Loading ...
Sorry, an error occurred while loading the content.

Separate postfix server for mail submission (MSA)

Expand Messages
  • ML mail
    Hi, I would like to setup a separate postfix server just for mail submission (MSA on port 587) for the users to be able to send mails. Authentication will be
    Message 1 of 12 , Mar 20, 2014
    • 0 Attachment
      Hi,

      I would like to setup a separate postfix server just for mail submission (MSA on port 587) for the users to be able to send mails. Authentication will be done using SASL with type dovecot over a dovecot auth service listening on a TCP port on another (mailboxes) server.

      Is there any guides or best practices for this purpose? I could not find anything on postfix.org.

      Regards,
      ML
    • Wijatmoko U. Prayitno
      On Thu, 20 Mar 2014 03:46:22 -0700 (PDT) ... http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
      Message 2 of 12 , Mar 20, 2014
      • 0 Attachment
        On Thu, 20 Mar 2014 03:46:22 -0700 (PDT)
        ML mail <mlnospam@...> wrote:

        > Authentication will be done using SASL with type dovecot over a
        > dovecot auth service listening on a TCP port on another (mailboxes)
        > server.
        >
        http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

        > Is there any guides or best practices for this purpose? I could not
        > find anything on postfix.org. Regards,
        > ML
      • ML mail
        That s actually the guide I have followed but I thought there must be something missing because I alwayse get the following Access denied error message: Mar 20
        Message 3 of 12 , Mar 20, 2014
        • 0 Attachment
          That's actually the guide I have followed but I thought there must be something missing because I alwayse get the following Access denied error message:

          Mar 20 12:22:38 debian postfix/submission/smtpd[18467]: NOQUEUE: reject: RCPT from unknown[192.168.10.152]: 554 5.7.1 <unknown[192.168.10.152]>: Client host rejected: Access denied; from=<test@...> to=<validemail@...> proto=ESMTP helo=<desktop.local>

          What could I have done wrong here?



          On Thursday, March 20, 2014 12:18 PM, Wijatmoko U. Prayitno <koko@...> wrote:
          On Thu, 20 Mar 2014 03:46:22 -0700 (PDT)
          ML mail <mlnospam@...> wrote:

          > Authentication will be done using SASL with type dovecot over a
          > dovecot auth service listening on a TCP port on another (mailboxes)
          > server.
          >
          http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL


          > Is there any guides or best practices for this purpose? I could not
          > find anything on postfix.org. Regards,
          > ML


        • lists@rhsoft.net
          ... don t top-post in HTML that is only one log line - where is the evidence that the sender used authentication at all and where is the output of postconf
          Message 4 of 12 , Mar 20, 2014
          • 0 Attachment
            Am 20.03.2014 12:24, schrieb ML mail:
            > That's actually the guide I have followed but I thought there must be something missing because I alwayse get the
            > following Access denied error message:
            >
            > Mar 20 12:22:38 debian postfix/submission/smtpd[18467]: NOQUEUE: reject: RCPT from unknown[192.168.10.152]: 554
            > 5.7.1 <unknown[192.168.10.152]>: Client host rejected: Access denied; from=<test@...>
            > to=<validemail@...> proto=ESMTP helo=<desktop.local>
            >
            > What could I have done wrong here?

            don't top-post in HTML

            that is only one log line - where is the evidence that the sender
            used authentication at all and where is the output of "postconf -n"
            as statet in the weclome message?
          • Wijatmoko U. Prayitno
            On Thu, 20 Mar 2014 04:24:47 -0700 (PDT) ... http://www.postfix.org/DEBUG_README.html#mail
            Message 5 of 12 , Mar 20, 2014
            • 0 Attachment
              On Thu, 20 Mar 2014 04:24:47 -0700 (PDT)
              ML mail <mlnospam@...> wrote:

              > That's actually the guide I have followed but I thought there must be
              > something missing because I alwayse get the following Access denied
              > error message:
              >
              >
              > Mar 20 12:22:38 debian postfix/submission/smtpd[18467]: NOQUEUE:
              > reject: RCPT from unknown[192.168.10.152]: 554 5.7.1 <unknown
              > [192.168.10.152]>: Client host rejected: Access denied;
              > from=<test@...> to=<validemail@...> proto=ESMTP
              > helo=<desktop.local>
              >
              > What could I have done wrong here?
              >
              http://www.postfix.org/DEBUG_README.html#mail
            • ML mail
              On Thursday, March 20, 2014 12:29 PM, lists@rhsoft.net wrote: ... don t top-post in HTML that is only one log line - where is the evidence
              Message 6 of 12 , Mar 20, 2014
              • 0 Attachment

                On Thursday, March 20, 2014 12:29 PM, "lists@..." <lists@...> wrote:


                Am 20.03.2014 12:24, schrieb ML mail:
                > That's actually the guide I have followed but I thought there must be something missing because I alwayse get the
                > following Access denied error message:
                >
                > Mar 20 12:22:38 debian postfix/submission/smtpd[18467]: NOQUEUE: reject: RCPT from unknown[192.168.10.152]: 554
                > 5.7.1 <unknown[192.168.10.152]>: Client host rejected: Access denied; from=<test@...>
                > to=<validemail@...> proto=ESMTP helo=<desktop.local>
                >
                > What could I have done wrong here?


                don't top-post in HTML

                that is only one log line - where is the evidence that the sender
                used authentication at all and where is the output of "postconf -n"
                as statet in the weclome message?

                Sorry about that. Here below is the output of a postconf -n:

                append_dot_mydomain = no
                biff = no
                config_directory = /etc/postfix
                default_transport = smtp
                inet_interfaces = all
                inet_protocols = all
                mailbox_command = procmail -a "$EXTENSION"
                mailbox_size_limit = 0
                mydestination = debian, localhost
                mynetworks = 127.0.0.0/8 111.1111.111.0/24 [::1]/128 [fe80::]/64
                readme_directory = no
                recipient_delimiter = +
                relay_transport = smtp
                relayhost =
                smtp_sasl_auth_enable = yes
                smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
                smtpd_sasl_path = inet:111.111.111.112:12345
                smtpd_sasl_type = dovecot
                smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
                smtpd_tls_key_file = /etc/ssl/private/key.pem
                smtpd_tls_security_level = may
                smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
                smtpd_use_tls = yes


              • Wijatmoko U. Prayitno
                On Thu, 20 Mar 2014 04:38:29 -0700 (PDT) ... main dot cf: smtpd_client_restrictions = permit_sasl_authenticated
                Message 7 of 12 , Mar 20, 2014
                • 0 Attachment
                  On Thu, 20 Mar 2014 04:38:29 -0700 (PDT)
                  ML mail <mlnospam@...> wrote:

                  > Sorry about that. Here below is the output of a postconf -n:
                  >
                  > append_dot_mydomain = no
                  > biff = no
                  > config_directory = /etc/postfix
                  > default_transport = smtp
                  > inet_interfaces = all
                  > inet_protocols = all
                  > mailbox_command = procmail -a "$EXTENSION"
                  > mailbox_size_limit = 0
                  > mydestination = debian, localhost
                  > mynetworks = 127.0.0.0/8 111.1111.111.0/24 [::1]/128 [fe80::]/64
                  > readme_directory = no
                  > recipient_delimiter = +
                  > relay_transport = smtp
                  > relayhost =
                  > smtp_sasl_auth_enable = yes
                  > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                  > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
                  > smtpd_sasl_path = inet:111.111.111.112:12345
                  > smtpd_sasl_type = dovecot
                  > smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
                  > smtpd_tls_key_file = /etc/ssl/private/key.pem
                  > smtpd_tls_security_level = may
                  > smtpd_tls_session_cache_database = btree:
                  > ${data_directory}/smtpd_scache smtpd_use_tls = yes

                  main dot cf:

                  smtpd_client_restrictions = permit_sasl_authenticated
                • ML mail
                  On Thursday, March 20, 2014 12:48 PM, Wijatmoko U. Prayitno wrote: On Thu, 20 Mar 2014 04:38:29 -0700 (PDT) ... main dot cf:
                  Message 8 of 12 , Mar 20, 2014
                  • 0 Attachment



