Loading ...
Sorry, an error occurred while loading the content.

RE: setup postfix whitout mynetworks, just with permit_sasl_authenticated

Expand Messages
  • Dan Blejan
    postconf -n: broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix
    Message 1 of 11 , Dec 2, 2007
    • 0 Attachment
      postconf -n:

      broken_sasl_auth_clients = yes
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      debug_peer_level = 3
      html_directory = no
      in_flow_delay = 5s
      inet_interfaces = all
      mail_owner = postfix
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/local/man
      message_size_limit = 20971520
      mydestination = $myhostname, localhost.$mydomain, localhost
      mydomain = sdn.ro
      myhostname = mail.sdn.ro
      mynetworks = 127.0.0.0/8
      mynetworks_style = host
      myorigin = $myhostname
      newaliases_path = /usr/bin/newaliases
      proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
      queue_directory = /var/spool/postfix
      readme_directory = no
      relay_domains = $mydestination
      relayhost =
      sample_directory = /etc/postfix
      sendmail_path = /usr/sbin/sendmail
      setgid_group = postdrop
      smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, reject_rhsbl_client list.dsbl.org, reject_rhsbl_client bl.spamcop.net, reject_rhsbl_client sbl-xbl.spamhaus.org
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      unknown_local_recipient_reject_code = 550
      virtual_gid_maps = static:1001
      virtual_mailbox_base = /usr/local/virtual
      virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
      virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
      virtual_minimum_uid = 1001
      virtual_transport = virtual
      virtual_uid_maps = static:1001

      telnet:

      Trying 127.0.0.1...
      Connected to localhost.
      Escape character is '^]'.
      220 mail.sdn.ro ESMTP Postfix
      EHLO localhost
      250-mail.sdn.ro
      250-PIPELINING
      250-SIZE 20971520
      250-VRFY
      250-ETRN
      250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
      250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN



      -----Original Message-----
      From: owner-postfix-users@... [mailto:owner-postfix-users@...] On Behalf Of mouss
      Sent: Monday, December 03, 2007 12:42 PM
      Cc: postfix-users@...
      Subject: Re: setup postfix whitout mynetworks, just with permit_sasl_authenticated

      Dan Blejan wrote:
      > Sorry for the mess.
      >
      > Dec 3 11:41:26 www pop3d: Connection, ip=[::ffff: xxx.yyy.zzz.www]
      > Dec 3 11:41:26 www authdaemond: received auth request, service=pop3, authtype=login
      > Dec 3 11:41:26 www authdaemond: authmysql: trying this module
      > Dec 3 11:41:26 www authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/usr/local/virtual', maildir, quota, name, "" FROM mailbox WHERE username = "localuser@localdomain"
      > Dec 3 11:41:26 www authdaemond: password matches successfully
      > Dec 3 11:41:26 www authdaemond: authmysql: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/usr/local/virtual, address=localuser@localdomain, fullname=Dan Blejan, maildir=localuser@localdomain/, quota=0, options=<null>
      > Dec 3 11:41:26 www authdaemond: authmysql: clearpasswd=<null>, passwd=<passwdhash>
      > Dec 3 11:41:26 www authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/usr/local/virtual, address=localuser@localdomain, fullname=Dan Blejan, maildir=localuser@localdomain/, quota=0, options=<null>
      > Dec 3 11:41:26 www authdaemond: Authenticated: clearpasswd=<password>, passwd=<passwdhash>
      > Dec 3 11:41:26 www pop3d: LOGIN, user=localuser@localdomain, ip=[::ffff: xxx.yyy.zzz.www], port=[1215]
      > Dec 3 11:41:26 www pop3d: LOGOUT, user=localuser@localdomain, ip=[::ffff: xxx.yyy.zzz.www], port=[1215], top=0, retr=0, rcvd=6, sent=30, time=0
      > Dec 3 11:41:26 www postfix/smtpd[908]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
      > Dec 3 11:41:28 www postfix/smtpd[908]: warning: xxx.yyy.zzz.www: hostname client200-sebastian.sdn.ro verification failed: Name or service not known
      > Dec 3 11:41:28 www postfix/smtpd[908]: connect from unknown[xxx.yyy.zzz.www]
      > Dec 3 11:41:28 www postfix/smtpd[908]: NOQUEUE: reject: RCPT from unknown[xxx.yyy.zzz.www]: 554 5.7.1 < someuser@... >: Relay access denied; from=<localuser@localdomain> to=< someuser@... > proto=ESMTP helo=<ko>
      >

      the user authenticated to the POP server, but not to postfix.

