Loading ...
Sorry, an error occurred while loading the content.

Sender Access denied

Expand Messages
  • notinh notien
    Hi, I have a user logged in from home. He is using sbc/att dsl and the ISP required to authenticate to their proxy for sending email. My postfix setup require
    Message 1 of 7 , Oct 3, 2006
    • 0 Attachment
      Hi, I have a user logged in from home. He is using sbc/att dsl and the ISP
      required to authenticate to their proxy for sending email. My postfix setup
      require sasl authenticated so this authentication can not be used with my
      smtp server.

      I put exceptions in helo_checks, client_restrictions to allow
      smtp*.sbc.mail.re*.yahoo.com to send email. I also put user1@...
      in access_exceptions to allow this user to send mail.

      Could the experts here give some tips on how to let this user sending email?
      He especially have problem sending emails to people on the same domain
      like user2@....

      Thank you very much for your helps.
      NN

      Oct 3 12:38:31 gemini postfix/smtpd[7260]: NOQUEUE: reject: RCPT from
      smtp110.sbc.mail.re2.yahoo.com[68.142.229.95]: 554 <user1@...>:
      Sender address rejected: Access denied; from=<user1@...>
      to=<user2@...> proto=SMTP helo=<smtp110.sbc.mail.re2.yahoo.com>

      smtpd_recipient_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_unauth_destination,
      reject_invalid_hostname,
      reject_unauth_pipelining,
      reject_non_fqdn_sender,
      reject_unknown_sender_domain,
      reject_multi_recipient_bounce,
      reject_non_fqdn_recipient,
      reject_unknown_recipient_domain,
      check_helo_access pcre:/etc/postfix/helo_checks,
      check_client_access hash:/etc/postfix/access,
      check_client_access regexp:/etc/postfix/client_restrictions,
      check_sender_access hash:/etc/postfix/access_exceptions,
      check_sender_access ldap:ldap_restrictions,
      reject_rhsbl_sender dsn.rfc-ignorant.org,
      reject_rbl_client dnsbl.sorbs.net,
      reject_rbl_client relays.ordb.org,
      reject_rbl_client sbl-xbl.spamhaus.org,
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client list.dsbl.org,
      reject_rbl_client dnsbl.njabl.org,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client opm.blitzed.org,
      reject_unverified_sender,
      check_policy_service unix:/var/spool/postfix/postgrey/socket,
      permit

      _________________________________________________________________
      Express yourself instantly with MSN Messenger! Download today it's FREE!
      http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
    • Sandy Drobic
      ... Set up the submission port for sasl authenticated mail and tell him to use the submission port (587) with smtp auth to connect to your server. Sandy --
      Message 2 of 7 , Oct 3, 2006
      • 0 Attachment
        notinh notien wrote:
        > Hi, I have a user logged in from home. He is using sbc/att dsl and the
        > ISP required to authenticate to their proxy for sending email. My
        > postfix setup require sasl authenticated so this authentication can not
        > be used with my smtp server.

        Set up the submission port for sasl authenticated mail and tell him to use
        the submission port (587) with smtp auth to connect to your server.

        Sandy
        --
        List replies only please!
        Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
      • notinh notien
        Hi, Sandy. Could you elaborate on what you said a little bit becasue I am still quite new to Postfix? Thanks. ...
        Message 3 of 7 , Oct 3, 2006
        • 0 Attachment
          Hi, Sandy. Could you elaborate on what you said a little bit becasue I am
          still quite new to Postfix?

          Thanks.

          >From: Sandy Drobic <postfix-users@...>
          >Reply-To: postfix-users@...
          >To: postfix-users@...
          >Subject: Re: Sender Access denied
          >Date: Tue, 03 Oct 2006 22:27:58 +0200
          >
          >notinh notien wrote:
          >>Hi, I have a user logged in from home. He is using sbc/att dsl and the ISP
          >>required to authenticate to their proxy for sending email. My postfix
          >>setup require sasl authenticated so this authentication can not be used
          >>with my smtp server.
          >
          >Set up the submission port for sasl authenticated mail and tell him to use
          >the submission port (587) with smtp auth to connect to your server.
          >
          >Sandy
          >--
          >List replies only please!
          >Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

          _________________________________________________________________
          Don't just search. Find. Check out the new MSN Search!
          http://search.msn.click-url.com/go/onm00200636ave/direct/01/
        • Sandy Drobic
          ... Please do not top post, it makes it hard to follow the conversation. Port 587 is intended for endusers to submit mails. This is especially useful if his
          Message 4 of 7 , Oct 3, 2006
          • 0 Attachment
            notinh notien wrote:
            >
            > Hi, Sandy. Could you elaborate on what you said a little bit becasue I
            > am still quite new to Postfix?

            Please do not top post, it makes it hard to follow the conversation.

            Port 587 is intended for endusers to submit mails. This is especially
            useful if his ISP is blocking port 25 for outgoing mail.

