[Postfixbuch-users] Sasl Auth Problem Relay access denied

Patrick Ben Koetter p at state-of-mind.de
Mi Jun 20 09:12:47 CEST 2007


* mail at sb-webdesign.de <mail at sb-webdesign.de>:
> Hallo Liste ich habe versucht mein ostfix zu sasl auth zu bewergen nur bekomme ich immer die meldung relay acces 
> 
> 554 <schneider at skanwood.com>: Relay access denied
> logauszug
> :
> 
> 
> Jun 20 08:38:35 box79146 postfix/smtpd[965]: connect from F956d.f.strato-dslnet.de[195.4.149.109]
> Jun 20 08:38:37 box79146 postfix/smtpd[965]: NOQUEUE: reject: RCPT from F956d.f.strato-dslnet.de[195.4.149.109]: 554 <schneider at skanwood.com>: Relay access denied; from=<test at b-schneider.de> to=<schneider at skanwood.com> proto=ESMTP helo=<test>
> Jun 20 08:38:39 box79146 postfix/smtpd[965]: disconnect from F956d.f.strato-dslnet.de[195.4.149.109]
> 
> Kurioserweise geht das einloggen in die Mailboxen per Imap

Wieso ist das kurios? IMAP und SMTP haben nichts miteinander zu tun. ;)


> Mfg
> Bernhard Schneider
> 
> postconf -n :
> 
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 10
> defer_transports =
> disable_dns_lookups = no
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = /usr/share/doc/packages/postfix/html
> in_flow_delay = 2s
> inet_interfaces = all
> inet_protocols = all
> local_destination_concurrency_limit = 2
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 151200000
> mailbox_transport = cyrus
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_exceptions = root
> message_size_limit = 50240000
> mydestination = $myhostname, localhost.$mydomain, boerny.org ,test.boerny.org, rak.servgame.org

Raus mit der Domain rak.servgame.org aus mydestination. Du solltest daraus
eine virtual_alias_domain oder virtual_mailbox_domain machen. Entsprechende
Beschwerden wirst Du im maillog finden...


> mydomain = boerny.org
> myhostname = box79146.elkhouse.de
> mynetworks = 213.9.79.146, 127.0.0.0/8


mynetworks = 213.9.79.146/32, 127.0.0.0/8

> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions = hash:/etc/postfix/access
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> 
> smtpd_recipient_restrictions = permit_mynetworks,                               reject_non_fqdn_recipient,                  reject_unknown_sender_domain,                            reject_unknown_recipient_domain,                                permit_sasl_authenticated,                           reject_unauth_destination,                              reject_unauth_pipelining,                            reject_invalid_hostname,                                reject_non_fqdn_hostname,         
> reject_rhsbl_sender dsn.rfc-gnorant.org,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client list.dsbl.org,                         reject_rbl_client sbl-xbl.spamhaus.org,                         reject_rhsbl_client black hole.securitysage.com,    
> reject_rhsbl_sender blackhole.securitysage.com,
> reject_rbl_client bl.spamcop.net,                                reject_rbl_client ix.dnsbl.manitu.net,                      reject_rbl_client relays.mail-abuse.org,                         reject_rbl_client whois.rfc-ignorant.org                    reject_rbl_client dun.dsnrbl.net,                                reject_rbl_client dynablock.njabel.org,                     reject_rbl_client rbl.tu-berlin.de, 
> permit
> 

> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = boerny.org
> smtpd_sasl_security_options = noanonymous

Das sieht ganz sauber aus. Wie sieht denn Deine smtpd.conf aus?
Lad Dir mal saslfinger (siehe meine Signatur) und poste mal "saslfinger -s".

p at rick




> smtpd_sender_restrictions = hash:/etc/postfix/access
> 
> smtpd_tls_auth_only = no
> smtpd_use_tls = no
> soft_bounce = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> 
> master cf:
> 
> #
> # Postfix master process configuration file.  For details on the format
> # of the file, see the Postfix master(5) manual page.
> #
> # ==========================================================================
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> # ==========================================================================
> smtp      inet  n       -       n       -       -       smtpd
> #submission inet n      -       n       -       -       smtpd
> #       -o smtpd_etrn_restrictions=reject
> #       -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps    inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
> #  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #submission   inet    n       -       n       -       -       smtpd
> #  -o smtpd_etrn_restrictions=reject
> #  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> #628      inet  n       -       n       -       -       qmqpd
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> #qmgr     fifo  n       -       n       300     1       oqmgr
> #tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       n       -       -       smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay     unix  -       -       n       -       -       smtp
>         -o fallback_relay=
> #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> #localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
> scache    unix  -       -       n       -       1       scache
> #
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent.  See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> cyrus     unix  -       n       n       -       -       pipe
>   user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> procmail  unix  -       n       n       -       -       pipe
>   flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
> -- 
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
Postfix - Einrichtung, Betrieb und Wartung
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users