| View previous topic :: View next topic |
| Author |
Message |
sumpi
Tux's lil' helper
Joined: 09 May 2006
Posts: 110
Location: Graz, Austria
|
 Posted: Thu Jan 03, 2008 1:12 pm Post subject: postfix and tls authentication problem |
 |
|
hi all!
I am trying for days now to set up a mail server with postfix and dovecot. I manage to get the mails from other systems and my thunderbird clients are able to connect via ssl without any problems. But it is not possible to send mails to other systems.
I get a relay access denied, whenever i try to do this. There is no virtual domain and all users are system users.
The problem is, that my home-network is using a dial up connection. So there is no possibility using the ip in my main.cf. So I tried to set up sasl or tls, but without any luck until now.
Can anybody point me to a good howto or show me another way on doing this?
The error i get in messages:
| Code: |
postfix/smtpd[25434]: SSL_accept:SSLv3 flush data
postfix/smtpd[25434]: read from 080C3168 [080CC878] (5 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[25434]: SSL_accept:error in SSLv3 read client certificate A
postfix/smtpd[25434]: read from 080C3168 [080CC878] (5 bytes => 5 (0x5))
postfix/smtpd[25434]: 0000 16 03 01 00 86 .....
postfix/smtpd[25434]: read from 080C3168 [080CC87D] (134 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[25434]: SSL_accept:error in SSLv3 read client certificate A
postfix/smtpd[25434]: read from 080C3168 [080CC87D] (134 bytes => 134 (0x86))
|
but later in the log file, i see:
| Code: |
postfix/smtpd[25434]: TLS connection established from MYHOSTDIALUP: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
|
as well as:
| Code: |
postfix/smtpd[25434]: ctable_locate: leave existing entry key external@other.system
postfix/smtpd[25434]: NOQUEUE: reject: RCPT from MYHOSTDIALUP: 554 5.7.1 <external@other.system>: Relay access denied; from=<myself@YYY.ZZZ> to=<external@other.system> proto=ESMTP helo=<[myInternalIPAdr]>
Jan 3 13:46:48 katana postfix/smtpd[25434]: generic_checks: name=reject_unauth_destination status=2
Jan 3 13:46:48 katana postfix/smtpd[25434]: > MYHOSTDIALUP: 554 5.7.1 <external@other.system>: Relay access denied
|
here is my main.cf
| Code: |
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = mail.YYY.ZZZ
mydomain = YYY.ZZZ
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks_style = host
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.4.5/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.4.5/readme
home_mailbox = .maildir/
message_size_limit = 25000000
smtpd_helo_required = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
## TLS new try
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
|
Thanks in advance for any hint! I just don't get it!
Bye,
Sumpi
_________________
Why geeks like computers:
unzip, strip, touch, finger, grep, mount, fsck, more, yes,fsck,fsck,fsck,umount, sleep. |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Thu Jan 03, 2008 3:39 pm Post subject: |
|
|
| I can't you doing any SASL there, just TLS. |
|
| Back to top |
|
|
sumpi
Tux's lil' helper
Joined: 09 May 2006
Posts: 110
Location: Graz, Austria
|
| Posted: Fri Jan 04, 2008 6:41 am Post subject: |
|
|
so what should I do then?
Or in other words, why cant I uses SASL and how do I use TSL?
Or did I just get your mail wrong?
Bye,
Sumpi
_________________
Why geeks like computers:
unzip, strip, touch, finger, grep, mount, fsck, more, yes,fsck,fsck,fsck,umount, sleep. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Fri Jan 04, 2008 7:08 am Post subject: |
|
|
TLS is great, but there's no auth and it is just Transport Layer Security - to give it its full name. It looks like you have TLS working.
However, you seem to want to use some kind of SMTP AUTH and that's why I am saying 'where's the SASL?'. Just TLS will not do the job.
I'm presuming you want to relay mail for authenticated users... |
|
| Back to top |
|
|
elgato319
Guru
Joined: 15 Sep 2005
Posts: 546
|
| Posted: Fri Jan 04, 2008 7:46 am Post subject: |
|
|
If you want to use smtp-auth with postfix and dovecot you need to compile postfix with the dovecot-sasl use flag.
from my config files:
main.cf
| Code: |
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth_dovecot
|
dovecot.conf
| Code: |
socket listen {
client {
# The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth_dovecot
mode = 0660
user = postfix
group = postfix
}
}
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
