Loading ...
Sorry, an error occurred while loading the content.

530 5.7.1 Authentication required

Expand Messages
  • Luigi Cirillo
    How can I enable the authentication before the MAIL FROM: dummy@dummy.com command? I tried with: smtpd_tls_auth_only = yes in main.cf and in master.cf: -o
    Message 1 of 7 , Jun 18, 2014
    • 0 Attachment
      How can I enable the authentication before the "MAIL FROM:
      dummy@..." command?
      I tried with:
      smtpd_tls_auth_only = yes in main.cf

      and in master.cf:
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_sasl_auth_enable=yes

      But it not work, I can still send any email from remote with telnet.

      This is my main.cf:
      ################################################
      # See /usr/share/postfix/main.cf.dist for a commented, more complete version


      # Debian specific: Specifying a file name will cause the first
      # line of that file to be used as the name. The Debian default
      # is /etc/mailname.
      #myorigin = /etc/mailname

      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
      biff = no

      # appending .domain is the MUA's job.
      append_dot_mydomain = no

      # Uncomment the next line to generate "delayed mail" warnings
      #delay_warning_time = 4h

      readme_directory = no

      # TLS parameters
      smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
      smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
      smtpd_use_tls=yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtpd_tls_auth_only = yes

      # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
      # information on enabling SSL in the smtp client.

      myhostname = myhost.mydomain.com
      alias_maps = hash:/etc/aliases
      alias_database = hash:/etc/aliases
      myorigin = /etc/mailname
      mydestination = myhost.mydomain.com, localhost.mydomain.com, , localhost
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
      mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      virtual_alias_maps = hash:/etc/postfix/virtual
      sender_bcc_maps = hash:/etc/postfix/bcc
      home_mailbox = Maildir/
      smtpd_sasl_auth_enable = yes
      broken_sasl_auth_clients = yes
      smtpd_recipient_restrictions = reject_unauth_pipelining
      permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient
      reject_unknown_recipient_domain reject_unauth_destination permit
      allow_percent_hack = no
      milter_default_action = accept
      milter_protocol = 2
      smtpd_milters = inet:localhost:8891
      non_smtpd_milters = inet:localhost:8891
      inet_protocols = all
      transport_maps = hash:/etc/postfix/transport
      sender_canonical_maps = hash:/etc/postfix/Tables-for-sender-addresses
      canonical_maps = hash:/etc/postfix/Address-mapping-lookup-tables
      recipient_canonical_maps = hash:/etc/postfix/Tables-for-recipient-addresses
      sender_dependent_default_transport_maps =
      hash:/etc/postfix/Sender-Dependent-Transport-Mapping
      smtpd_tls_security_level = may
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
      smtpd_sender_restrictions = permit_sasl_authenticated,
      permit_mynetworks, reject_non_fqdn_sender,
      reject_unknown_sender_domain, reject_unauth_pipelining, permit
      ######################################

