination>: Relay access denied.
|
Help, I am stuck.
I can provide configuration if necessary, but as local mailing works, I think it is a more basic problem than just a typo. 
If anybody could help, I would appreciate it.
fangorn
_________________
Video Encoding scripts collection | Project page |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Thu Jun 07, 2007 8:55 pm Post subject: |
|
|
Sounds like a typo 
It's your smtpd_x_restrictions that are lacking. Post just that bit of main.cf and no comments. |
|
| Back to top |
|
|
fangorn
Veteran
Joined: 31 Jul 2004
Posts: 1886
|
| Posted: Fri Jun 08, 2007 6:04 am Post subject: |
|
|
| Code: |
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom |
_________________
Video Encoding scripts collection | Project page |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Sat Jun 09, 2007 8:27 am Post subject: |
|
|
Config looks ok although I'm not sure what this bit is achieving - smtpd_sender_restrictions =
I'd say you are not authenticating. This is why remote clients can only send to (virtual) users on the server. Check the logs and turn up the verb if need be. |
|
| Back to top |
|
|
fangorn
Veteran
Joined: 31 Jul 2004
Posts: 1886
|
| Posted: Sun Jun 10, 2007 2:30 pm Post subject: |
|
|
Thanks for checking.
| Code: | Jun 10 16:06:04 servername postfix/smtpd[19538]: NOQUEUE: reject: RCPT from <dynamic_adress_t-online.de>: 554 5.7.1 <username@web.de>: R
elay access denied; from=<sender_adress> to=<username@web.de> proto=ESMTP helo=<[192.168.0.9]>
Jun 10 16:06:04 servername postfix/smtpd[19539]: generic_checks: name=reject_unauth_destination status=2
Jun 10 16:06:04 servername postfix/smtpd[19539]: > <dynamic_adress_t-online.de>: 554 5.7.1 <username@web.de>: Relay access denied |
I think this
| Code: | | helo=<[192.168.0.9]> |
is the problem. The machine I am writing this mail on is not connected directly to the internet, it connects over a router. Its real (internal) IP adress gets submitted.
Is there a possibilty to avoid this?
Thanks again,
fangorn
_________________
Video Encoding scripts collection | Project page |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Mon Jun 11, 2007 5:00 am Post subject: |
|
|
No, it's not that. Here are the restrictions you have -
| Code: | smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination |
First one to 'pass' skips the rest. So once a person is sasl auth then they miss the next 2. However, the snippet from the log shows an unauth destination being rejected, which is the final rule. Therefore SASL auth is not happening. |
|
| Back to top |
|
|
fangorn
Veteran
Joined: 31 Jul 2004
Posts: 1886
|
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Mon Jun 11, 2007 7:11 pm Post subject: |
|
|
Telnet to port 25 on the mailserver and shoot it an EHLO.
Look for the auth bits
[/code]
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
>> 250-AUTH PLAIN LOGIN
>> [/code]250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
[code] |
|
| Back to top |
|
|
|
Networking & Security