      some MUAs need:
      broken_sasl_auth_clients = yes

      for more help, please show output of 'postconf -n', and a copy of a
      telnet session:

      # telnet localhost 25
      ...
      EHLO localhost
      ...
      QUIT

      show the response after the EHLO command.
    • Dan Blejan
      Sorry for the mess. Dec 3 11:41:26 www pop3d: Connection, ip=[::ffff: xxx.yyy.zzz.www] Dec 3 11:41:26 www authdaemond: received auth request, service=pop3,
      Message 2 of 11 , Dec 3, 2007
      • 0 Attachment
        Sorry for the mess.

        Dec 3 11:41:26 www pop3d: Connection, ip=[::ffff: xxx.yyy.zzz.www]
        Dec 3 11:41:26 www authdaemond: received auth request, service=pop3, authtype=login
        Dec 3 11:41:26 www authdaemond: authmysql: trying this module
        Dec 3 11:41:26 www authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/usr/local/virtual', maildir, quota, name, "" FROM mailbox WHERE username = "localuser@localdomain"
        Dec 3 11:41:26 www authdaemond: password matches successfully
        Dec 3 11:41:26 www authdaemond: authmysql: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/usr/local/virtual, address=localuser@localdomain, fullname=Dan Blejan, maildir=localuser@localdomain/, quota=0, options=<null>
        Dec 3 11:41:26 www authdaemond: authmysql: clearpasswd=<null>, passwd=<passwdhash>
        Dec 3 11:41:26 www authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/usr/local/virtual, address=localuser@localdomain, fullname=Dan Blejan, maildir=localuser@localdomain/, quota=0, options=<null>
        Dec 3 11:41:26 www authdaemond: Authenticated: clearpasswd=<password>, passwd=<passwdhash>
        Dec 3 11:41:26 www pop3d: LOGIN, user=localuser@localdomain, ip=[::ffff: xxx.yyy.zzz.www], port=[1215]
        Dec 3 11:41:26 www pop3d: LOGOUT, user=localuser@localdomain, ip=[::ffff: xxx.yyy.zzz.www], port=[1215], top=0, retr=0, rcvd=6, sent=30, time=0
        Dec 3 11:41:26 www postfix/smtpd[908]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
        Dec 3 11:41:28 www postfix/smtpd[908]: warning: xxx.yyy.zzz.www: hostname client200-sebastian.sdn.ro verification failed: Name or service not known
        Dec 3 11:41:28 www postfix/smtpd[908]: connect from unknown[xxx.yyy.zzz.www]
        Dec 3 11:41:28 www postfix/smtpd[908]: NOQUEUE: reject: RCPT from unknown[xxx.yyy.zzz.www]: 554 5.7.1 < someuser@... >: Relay access denied; from=<localuser@localdomain> to=< someuser@... > proto=ESMTP helo=<ko>

        -----Original Message-----
        From: owner-postfix-users@... [mailto:owner-postfix-users@...] On Behalf Of Ralf Hildebrandt
        Sent: Monday, December 03, 2007 11:59 AM
        To: postfix-users@...
        Subject: Re: setup postfix whitout mynetworks, just with permit_sasl_authenticated

        * Dan Blejan <dan@...>:
        > I know it's not postfix, but in first place I had to see if authentication was properly done.
        >
        > With:
        >
        > smtpd_recipient_restrictions =
        > permit_sasl_authenticated,
        > reject_unauth_destination,
        > ...
        >
        > same result:
        >
        > NOQUEUE: reject: RCPT from unknown[xxx.yyy.zzz.www]: 554 5.7.1 <someuser@...>: Relay access denied; from=< localuser@localdomain > to=<someuser@...> proto=ESMTP helo=<ko>
        >
        > I don't know where or what to check further...

        Did the client authenticate?
        Show the complete logs for that incident.

