Loading ...
Sorry, an error occurred while loading the content.
 

Re: Allowing relay from IP subnet

Expand Messages
  • Viktor Dukhovni
    ... If this were your configuration, logs for connections from these clients would be verbose. Are they? ... This is an Apple-specific customization, make sure
    Message 1 of 4 , Mar 4, 2013
      On Mon, Mar 04, 2013 at 03:03:03PM +0100, Andy Smith wrote:

      > debug_peer_list = 192.168.16.19 192.168.16.141

      If this were your configuration, logs for connections from these
      clients would be verbose. Are they?

      > imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

      This is an Apple-specific customization, make sure it is appropriate
      for your site.

      > mynetworks = 127.0.0.0/8, [::1]/128, 192.168.16.0/24

      This is generally sufficient to permit hosts in 192.168.16.0/24 to
      relay, with no further non-default settings.

      > smtpd_client_restrictions =
      > permit_mynetworks
      > permit_sasl_authenticated
      > permit

      This is pointless, it is equivalent to the default:

      smtpd_client_restrictions =

      Just remove this setting from main.cf.

      > smtpd_recipient_restrictions =
      > permit_mynetworks,
      > reject_unauth_destination

      This is the default setting, just remove this from main.cf (don't
      set it empty, rather don't assign any value at all, e.g. comment
      it out).

      > smtpd_tls_ciphers = medium
      > tls_random_source = dev:/dev/urandom

      These are harmless, but pointless unless you enable TLS via
      "-o ..." options in master.cf.

      > smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

      You should not customize cipher exclusion for no reason. The
      defaults work better.

      Are there any "smtpd -o ..." options in master.cf?

      > use_sacl_cache = yes

      Apple-specific, find out what it does.

      > Mar 4 12:33:52 server.domain.com postfix/smtpd[7340]: connect from
      > unknown[192.168.16.19]
      > Mar 4 12:33:52 server.domain.com postfix/smtpd[7340]: NOQUEUE:
      > reject: RCPT from unknown[192.168.16.19]: 554 5.7.1
      > <asmith@...>: Relay access denied; from=<root@...>
      > to=<asmith@...> proto=ESMTP helo=<iMac-de-Ana-Bru-2.domain.com>
      > Mar 4 12:33:52 server.domain.com postfix/smtpd[7340]: disconnect
      > from unknown[192.168.16.19]

      No evidence of debug logging, likely your Postfix is not using
      the main.cf file you're showing.

      > I'm left with the understanding
      > that smtpd_client_restrictions = permit_mynetworks
      > permit_sasl_authenticated permit should be sufficient but it doesnt
      > work.

      This setting has no effect at all.

      > I also tried adding the smtpd_recipient_restrictions config
      > line as this wasn't present initially, but this made no difference.

      This is the default, and permits clients in mynetworks. So likely
      your server is using a different main.cf file.

      --
      Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.