      This is my master.cf:
      #########################################
      #
      # Postfix master process configuration file. For details on the format
      # of the file, see the master(5) manual page (command: "man 5 master").
      #
      # Do not forget to execute "postfix reload" after editing this file.
      #
      # ==========================================================================
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      # ==========================================================================
      smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
      #smtp inet n - - - 1 postscreen
      #smtpd pass - - - - - smtpd
      #dnsblog unix - - - - 0 dnsblog
      #tlsproxy unix - - - - 0 tlsproxy
      submission inet n - - - - smtpd
      -o syslog_name=postfix/submission
      # -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
      #smtps inet n - - - - smtpd
      # -o syslog_name=postfix/smtps
      # -o smtpd_tls_wrappermode=yes
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING
      #628 inet n - - - - qmqpd
      pickup fifo n - - 60 1 pickup
      cleanup unix n - - - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      #qmgr fifo n - n 300 1 oqmgr
      tlsmgr unix - - - 1000? 1 tlsmgr
      rewrite unix - - - - - trivial-rewrite
      bounce unix - - - - 0 bounce
      defer unix - - - - 0 bounce
      trace unix - - - - 0 bounce
      verify unix - - - - 1 verify
      flush unix n - - 1000? 0 flush
      proxymap unix - - n - - proxymap
      proxywrite unix - - n - 1 proxymap
      smtp unix - - - - - smtp
      relay unix - - - - - smtp
      # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - - - - showq
      error unix - - - - - error
      retry unix - - - - - error
      discard unix - - - - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - - - - lmtp
      anvil unix - - - - 1 anvil
      scache unix - - - - 1 scache
      #
      # ====================================================================
      # Interfaces to non-Postfix software. Be sure to examine the manual
      # pages of the non-Postfix software to find out what options it wants.
      #
      # Many of the following services use the Postfix pipe(8) delivery
      # agent. See the pipe(8) man page for information about ${recipient}
      # and other message envelope options.
      # ====================================================================
      #
      # maildrop. See the Postfix MAILDROP_README file for details.
      # Also specify in main.cf: maildrop_destination_recipient_limit=1
      #
      maildrop unix - n n - - pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
      #
      # ====================================================================
      #
      # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
      #
      # Specify in cyrus.conf:
      # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
      #
      # Specify in main.cf one or more of the following:
      # mailbox_transport = lmtp:inet:localhost
      # virtual_transport = lmtp:inet:localhost
      #
      # ====================================================================
      #
      # Cyrus 2.1.5 (Amos Gouaux)
      # Also specify in main.cf: cyrus_destination_recipient_limit=1
      #
      #cyrus unix - n n - - pipe
      # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
      #
      # ====================================================================
      # Old example of delivery via Cyrus.
      #
      #old-cyrus unix - n n - - pipe
      # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
      #
      # ====================================================================
      #
      # See the Postfix UUCP_README file for configuration details.
      #
      uucp unix - n n - - pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
      #
      # Other external delivery methods.
      #
      ifmail unix - n n - - pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      bsmtp unix - n n - - pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
      scalemail-backend unix - n n - 2 pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
      ${nexthop} ${user} ${extension}
      mailman unix - n n - - pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
      ##################################################
    • Wietse Venema
      ... smtpd_client_restrictions = permit_sasl_authenticated, reject This will reject all RCPT TO commands. That is good enough. Wietse
      Message 2 of 7 , Jun 18, 2014
      • 0 Attachment
        Luigi Cirillo:
        > How can I enable the authentication before the "MAIL FROM:
        > dummy@..." command?

        smtpd_client_restrictions = permit_sasl_authenticated, reject

        This will reject all RCPT TO commands. That is good enough.

        Wietse
      • Luigi Cirillo
        Thank you Wietse, I have the option -o smtpd_client_restrictions=permit_sasl_authenticated,reject enabled for submission inet n - - -
        Message 3 of 7 , Jun 18, 2014
        • 0 Attachment
          Thank you Wietse, I have the option "-o
          smtpd_client_restrictions=permit_sasl_authenticated,reject enabled"
          for submission "inet n - - - - smtpd", I
          think it is the same.
          I continue to send emails from telnet and postfix does not ask for auth.

          On Wed, Jun 18, 2014 at 5:34 PM, Wietse Venema <wietse@...> wrote:
          > Luigi Cirillo:
          >> How can I enable the authentication before the "MAIL FROM:
          >> dummy@..." command?
          >
          > smtpd_client_restrictions = permit_sasl_authenticated, reject
          >
          > This will reject all RCPT TO commands. That is good enough.
          >
          > Wietse
        • Wietse Venema
          ... With smtpd_client_restrictions=permit_sasl_authenticated,reject , the Postfix SMTP daemon rejects all RCPT TO commands. If you claim it does not reject
          Message 4 of 7 , Jun 18, 2014
          • 0 Attachment
            Luigi Cirillo:
            > Thank you Wietse, I have the option "-o
            > smtpd_client_restrictions=permit_sasl_authenticated,reject enabled"
            > for submission "inet n - - - - smtpd", I
            > think it is the same.
            > I continue to send emails from telnet and postfix does not ask for auth.