        --
        Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
        Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
        http://www.arschkrebs.de
        "Never trust a computer you can't throw out a window."
        -- Steve Wozniak
      • mouss
        ... the user authenticated to the POP server, but not to postfix. some MUAs need: broken_sasl_auth_clients = yes for more help, please show output of postconf
        Message 3 of 11 , Dec 3, 2007
        • 0 Attachment
          Dan Blejan wrote:
          > Sorry for the mess.
          >
          > Dec 3 11:41:26 www pop3d: Connection, ip=[::ffff: xxx.yyy.zzz.www]
          > Dec 3 11:41:26 www authdaemond: received auth request, service=pop3, authtype=login
          > Dec 3 11:41:26 www authdaemond: authmysql: trying this module
          > Dec 3 11:41:26 www authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/usr/local/virtual', maildir, quota, name, "" FROM mailbox WHERE username = "localuser@localdomain"
          > Dec 3 11:41:26 www authdaemond: password matches successfully
          > Dec 3 11:41:26 www authdaemond: authmysql: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/usr/local/virtual, address=localuser@localdomain, fullname=Dan Blejan, maildir=localuser@localdomain/, quota=0, options=<null>
          > Dec 3 11:41:26 www authdaemond: authmysql: clearpasswd=<null>, passwd=<passwdhash>
          > Dec 3 11:41:26 www authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/usr/local/virtual, address=localuser@localdomain, fullname=Dan Blejan, maildir=localuser@localdomain/, quota=0, options=<null>
          > Dec 3 11:41:26 www authdaemond: Authenticated: clearpasswd=<password>, passwd=<passwdhash>
          > Dec 3 11:41:26 www pop3d: LOGIN, user=localuser@localdomain, ip=[::ffff: xxx.yyy.zzz.www], port=[1215]
          > Dec 3 11:41:26 www pop3d: LOGOUT, user=localuser@localdomain, ip=[::ffff: xxx.yyy.zzz.www], port=[1215], top=0, retr=0, rcvd=6, sent=30, time=0
          > Dec 3 11:41:26 www postfix/smtpd[908]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
          > Dec 3 11:41:28 www postfix/smtpd[908]: warning: xxx.yyy.zzz.www: hostname client200-sebastian.sdn.ro verification failed: Name or service not known
          > Dec 3 11:41:28 www postfix/smtpd[908]: connect from unknown[xxx.yyy.zzz.www]
          > Dec 3 11:41:28 www postfix/smtpd[908]: NOQUEUE: reject: RCPT from unknown[xxx.yyy.zzz.www]: 554 5.7.1 < someuser@... >: Relay access denied; from=<localuser@localdomain> to=< someuser@... > proto=ESMTP helo=<ko>
          >

          the user authenticated to the POP server, but not to postfix.

          some MUAs need:
          broken_sasl_auth_clients = yes

          for more help, please show output of 'postconf -n', and a copy of a
          telnet session:

          # telnet localhost 25
          ...
          EHLO localhost
          ...
          QUIT

          show the response after the EHLO command.
        • mouss
          ... Please do not top post. put your replies after the text you reply to. disable CRAM-MD5 and DIGEST-MD5 for now, and retest. only enable them when you have a
          Message 4 of 11 , Dec 3, 2007
          • 0 Attachment
            Dan Blejan wrote:
            > postconf -n:
            >
            > broken_sasl_auth_clients = yes
            > command_directory = /usr/sbin
            > config_directory = /etc/postfix
            > daemon_directory = /usr/libexec/postfix
            > debug_peer_level = 3
            > html_directory = no
            > in_flow_delay = 5s
            > inet_interfaces = all
            > mail_owner = postfix
            > mailq_path = /usr/bin/mailq
            > manpage_directory = /usr/local/man
            > message_size_limit = 20971520
            > mydestination = $myhostname, localhost.$mydomain, localhost
            > mydomain = sdn.ro
            > myhostname = mail.sdn.ro
            > mynetworks = 127.0.0.0/8
            > mynetworks_style = host
            > myorigin = $myhostname
            > newaliases_path = /usr/bin/newaliases
            > proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
            > queue_directory = /var/spool/postfix
            > readme_directory = no
            > relay_domains = $mydestination
            > relayhost =
            > sample_directory = /etc/postfix
            > sendmail_path = /usr/sbin/sendmail
            > setgid_group = postdrop
            > smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, reject_rhsbl_client list.dsbl.org, reject_rhsbl_client bl.spamcop.net, reject_rhsbl_client sbl-xbl.spamhaus.org
            > smtpd_sasl_auth_enable = yes
            > smtpd_sasl_authenticated_header = yes
            > unknown_local_recipient_reject_code = 550
            > virtual_gid_maps = static:1001
            > virtual_mailbox_base = /usr/local/virtual
            > virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
            > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
            > virtual_minimum_uid = 1001
            > virtual_transport = virtual
            > virtual_uid_maps = static:1001
            >
            > telnet:
            >
            > Trying 127.0.0.1...
            > Connected to localhost.
            > Escape character is '^]'.
            > 220 mail.sdn.ro ESMTP Postfix
            > EHLO localhost
            > 250-mail.sdn.ro
            > 250-PIPELINING
            > 250-SIZE 20971520
            > 250-VRFY
            > 250-ETRN
            > 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
            > 250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
            > 250-ENHANCEDSTATUSCODES
            > 250-8BITMIME
            > 250 DSN
            >


