Loading ...
Sorry, an error occurred while loading the content.

SASL and Sender Dependent Relay

Expand Messages
  • Jerry
    Okay, I know I am an idiot, but bear with me. I had a perfectly good Postfix/Dovecot setup working for several years. I never touched it. Then the HD died and
    Message 1 of 8 , Jun 29, 2014
    • 0 Attachment
      Okay, I know I am an idiot, but bear with me. I had a perfectly good
      Postfix/Dovecot setup working for several years. I never touched it. Then the
      HD died and I cannot find any of the backups. They would be quite old anyway.
      So, after fixing the sytem, I installed FreeBSD-10 and the latest versions of
      Postfix and Dovecot. Now, I cannot get them working together again.

      Neither SASL or Sender Dependent Relaying is working.

      When I attempt, as shown below, to send to a "yahoo" address, it does not use
      the sender dependent relaying or invoke SASL. The message is rejected by
      "yahoo". It is the same no matter what domain I attempt to send to.

      Jun 29 14:17:32 scorpio sm-mta[35398]: STARTTLS=server, relay=localhost
      [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA,
      bits=128/128 Jun 29 14:17:33 scorpio sm-mta[35398]: s5TIHWZf035398:
      from=<gerard.seibert@...>, size=367, class=0, nrcpts=1,
      msgid=<20140629141732.58cc7659@scorpio>, proto=ESMTP, daemon=Daemon0,
      relay=localhost [127.0.0.1] Jun 29 14:17:33 scorpio sm-mta[35400]:
      STARTTLS=client, relay=mta7.am0.yahoodns.net., version=TLSv1/SSLv3,
      verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 Jun 29 14:17:36
      scorpio sm-mta[35400]: s5TIHWZf035398: to=<gesbbb@...>, delay=00:00:03,
      xdelay=00:00:03, mailer=esmtp, pri=30367, relay=mta7.am0.yahoodns.net.
      [98.138.112.37], dsn=2.0.0, stat=Sent (ok dirdel)

      Now, if I attempt to use port 587, the entire process breaks down.

      Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: connect from localhost[127.0.0.1]
      Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)
      Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: warning: SASL: Connect to smtpd failed: No such file or directory
      Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: fatal: no SASL authentication mechanisms
      Jun 29 14:15:28 scorpio postfix/master[35382]: warning: process /usr/local/libexec/postfix/smtpd pid 35390 exit status 1
      Jun 29 14:15:28 scorpio postfix/master[35382]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
      Jun 29 14:17:32 scorpio sm-mta[35398]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA, bits=128/128
      Jun 29 14:17:33 scorpio sm-mta[35398]: s5TIHWZf035398: from=<gerard.seibert@...>, size=367, class=0, nrcpts=1, msgid=<20140629141732.58cc7659@scorpio>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
      Jun 29 14:17:33 scorpio sm-mta[35400]: STARTTLS=client, relay=mta7.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
      Jun 29 14:17:36 scorpio sm-mta[35400]: s5TIHWZf035398: to=<gesbbb@...>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30367, relay=mta7.am0.yahoodns.net. [98.138.112.37], dsn=2.0.0, stat=Sent (ok dirdel)
      Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: connect from localhost[127.0.0.1]
      Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: warning: SASL: Connect to smtpd failed: No such file or directory
      Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: fatal: no SASL authentication mechanisms
      Jun 29 14:24:49 scorpio postfix/master[35382]: warning: process /usr/local/libexec/postfix/smtpd pid 35420 exit status 1
      Jun 29 14:24:49 scorpio postfix/master[35382]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