                    On Thursday, March 20, 2014 12:48 PM, Wijatmoko U. Prayitno <koko@...> wrote:
                    On Thu, 20 Mar 2014 04:38:29 -0700 (PDT)

                    ML mail <mlnospam@...> wrote:

                    > Sorry about that. Here below is the output of a postconf -n:
                    >
                    > append_dot_mydomain = no
                    > biff = no
                    > config_directory = /etc/postfix
                    > default_transport = smtp
                    > inet_interfaces = all
                    > inet_protocols = all
                    > mailbox_command = procmail -a "$EXTENSION"
                    > mailbox_size_limit = 0
                    > mydestination = debian, localhost
                    > mynetworks = 127.0.0.0/8 111.1111.111.0/24 [::1]/128 [fe80::]/64
                    > readme_directory = no
                    > recipient_delimiter = +
                    > relay_transport = smtp
                    > relayhost =
                    > smtp_sasl_auth_enable = yes
                    > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                    > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
                    > smtpd_sasl_path = inet:111.111.111.112:12345
                    > smtpd_sasl_type = dovecot
                    > smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
                    > smtpd_tls_key_file = /etc/ssl/private/key.pem
                    > smtpd_tls_security_level = may
                    > smtpd_tls_session_cache_database = btree:
                    > ${data_directory}/smtpd_scache smtpd_use_tls = yes


                    main dot cf:

                    smtpd_client_restrictions = permit_sasl_authenticated



                    I tried that one but it did not help. Here is also the submission entry I am using on my master.cf file:

                    submission inet n - - - - smtpd -v
                      -o smtpd_tls_security_level=encrypt
                      -o smtpd_sasl_auth_enable=yes
                      -o smtpd_sasl_type=dovecot
                      -o smtpd_sasl_path=inet:111.111.111.112:12345
                      -o smtpd_sasl_security_options=noanonymous
                      -o smtpd_sasl_local_domain=$myhostname
                      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
                      -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

                  • ML mail
                    On , ML mail wrote: On Thursday, March 20, 2014 12:48 PM, Wijatmoko U. Prayitno wrote: On Thu, 20 Mar 2014 04:38:29
                    Message 9 of 12 , Mar 20, 2014
                    • 0 Attachment



                      On , ML mail <mlnospam@...> wrote:



                      On Thursday, March 20, 2014 12:48 PM, Wijatmoko U. Prayitno <koko@...> wrote:
                      On Thu, 20 Mar 2014 04:38:29 -0700 (PDT)

                      ML mail <mlnospam@...> wrote:

                      > Sorry about that. Here below is the output of a postconf -n:
                      >
                      > append_dot_mydomain = no
                      > biff = no
                      > config_directory = /etc/postfix
                      > default_transport = smtp
                      > inet_interfaces = all
                      > inet_protocols = all
                      > mailbox_command = procmail -a "$EXTENSION"
                      > mailbox_size_limit = 0
                      > mydestination = debian, localhost
                      > mynetworks = 127.0.0.0/8 111.1111.111.0/24 [::1]/128 [fe80::]/64
                      > readme_directory = no
                      > recipient_delimiter = +
                      > relay_transport = smtp
                      > relayhost =
                      > smtp_sasl_auth_enable = yes
                      > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                      > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
                      > smtpd_sasl_path = inet:111.111.111.112:12345
                      > smtpd_sasl_type = dovecot
                      > smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
                      > smtpd_tls_key_file = /etc/ssl/private/key.pem
                      > smtpd_tls_security_level = may
                      > smtpd_tls_session_cache_database = btree:
                      > ${data_directory}/smtpd_scache smtpd_use_tls = yes


                      main dot cf:

                      smtpd_client_restrictions = permit_sasl_authenticated



                      I tried that one but it did not help. Here is also the submission entry I am using on my master.cf file:

                      submission inet n - - - - smtpd -v
                        -o smtpd_tls_security_level=encrypt
                        -o smtpd_sasl_auth_enable=yes
                        -o smtpd_sasl_type=dovecot
                        -o smtpd_sasl_path=inet:111.111.111.112:12345
                        -o smtpd_sasl_security_options=noanonymous
                        -o smtpd_sasl_local_domain=$myhostname
                        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
                        -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject


                      Sorry my fault, it is working now! I have forgotten to add user authentication into my mail client for testing :(

                    • lists@rhsoft.net
                      ... you still posting in HTML - stop that! show us the complete log starting with the connection line down to the rejection - you still did not show any
                      Message 10 of 12 , Mar 20, 2014
                      • 0 Attachment
                        Am 20.03.2014 13:11, schrieb ML mail:
                        >> Sorry about that. Here below is the output of a postconf -n:
                        >>
                        >> append_dot_mydomain = no
                        >> biff = no
                        >> config_directory = /etc/postfix
                        >> default_transport = smtp
                        >> inet_interfaces = all
                        >> inet_protocols = all
                        >> mailbox_command = procmail -a "$EXTENSION"
                        >> mailbox_size_limit = 0
                        >> mydestination = debian, localhost
                        >> mynetworks = 127.0.0.0/8 111.1111.111.0/24 [::1]/128 [fe80::]/64
                        >> readme_directory = no
                        >> recipient_delimiter = +
                        >> relay_transport = smtp
                        >> relayhost =
                        >> smtp_sasl_auth_enable = yes
                        >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                        >> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
                        >> smtpd_sasl_path = inet:111.111.111.112:12345
                        >> smtpd_sasl_type = dovecot
                        >> smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
                        >> smtpd_tls_key_file = /etc/ssl/private/key.pem
                        >> smtpd_tls_security_level = may
                        >> smtpd_tls_session_cache_database = btree:
                        >> ${data_directory}/smtpd_scache smtpd_use_tls = yes
                        >
                        > main dot cf:
                        >
                        > smtpd_client_restrictions = permit_sasl_authenticated
                        >
                        > I tried that one but it did not help. Here is also the submission entry I am using on my master.cf file:
                        >
                        > submission inet n - - - - smtpd -v
                        > -o smtpd_tls_security_level=encrypt
                        > -o smtpd_sasl_auth_enable=yes
                        > -o smtpd_sasl_type=dovecot
                        > -o smtpd_sasl_path=inet:111.111.111.112:12345
                        > -o smtpd_sasl_security_options=noanonymous
                        > -o smtpd_sasl_local_domain=$myhostname
                        > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
                        > -o
                        > smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

                        you still posting in HTML - stop that!

                        show us the complete log starting with the connection line down
                        to the rejection - you still did not show any evidence that
                        the client used authentication at all
                      • lists@rhsoft.net
                        why do you still post in HTML? ... and that is what i said in my first reply: that is only one log line - where is the evidence that the sender used
                        Message 11 of 12 , Mar 20, 2014
                        • 0 Attachment
                          why do you still post in HTML?

                          Am 20.03.2014 13:16, schrieb ML mail:
                          > Sorry my fault, it is working now! I have forgotten to add user
                          > authentication into my mail client for testing :(

                          and that is what i said in my first reply:
                          that is only one log line - where is the evidence that the sender
                          used authentication at all and where is the output of "postconf -n"
                          as statet in the weclome message?
                        • ML mail
                          On Thursday, March 20, 2014 1:23 PM, lists@rhsoft.net wrote: why do you still post in HTML? ... and that is what i said in my first reply:
                          Message 12 of 12 , Mar 20, 2014
                          • 0 Attachment



                            On Thursday, March 20, 2014 1:23 PM, "lists@..." <lists@...> wrote:
                            why do you still post in HTML?

                            Am 20.03.2014 13:16, schrieb ML mail:
                            > Sorry my fault, it is working now! I have forgotten to add user
                            > authentication into my mail client for testing :(


                            and that is what i said in my first reply:
                            that is only one log line - where is the evidence that the sender
                            used authentication at all and where is the output of "postconf -n"
                            as statet in the weclome message?



                            Yes, now I get what you meant with the single line of the log file... Thanks again for the hints!
                          Your message has been successfully submitted and would be delivered to recipients shortly.