            With "smtpd_client_restrictions=permit_sasl_authenticated,reject",
            the Postfix SMTP daemon rejects all RCPT TO commands.

            If you claim it does not reject all RCPT TO commands, then you have
            to show concrete evidence instead of a vague eye witness report.

            Show concrete configuration, show concrete evidence that you are
            using that configuration and that you did not forget to "postfix
            reload", show concrete evidence that Postfix SMTP daemon does not
            reject RCPT TO commands.

            Wietse
          • Luigi Cirillo
            Ok, sorry Wietse, this is the telnet output I changed the domain (mydomain), host(myhost), the computer I connect with telnet (myremote-client-telnet) and my
            Message 5 of 7 , Jun 18, 2014
            • 0 Attachment
              Ok, sorry Wietse,
              this is the telnet output I changed the domain (mydomain),
              host(myhost), the computer I connect with telnet
              (myremote-client-telnet) and my ip(0.0.0.0)... for privacy:
              ############################################
              telnet smtp.mydomain.com 25
              Trying 81.4.108.167...
              Connected to mydomain.com.
              Escape character is '^]'.
              220 myhost.mydomain.com ESMTP Postfix (Debian/GNU)
              ehlo mydomain.com
              250-myhost.mydomain.com
              250-PIPELINING
              250-SIZE 10240000
              250-VRFY
              250-ETRN
              250-STARTTLS
              250-ENHANCEDSTATUSCODES
              250-8BITMIME
              250 DSN
              MAIL FROM: boh@...
              250 2.1.0 Ok
              RCPT TO: info@...
              250 2.1.5 Ok
              data
              354 End data with <CR><LF>.<CR><LF>
              test,
              dbcdhbcebce.
              .
              250 2.0.0 Ok: queued as D9CBE25001A1
              quit
              221 2.0.0 Bye
              Connection closed by foreign host.
              ###########################################

              mail.log after the postfix restart:
              ##############################################
              Jun 18 18:26:03 myhost postfix/master[4899]: terminating on signal 15
              Jun 18 18:26:03 myhost postfix/master[10205]: daemon started --
              version 2.9.6, configuration /etc/postfix
              Jun 18 18:26:09 myhost postfix/smtpd[10314]: connect from
              myremote-client-telnet[0.0.0.0]
              Jun 18 18:26:29 myhost postfix/smtpd[10314]: D9CBE25001A1:
              client=myremote-client-telnet[0.0.0.0]
              Jun 18 18:26:43 myhost postfix/cleanup[10685]: D9CBE25001A1: message-id=<>
              Jun 18 18:26:43 myhost opendkim[14320]: D9CBE25001A1: can't determine
              message sender; accepting
              Jun 18 18:26:43 myhost postfix/qmgr[10209]: D9CBE25001A1:
              from=<boh@...>, size=301, nrcpt=1 (queue active)
              Jun 18 18:26:47 myhost postfix/smtpd[10314]: disconnect from
              myremote-client-telnet[0.0.0.0]
              Jun 18 18:26:47 myhost postfix/local[10907]: D9CBE25001A1:
              to=<virtualemail.user@...>,
              orig_to=<info@...>, relay=local, delay=20, delays=16/0/0/3.8,
              dsn=2.0.0, status=sent (delivered to command:
              /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
              Jun 18 18:26:47 myhost postfix/cleanup[10685]: 8D2EC25001A2: message-id=<>
              Jun 18 18:26:47 myhost postfix/qmgr[10209]: 8D2EC25001A2:
              from=<boh@...>, size=470, nrcpt=1 (queue active)
              Jun 18 18:26:47 myhost postfix/local[10907]: D9CBE25001A1:
              to=<virtualemail.user@...>,
              orig_to=<info@...>, relay=local, delay=20, delays=16/0/0/3.8,
              dsn=2.0.0, status=sent (forwarded as 8D2EC25001A2)
              Jun 18 18:26:47 myhost postfix/qmgr[10209]: D9CBE25001A1: removed
              ############################################################

              main.cf (the same of the first email):
              ############################################################
              # See /usr/share/postfix/main.cf.dist for a commented, more complete version


