[Postfixbuch-users] Sasl Auth Problem Relay access denied
Patrick Ben Koetter
p at state-of-mind.de
Mi Jun 20 09:12:47 CEST 2007
* mail at sb-webdesign.de <mail at sb-webdesign.de>:
> Hallo Liste ich habe versucht mein ostfix zu sasl auth zu bewergen nur bekomme ich immer die meldung relay acces
>
> 554 <schneider at skanwood.com>: Relay access denied
> logauszug
> :
>
>
> Jun 20 08:38:35 box79146 postfix/smtpd[965]: connect from F956d.f.strato-dslnet.de[195.4.149.109]
> Jun 20 08:38:37 box79146 postfix/smtpd[965]: NOQUEUE: reject: RCPT from F956d.f.strato-dslnet.de[195.4.149.109]: 554 <schneider at skanwood.com>: Relay access denied; from=<test at b-schneider.de> to=<schneider at skanwood.com> proto=ESMTP helo=<test>
> Jun 20 08:38:39 box79146 postfix/smtpd[965]: disconnect from F956d.f.strato-dslnet.de[195.4.149.109]
>
> Kurioserweise geht das einloggen in die Mailboxen per Imap
Wieso ist das kurios? IMAP und SMTP haben nichts miteinander zu tun. ;)
> Mfg
> Bernhard Schneider
>
> postconf -n :
>
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 10
> defer_transports =
> disable_dns_lookups = no
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = /usr/share/doc/packages/postfix/html
> in_flow_delay = 2s
> inet_interfaces = all
> inet_protocols = all
> local_destination_concurrency_limit = 2
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 151200000
> mailbox_transport = cyrus
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_exceptions = root
> message_size_limit = 50240000
> mydestination = $myhostname, localhost.$mydomain, boerny.org ,test.boerny.org, rak.servgame.org
Raus mit der Domain rak.servgame.org aus mydestination. Du solltest daraus
eine virtual_alias_domain oder virtual_mailbox_domain machen. Entsprechende
Beschwerden wirst Du im maillog finden...
> mydomain = boerny.org
> myhostname = box79146.elkhouse.de
> mynetworks = 213.9.79.146, 127.0.0.0/8
mynetworks = 213.9.79.146/32, 127.0.0.0/8
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions = hash:/etc/postfix/access
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
>
> smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_hostname,
> reject_rhsbl_sender dsn.rfc-gnorant.org,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rhsbl_client black hole.securitysage.com,
> reject_rhsbl_sender blackhole.securitysage.com,
> reject_rbl_client bl.spamcop.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client relays.mail-abuse.org, reject_rbl_client whois.rfc-ignorant.org reject_rbl_client dun.dsnrbl.net, reject_rbl_client dynablock.njabel.org, reject_rbl_client rbl.tu-berlin.de,
> permit
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = boerny.org
> smtpd_sasl_security_options = noanonymous
Das sieht ganz sauber aus. Wie sieht denn Deine smtpd.conf aus?
Lad Dir mal saslfinger (siehe meine Signatur) und poste mal "saslfinger -s".
p at rick
> smtpd_sender_restrictions = hash:/etc/postfix/access
>
> smtpd_tls_auth_only = no
> smtpd_use_tls = no
> soft_bounce = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
>
> master cf:
>
> #
> # Postfix master process configuration file. For details on the format
> # of the file, see the Postfix master(5) manual page.
> #
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> smtp inet n - n - - smtpd
> #submission inet n - n - - smtpd
> # -o smtpd_etrn_restrictions=reject
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
> # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #submission inet n - n - - smtpd
> # -o smtpd_etrn_restrictions=reject
> # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> #628 inet n - n - - qmqpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - n 300 1 oqmgr
> #tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> #localhost:10025 inet n - n - - smtpd -o content_filter=
> scache unix - - n - 1 scache
> #
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent. See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> cyrus unix - n n - - pipe
> user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> procmail unix - n n - - pipe
> flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
> --
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Postfix - Einrichtung, Betrieb und Wartung
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Mehr Informationen über die Mailingliste Postfixbuch-users