            Ports are enabled in /etc/postfix/master.cf:

            submission inet n - n - - smtpd
            -o smtpd_enforce_tls=yes
            -o smtpd_sasl_auth_enable=yes
            -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

            Please make sure that at the beginning of the option lines starting with
            -o there is a white space and that there are NO white spaces within the
            options.

            After you uncomment these lines in master.cf and execute "postfix reload",
            you should be able to connect to port 587. This example forces the client
            to use TLS/SSL encryption and sasl auth in order to submit mails.
            If you haven't configured TLS you can't use the option "-o
            smtpd_enforce_tls=yes".

            Sandy

            --
            List replies only please!
            Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
          • notinh notien
            ... Thank Sandy. I am going to try that. So now my user would have to specify port 587 in Outlook for SMTP when they are at home? I also need to open up my
            Message 5 of 7 , Oct 3, 2006
            • 0 Attachment
              >From: Sandy Drobic <postfix-users@...>
              >Reply-To: postfix-users@...
              >To: postfix-users@...
              >Subject: Re: Sender Access denied
              >Date: Tue, 03 Oct 2006 22:58:22 +0200
              >
              >notinh notien wrote:
              >>
              >>Hi, Sandy. Could you elaborate on what you said a little bit becasue I am
              >>still quite new to Postfix?
              >
              >Please do not top post, it makes it hard to follow the conversation.
              >
              >Port 587 is intended for endusers to submit mails. This is especially
              >useful if his ISP is blocking port 25 for outgoing mail.
              >
              >Ports are enabled in /etc/postfix/master.cf:
              >
              >submission inet n - n - - smtpd
              > -o smtpd_enforce_tls=yes
              > -o smtpd_sasl_auth_enable=yes
              > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
              >
              >Please make sure that at the beginning of the option lines starting with -o
              >there is a white space and that there are NO white spaces within the
              >options.
              >
              >After you uncomment these lines in master.cf and execute "postfix reload",
              >you should be able to connect to port 587. This example forces the client
              >to use TLS/SSL encryption and sasl auth in order to submit mails.
              >If you haven't configured TLS you can't use the option "-o
              >smtpd_enforce_tls=yes".
              >
              >Sandy
              >
              >--
              >List replies only please!
              >Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com


              Thank Sandy. I am going to try that. So now my user would have to specify
              port 587 in Outlook for SMTP when they are at home?

              I also need to open up my firewall to let outside access to port 587.

              Once again, thank Sandy.
              NN

              _________________________________________________________________
              FREE pop-up blocking with the new MSN Toolbar - get it now!
              http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
            • Sandy Drobic
              ... Yes. ... Yes. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
              Message 6 of 7 , Oct 3, 2006
              • 0 Attachment
                notinh notien wrote:

                >> Port 587 is intended for endusers to submit mails. This is especially
                >> useful if his ISP is blocking port 25 for outgoing mail.
                >>
                >> Ports are enabled in /etc/postfix/master.cf:
                >>
                >> submission inet n - n - - smtpd
                >> -o smtpd_enforce_tls=yes
                >> -o smtpd_sasl_auth_enable=yes
                >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
                >>
                >> Please make sure that at the beginning of the option lines starting
                >> with -o there is a white space and that there are NO white spaces
                >> within the options.
                >>
                >> After you uncomment these lines in master.cf and execute "postfix
                >> reload", you should be able to connect to port 587. This example
                >> forces the client to use TLS/SSL encryption and sasl auth in order to
                >> submit mails.
                >> If you haven't configured TLS you can't use the option "-o
                >> smtpd_enforce_tls=yes".
                >>
                >> Sandy
                >>
                >> --
                >> List replies only please!
                >> Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
                >
                >
                > Thank Sandy. I am going to try that. So now my user would have to
                > specify port 587 in Outlook for SMTP when they are at home?

                Yes.

                > I also need to open up my firewall to let outside access to port 587.

                Yes.

                Sandy
                --
                List replies only please!
                Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
              • /dev/rob0
                ... snip ... Outlook is not a good MUA in terms of supporting standard protocols. Some versions do not support TLS. So for Outlook you might have to use smtps
                Message 7 of 7 , Oct 3, 2006
                • 0 Attachment
                  On Tuesday 03 October 2006 17:34, notinh notien wrote:
                  > >submission inet n - n - - smtpd
                  > > -o smtpd_enforce_tls=yes
                  > > -o smtpd_sasl_auth_enable=yes
                  > > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
                  snip
                  > Thank Sandy. I am going to try that. So now my user would have to
                  > specify port 587 in Outlook for SMTP when they are at home?

                  Outlook is not a good MUA in terms of supporting standard protocols.
                  Some versions do not support TLS. So for Outlook you might have to use
                  smtps (port 465) instead.

                  There's a commented line in master.cf very similar to the submission
                  line above. Two changes:
                  s/submission/smtps/
                  s/enforce_tls/tls_wrappermode/
                  You'll probably also need:
                  -o broken_sasl_auth_clients=yes
                  --
                  Offlist mail to this address is discarded unless
                  "/dev/rob0" or "not-spam" is in Subject: header
                Your message has been successfully submitted and would be delivered to recipients shortly.