              # Debian specific: Specifying a file name will cause the first
              # line of that file to be used as the name. The Debian default
              # is /etc/mailname.
              #myorigin = /etc/mailname

              smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
              biff = no

              # appending .domain is the MUA's job.
              append_dot_mydomain = no

              # Uncomment the next line to generate "delayed mail" warnings
              #delay_warning_time = 4h

              readme_directory = no

              # TLS parameters
              smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
              smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
              smtpd_use_tls=yes
              smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
              smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
              smtpd_tls_auth_only = yes

              # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
              # information on enabling SSL in the smtp client.

              myhostname = myhost.mydomain.com
              alias_maps = hash:/etc/aliases
              alias_database = hash:/etc/aliases
              myorigin = /etc/mailname
              mydestination = myhost.mydomain.com, localhost.mydomain.com, , localhost
              mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
              mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
              mailbox_size_limit = 0
              recipient_delimiter = +
              inet_interfaces = all
              virtual_alias_maps = hash:/etc/postfix/virtual
              sender_bcc_maps = hash:/etc/postfix/bcc
              home_mailbox = Maildir/
              smtpd_sasl_auth_enable = yes
              broken_sasl_auth_clients = yes
              smtpd_recipient_restrictions = reject_unauth_pipelining
              permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient
              reject_unknown_recipient_domain reject_unauth_destination permit
              allow_percent_hack = no
              milter_default_action = accept
              milter_protocol = 2
              smtpd_milters = inet:localhost:8891
              non_smtpd_milters = inet:localhost:8891
              inet_protocols = all
              transport_maps = hash:/etc/postfix/transport
              sender_canonical_maps = hash:/etc/postfix/Tables-for-sender-addresses
              canonical_maps = hash:/etc/postfix/Address-mapping-lookup-tables
              recipient_canonical_maps = hash:/etc/postfix/Tables-for-recipient-addresses
              sender_dependent_default_transport_maps =
              hash:/etc/postfix/Sender-Dependent-Transport-Mapping
              smtpd_tls_security_level = may
              smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
              smtpd_sender_restrictions = permit_sasl_authenticated,
              permit_mynetworks, reject_non_fqdn_sender,
              reject_unknown_sender_domain, reject_unauth_pipelining, permit
              #######################################################