            Please do not top post. put your replies after the text you reply to.

            disable CRAM-MD5 and DIGEST-MD5 for now, and retest. only enable them
            when you have a working PLAIN/LOGIN configuration.
          • dan@sdn.ro
            ... The problem was that i used postfixadmin to generate the passwords for accounts, and encryption used by postfixadmin is, by default, md5crypt. I have
            Message 5 of 11 , Dec 4, 2007
            • 0 Attachment
              On Mon, 03 Dec 2007 12:40:02 +0100, mouss <mlist.only@...> wrote:
              > Dan Blejan wrote:
              >> postconf -n:
              >>
              >> broken_sasl_auth_clients = yes
              >> command_directory = /usr/sbin
              >> config_directory = /etc/postfix
              >> daemon_directory = /usr/libexec/postfix
              >> debug_peer_level = 3
              >> html_directory = no
              >> in_flow_delay = 5s
              >> inet_interfaces = all
              >> mail_owner = postfix
              >> mailq_path = /usr/bin/mailq
              >> manpage_directory = /usr/local/man
              >> message_size_limit = 20971520
              >> mydestination = $myhostname, localhost.$mydomain, localhost
              >> mydomain = sdn.ro
              >> myhostname = mail.sdn.ro
              >> mynetworks = 127.0.0.0/8
              >> mynetworks_style = host
              >> myorigin = $myhostname
              >> newaliases_path = /usr/bin/newaliases
              >> proxy_read_maps = $local_recipient_maps $mydestination
              > $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
              > $virtual_mailbox_domains $relay_recipient_maps $relay_domains
              > $canonical_maps $sender_canonical_maps $recipient_canonical_maps
              > $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
              >> queue_directory = /var/spool/postfix
              >> readme_directory = no
              >> relay_domains = $mydestination
              >> relayhost =
              >> sample_directory = /etc/postfix
              >> sendmail_path = /usr/sbin/sendmail
              >> setgid_group = postdrop
              >> smtpd_recipient_restrictions = permit_sasl_authenticated,
              > reject_unauth_destination, reject_rhsbl_client list.dsbl.org,
              > reject_rhsbl_client bl.spamcop.net, reject_rhsbl_client
              > sbl-xbl.spamhaus.org
              >> smtpd_sasl_auth_enable = yes
              >> smtpd_sasl_authenticated_header = yes
              >> unknown_local_recipient_reject_code = 550
              >> virtual_gid_maps = static:1001
              >> virtual_mailbox_base = /usr/local/virtual
              >> virtual_mailbox_domains =
              > mysql:/etc/postfix/mysql_virtual_domains_maps.cf
              >> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
              >> virtual_minimum_uid = 1001
              >> virtual_transport = virtual
              >> virtual_uid_maps = static:1001
              >>
              >> telnet:
              >>
              >> Trying 127.0.0.1...
              >> Connected to localhost.
              >> Escape character is '^]'.
              >> 220 mail.sdn.ro ESMTP Postfix
              >> EHLO localhost
              >> 250-mail.sdn.ro
              >> 250-PIPELINING
              >> 250-SIZE 20971520
              >> 250-VRFY
              >> 250-ETRN
              >> 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
              >> 250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
              >> 250-ENHANCEDSTATUSCODES
              >> 250-8BITMIME
              >> 250 DSN
              >>
              >
              >
              > Please do not top post. put your replies after the text you reply to.
              >
              > disable CRAM-MD5 and DIGEST-MD5 for now, and retest. only enable them
              > when you have a working PLAIN/LOGIN configuration.

              The problem was that i used postfixadmin to generate the passwords for
              accounts, and encryption used by postfixadmin is, by default, md5crypt. I
              have changed passwords to be "cleartext"in postfiadmin config, then I had
              to change authmyslqrc to look for MYSQL_CLEAR_PWFIELD password instead of
              MYSQL_CRYPT_PWFIELD password. Now smtp authentification is ok, i don`t have
              to use smtpd_recipient_restrictions = permit_mynetworks in main.cf.

              Thanks, Dan
            Your message has been successfully submitted and would be delivered to recipients shortly.