              master.cf (the same of the first email):
              ############################################################
              #
              # Postfix master process configuration file. For details on the format
              # of the file, see the master(5) manual page (command: "man 5 master").
              #
              # Do not forget to execute "postfix reload" after editing this file.
              #
              # ==========================================================================
              # service type private unpriv chroot wakeup maxproc command + args
              # (yes) (yes) (yes) (never) (100)
              # ==========================================================================
              smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
              #smtp inet n - - - 1 postscreen
              #smtpd pass - - - - - smtpd
              #dnsblog unix - - - - 0 dnsblog
              #tlsproxy unix - - - - 0 tlsproxy
              submission inet n - - - - smtpd
              -o syslog_name=postfix/submission
              # -o smtpd_tls_security_level=encrypt
              -o smtpd_sasl_auth_enable=yes
              -o smtpd_client_restrictions=permit_sasl_authenticated,reject
              -o milter_macro_daemon_name=ORIGINATING
              #smtps inet n - - - - smtpd
              # -o syslog_name=postfix/smtps
              # -o smtpd_tls_wrappermode=yes
              # -o smtpd_sasl_auth_enable=yes
              # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
              # -o milter_macro_daemon_name=ORIGINATING
              #628 inet n - - - - qmqpd
              pickup fifo n - - 60 1 pickup
              cleanup unix n - - - 0 cleanup
              qmgr fifo n - n 300 1 qmgr
              #qmgr fifo n - n 300 1 oqmgr
              tlsmgr unix - - - 1000? 1 tlsmgr
              rewrite unix - - - - - trivial-rewrite
              bounce unix - - - - 0 bounce
              defer unix - - - - 0 bounce
              trace unix - - - - 0 bounce
              verify unix - - - - 1 verify
              flush unix n - - 1000? 0 flush
              proxymap unix - - n - - proxymap
              proxywrite unix - - n - 1 proxymap
              smtp unix - - - - - smtp
              relay unix - - - - - smtp
              # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
              showq unix n - - - - showq
              error unix - - - - - error
              retry unix - - - - - error
              discard unix - - - - - discard
              local unix - n n - - local
              virtual unix - n n - - virtual
              lmtp unix - - - - - lmtp
              anvil unix - - - - 1 anvil
              scache unix - - - - 1 scache
              #
              # ====================================================================
              # Interfaces to non-Postfix software. Be sure to examine the manual
              # pages of the non-Postfix software to find out what options it wants.
              #
              # Many of the following services use the Postfix pipe(8) delivery
              # agent. See the pipe(8) man page for information about ${recipient}
              # and other message envelope options.
              # ====================================================================
              #
              # maildrop. See the Postfix MAILDROP_README file for details.
              # Also specify in main.cf: maildrop_destination_recipient_limit=1
              #
              maildrop unix - n n - - pipe
              flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
              #
              # ====================================================================
              #
              # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
              #
              # Specify in cyrus.conf:
              # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
              #
              # Specify in main.cf one or more of the following:
              # mailbox_transport = lmtp:inet:localhost
              # virtual_transport = lmtp:inet:localhost
              #
              # ====================================================================
              #
              # Cyrus 2.1.5 (Amos Gouaux)
              # Also specify in main.cf: cyrus_destination_recipient_limit=1
              #
              #cyrus unix - n n - - pipe
              # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
              #
              # ====================================================================
              # Old example of delivery via Cyrus.
              #
              #old-cyrus unix - n n - - pipe
              # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
              #
              # ====================================================================
              #
              # See the Postfix UUCP_README file for configuration details.
              #
              uucp unix - n n - - pipe
              flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
              #
              # Other external delivery methods.
              #
              ifmail unix - n n - - pipe
              flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
              bsmtp unix - n n - - pipe
              flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
              scalemail-backend unix - n n - 2 pipe
              flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
              ${nexthop} ${user} ${extension}
              mailman unix - n n - - pipe
              flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
              ${nexthop} ${user}

              #submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
              #############################################################

              On Wed, Jun 18, 2014 at 5:21 PM, Luigi Cirillo <appost2@...> wrote:
              > How can I enable the authentication before the "MAIL FROM:
              > dummy@..." command?
              > I tried with:
              > smtpd_tls_auth_only = yes in main.cf
              >
              > and in master.cf:
              > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
              > -o smtpd_sasl_auth_enable=yes
              >
              > But it not work, I can still send any email from remote with telnet.
              >
              > This is my main.cf:
              > ################################################
              > # See /usr/share/postfix/main.cf.dist for a commented, more complete version
              >
              >
              > # Debian specific: Specifying a file name will cause the first
              > # line of that file to be used as the name. The Debian default
              > # is /etc/mailname.
              > #myorigin = /etc/mailname
              >
              > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
              > biff = no
              >
              > # appending .domain is the MUA's job.
              > append_dot_mydomain = no
              >
              > # Uncomment the next line to generate "delayed mail" warnings
              > #delay_warning_time = 4h
              >
              > readme_directory = no
              >
              > # TLS parameters
              > smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
              > smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
              > smtpd_use_tls=yes
              > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
              > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
              > smtpd_tls_auth_only = yes
              >
              > # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
              > # information on enabling SSL in the smtp client.
              >
              > myhostname = myhost.mydomain.com
              > alias_maps = hash:/etc/aliases
              > alias_database = hash:/etc/aliases
              > myorigin = /etc/mailname
              > mydestination = myhost.mydomain.com, localhost.mydomain.com, , localhost
              > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
              > mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
              > mailbox_size_limit = 0
              > recipient_delimiter = +
              > inet_interfaces = all
              > virtual_alias_maps = hash:/etc/postfix/virtual
              > sender_bcc_maps = hash:/etc/postfix/bcc
              > home_mailbox = Maildir/
              > smtpd_sasl_auth_enable = yes
              > broken_sasl_auth_clients = yes
              > smtpd_recipient_restrictions = reject_unauth_pipelining
              > permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient
              > reject_unknown_recipient_domain reject_unauth_destination permit
              > allow_percent_hack = no
              > milter_default_action = accept
              > milter_protocol = 2
              > smtpd_milters = inet:localhost:8891
              > non_smtpd_milters = inet:localhost:8891
              > inet_protocols = all
              > transport_maps = hash:/etc/postfix/transport
              > sender_canonical_maps = hash:/etc/postfix/Tables-for-sender-addresses
              > canonical_maps = hash:/etc/postfix/Address-mapping-lookup-tables
              > recipient_canonical_maps = hash:/etc/postfix/Tables-for-recipient-addresses
              > sender_dependent_default_transport_maps =
              > hash:/etc/postfix/Sender-Dependent-Transport-Mapping
              > smtpd_tls_security_level = may
              > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
              > smtpd_sender_restrictions = permit_sasl_authenticated,
              > permit_mynetworks, reject_non_fqdn_sender,
              > reject_unknown_sender_domain, reject_unauth_pipelining, permit
              > ######################################
              >
              > This is my master.cf:
              > #########################################
              > #
              > # Postfix master process configuration file. For details on the format
              > # of the file, see the master(5) manual page (command: "man 5 master").
              > #
              > # Do not forget to execute "postfix reload" after editing this file.
              > #
              > # ==========================================================================
              > # service type private unpriv chroot wakeup maxproc command + args
              > # (yes) (yes) (yes) (never) (100)
              > # ==========================================================================
              > smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
              > #smtp inet n - - - 1 postscreen
              > #smtpd pass - - - - - smtpd
              > #dnsblog unix - - - - 0 dnsblog
              > #tlsproxy unix - - - - 0 tlsproxy
              > submission inet n - - - - smtpd
              > -o syslog_name=postfix/submission
              > # -o smtpd_tls_security_level=encrypt
              > -o smtpd_sasl_auth_enable=yes
              > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
              > -o milter_macro_daemon_name=ORIGINATING
              > #smtps inet n - - - - smtpd
              > # -o syslog_name=postfix/smtps
              > # -o smtpd_tls_wrappermode=yes
              > # -o smtpd_sasl_auth_enable=yes
              > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
              > # -o milter_macro_daemon_name=ORIGINATING
              > #628 inet n - - - - qmqpd
              > pickup fifo n - - 60 1 pickup
              > cleanup unix n - - - 0 cleanup
              > qmgr fifo n - n 300 1 qmgr
              > #qmgr fifo n - n 300 1 oqmgr
              > tlsmgr unix - - - 1000? 1 tlsmgr
              > rewrite unix - - - - - trivial-rewrite
              > bounce unix - - - - 0 bounce
              > defer unix - - - - 0 bounce
              > trace unix - - - - 0 bounce
              > verify unix - - - - 1 verify
              > flush unix n - - 1000? 0 flush
              > proxymap unix - - n - - proxymap
              > proxywrite unix - - n - 1 proxymap
              > smtp unix - - - - - smtp
              > relay unix - - - - - smtp
              > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
              > showq unix n - - - - showq
              > error unix - - - - - error
              > retry unix - - - - - error
              > discard unix - - - - - discard
              > local unix - n n - - local
              > virtual unix - n n - - virtual
              > lmtp unix - - - - - lmtp
              > anvil unix - - - - 1 anvil
              > scache unix - - - - 1 scache
              > #
              > # ====================================================================
              > # Interfaces to non-Postfix software. Be sure to examine the manual
              > # pages of the non-Postfix software to find out what options it wants.
              > #
              > # Many of the following services use the Postfix pipe(8) delivery
              > # agent. See the pipe(8) man page for information about ${recipient}
              > # and other message envelope options.
              > # ====================================================================
              > #
              > # maildrop. See the Postfix MAILDROP_README file for details.
              > # Also specify in main.cf: maildrop_destination_recipient_limit=1
              > #
              > maildrop unix - n n - - pipe
              > flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
              > #
              > # ====================================================================
              > #
              > # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
              > #
              > # Specify in cyrus.conf:
              > # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
              > #
              > # Specify in main.cf one or more of the following:
              > # mailbox_transport = lmtp:inet:localhost
              > # virtual_transport = lmtp:inet:localhost
              > #
              > # ====================================================================
              > #
              > # Cyrus 2.1.5 (Amos Gouaux)
              > # Also specify in main.cf: cyrus_destination_recipient_limit=1
              > #
              > #cyrus unix - n n - - pipe
              > # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
              > #
              > # ====================================================================
              > # Old example of delivery via Cyrus.
              > #
              > #old-cyrus unix - n n - - pipe
              > # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
              > #
              > # ====================================================================
              > #
              > # See the Postfix UUCP_README file for configuration details.
              > #
              > uucp unix - n n - - pipe
              > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
              > #
              > # Other external delivery methods.
              > #
              > ifmail unix - n n - - pipe
              > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
              > bsmtp unix - n n - - pipe
              > flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
              > scalemail-backend unix - n n - 2 pipe
              > flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
              > ${nexthop} ${user} ${extension}
              > mailman unix - n n - - pipe
              > flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
              > ${nexthop} ${user}
              > ##################################################
            • lists@rhsoft.net
              ... fine, you are configuring submission (port 587) but try with port 25 and your own domain as RCPT - why do you think that it should be rejected and how do
              Message 6 of 7 , Jun 18, 2014
              • 0 Attachment
                Am 18.06.2014 20:42, schrieb Luigi Cirillo:
                > Ok, sorry Wietse,
                > this is the telnet output I changed the domain (mydomain),
                > host(myhost), the computer I connect with telnet
                > (myremote-client-telnet) and my ip(0.0.0.0)... for privacy:
                > ############################################
                > telnet smtp.mydomain.com 25
                > Trying 81.4.108.167...
                > Connected to mydomain.com.
                > Escape character is '^]'.
                > 220 myhost.mydomain.com ESMTP Postfix (Debian/GNU)
                > ehlo mydomain.com
                > 250-myhost.mydomain.com
                > 250-PIPELINING
                > 250-SIZE 10240000
                > 250-VRFY
                > 250-ETRN
                > 250-STARTTLS
                > 250-ENHANCEDSTATUSCODES
                > 250-8BITMIME
                > 250 DSN
                > MAIL FROM: boh@...
                > 250 2.1.0 Ok
                > RCPT TO: info@...
                > 250 2.1.5 Ok
                > data
                > 354 End data with <CR><LF>.<CR><LF>

                fine, you are configuring submission (port 587) but try with
                port 25 and your own domain as RCPT - why do you think that
                it should be rejected and how do you imagine would anybody
                send you an e-mail if you manage to enforce auth on 25?
              • Wietse Venema
                ... That s port 25. ... That is not port 25. Wietse
                Message 7 of 7 , Jun 18, 2014
                • 0 Attachment
                  Luigi Cirillo:
                  > telnet smtp.mydomain.com 25

                  That's port 25.

                  > submission inet n - - - - smtpd
                  > -o syslog_name=postfix/submission
                  > # -o smtpd_tls_security_level=encrypt
                  > -o smtpd_sasl_auth_enable=yes
                  > -o smtpd_client_restrictions=permit_sasl_authenticated,reject

                  That is not port 25.

                  Wietse
                Your message has been successfully submitted and would be delivered to recipients shortly.