      -- postconf -fn --
      authorized_submit_users = !www, static:all
      broken_sasl_auth_clients = yes
      canonical_maps = hash:/usr/local/etc/postfix/canonical
      command_directory = /usr/local/sbin
      config_directory = /usr/local/etc/postfix
      daemon_directory = /usr/local/libexec/postfix
      data_directory = /var/db/postfix
      debug_peer_level = 2
      debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
      $daemon_directory/$process_name $process_id & sleep 5
      delay_warning_time = 12h
      disable_vrfy_command = yes
      dovecot_destination_recipient_limit = 1
      enable_long_queue_ids = yes
      html_directory = /usr/local/share/doc/postfix
      inet_protocols = ipv4
      mail_owner = postfix
      mailq_path = /usr/local/bin/mailq
      manpage_directory = /usr/local/man
      message_size_limit = 26214400
      milter_default_action = accept
      mydestination =
      mydomain = seibercom.net
      myhostname = scorpio.seibercom.net
      mynetworks_style = subnet
      myorigin = $mydomain
      newaliases_path = /usr/local/bin/newaliases
      queue_directory = /var/spool/postfix
      readme_directory = /usr/local/share/doc/postfix
      sample_directory = /usr/local/etc/postfix
      sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay
      sendmail_path = /usr/local/sbin/sendmail
      setgid_group = maildrop
      smtp_sasl_auth_enable = yes
      smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
      smtp_sasl_security_options = noanonymous
      smtp_sasl_type = cyrus
      smtp_sender_dependent_authentication = yes
      smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
      smtp_tls_CApath = /usr/local/etc/postfix/certs/
      smtp_tls_note_starttls_offer = yes
      smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
      smtp_tls_security_level = may
      smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
      smtpd_authorized_verp_clients = $mynetworks
      smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
      reject_unknown_client_hostname
      smtpd_milters = unix:/var/run/clamav/clmilter.sock
      smtpd_recipient_restrictions = reject_unauth_pipelining
      permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain
      reject_unauth_destination
      smtpd_reject_footer = For assistance, please provide the following information
      in your problem report: time ($localtime), client ($client_address) and
      server ($server_name).
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_local_domain = $myhostname
      smtpd_sasl_security_options = noanonymous, noplaintext
      smtpd_sasl_tls_security_options = noanonymous
      smtpd_sasl_type = dovecot
      smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
      smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem
      smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
      tls_random_source = dev:/dev/urandom
      transport_maps = hash:/usr/local/etc/postfix/transport
      unknown_local_recipient_reject_code = 550
      virtual_gid_maps = static:1002
      virtual_mailbox_base = /var/mail/vhost
      virtual_mailbox_domains = seibercom.net
      virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
      virtual_minimum_uid = 100
      virtual_transport = dovecot
      virtual_uid_maps = static:1002
    • Alex JOST
      ... Your configuration misses smtpd_sasl_path. http://www.postfix.org/SASL_README.html#server_sasl_enable -- Alex JOST
      Message 2 of 8 , Jun 29, 2014
      • 0 Attachment
        Am 29.06.2014 20:43, schrieb Jerry:
        > Okay, I know I am an idiot, but bear with me. I had a perfectly good
        > Postfix/Dovecot setup working for several years. I never touched it. Then the
        > HD died and I cannot find any of the backups. They would be quite old anyway.
        > So, after fixing the sytem, I installed FreeBSD-10 and the latest versions of
        > Postfix and Dovecot. Now, I cannot get them working together again.
        >
        > Neither SASL or Sender Dependent Relaying is working.
        >
        > When I attempt, as shown below, to send to a "yahoo" address, it does not use
        > the sender dependent relaying or invoke SASL. The message is rejected by
        > "yahoo". It is the same no matter what domain I attempt to send to.
        >
        > Jun 29 14:17:32 scorpio sm-mta[35398]: STARTTLS=server, relay=localhost
        > [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA,
        > bits=128/128 Jun 29 14:17:33 scorpio sm-mta[35398]: s5TIHWZf035398:
        > from=<gerard.seibert@...>, size=367, class=0, nrcpts=1,
        > msgid=<20140629141732.58cc7659@scorpio>, proto=ESMTP, daemon=Daemon0,
        > relay=localhost [127.0.0.1] Jun 29 14:17:33 scorpio sm-mta[35400]:
        > STARTTLS=client, relay=mta7.am0.yahoodns.net., version=TLSv1/SSLv3,
        > verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 Jun 29 14:17:36
        > scorpio sm-mta[35400]: s5TIHWZf035398: to=<gesbbb@...>, delay=00:00:03,
        > xdelay=00:00:03, mailer=esmtp, pri=30367, relay=mta7.am0.yahoodns.net.
        > [98.138.112.37], dsn=2.0.0, stat=Sent (ok dirdel)
        >
        > Now, if I attempt to use port 587, the entire process breaks down.
        >
        > Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: connect from localhost[127.0.0.1]
        > Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)
        > Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: warning: SASL: Connect to smtpd failed: No such file or directory
        > Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: fatal: no SASL authentication mechanisms
        > Jun 29 14:15:28 scorpio postfix/master[35382]: warning: process /usr/local/libexec/postfix/smtpd pid 35390 exit status 1
        > Jun 29 14:15:28 scorpio postfix/master[35382]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
        > Jun 29 14:17:32 scorpio sm-mta[35398]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA, bits=128/128
        > Jun 29 14:17:33 scorpio sm-mta[35398]: s5TIHWZf035398: from=<gerard.seibert@...>, size=367, class=0, nrcpts=1, msgid=<20140629141732.58cc7659@scorpio>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
        > Jun 29 14:17:33 scorpio sm-mta[35400]: STARTTLS=client, relay=mta7.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
        > Jun 29 14:17:36 scorpio sm-mta[35400]: s5TIHWZf035398: to=<gesbbb@...>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30367, relay=mta7.am0.yahoodns.net. [98.138.112.37], dsn=2.0.0, stat=Sent (ok dirdel)
        > Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: connect from localhost[127.0.0.1]
        > Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: warning: SASL: Connect to smtpd failed: No such file or directory
        > Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: fatal: no SASL authentication mechanisms
        > Jun 29 14:24:49 scorpio postfix/master[35382]: warning: process /usr/local/libexec/postfix/smtpd pid 35420 exit status 1
        > Jun 29 14:24:49 scorpio postfix/master[35382]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
        >
        > -- postconf -fn --
        > authorized_submit_users = !www, static:all
        > broken_sasl_auth_clients = yes
        > canonical_maps = hash:/usr/local/etc/postfix/canonical
        > command_directory = /usr/local/sbin
        > config_directory = /usr/local/etc/postfix
        > daemon_directory = /usr/local/libexec/postfix
        > data_directory = /var/db/postfix
        > debug_peer_level = 2
        > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
        > $daemon_directory/$process_name $process_id & sleep 5
        > delay_warning_time = 12h
        > disable_vrfy_command = yes
        > dovecot_destination_recipient_limit = 1
        > enable_long_queue_ids = yes
        > html_directory = /usr/local/share/doc/postfix
        > inet_protocols = ipv4
        > mail_owner = postfix
        > mailq_path = /usr/local/bin/mailq
        > manpage_directory = /usr/local/man
        > message_size_limit = 26214400
        > milter_default_action = accept
        > mydestination =
        > mydomain = seibercom.net
        > myhostname = scorpio.seibercom.net
        > mynetworks_style = subnet
        > myorigin = $mydomain
        > newaliases_path = /usr/local/bin/newaliases
        > queue_directory = /var/spool/postfix
        > readme_directory = /usr/local/share/doc/postfix
        > sample_directory = /usr/local/etc/postfix
        > sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay
        > sendmail_path = /usr/local/sbin/sendmail
        > setgid_group = maildrop
        > smtp_sasl_auth_enable = yes
        > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
        > smtp_sasl_security_options = noanonymous
        > smtp_sasl_type = cyrus
        > smtp_sender_dependent_authentication = yes
        > smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
        > smtp_tls_CApath = /usr/local/etc/postfix/certs/
        > smtp_tls_note_starttls_offer = yes
        > smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
        > smtp_tls_security_level = may
        > smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
        > smtpd_authorized_verp_clients = $mynetworks
        > smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
        > reject_unknown_client_hostname
        > smtpd_milters = unix:/var/run/clamav/clmilter.sock
        > smtpd_recipient_restrictions = reject_unauth_pipelining
        > permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain
        > reject_unauth_destination
        > smtpd_reject_footer = For assistance, please provide the following information
        > in your problem report: time ($localtime), client ($client_address) and
        > server ($server_name).
        > smtpd_sasl_auth_enable = yes
        > smtpd_sasl_authenticated_header = yes
        > smtpd_sasl_local_domain = $myhostname
        > smtpd_sasl_security_options = noanonymous, noplaintext
        > smtpd_sasl_tls_security_options = noanonymous
        > smtpd_sasl_type = dovecot
        > smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
        > smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem
        > smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem
        > smtpd_tls_received_header = yes
        > smtpd_tls_security_level = may
        > smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
        > tls_random_source = dev:/dev/urandom
        > transport_maps = hash:/usr/local/etc/postfix/transport
        > unknown_local_recipient_reject_code = 550
        > virtual_gid_maps = static:1002
        > virtual_mailbox_base = /var/mail/vhost
        > virtual_mailbox_domains = seibercom.net
        > virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
        > virtual_minimum_uid = 100
        > virtual_transport = dovecot
        > virtual_uid_maps = static:1002
        >

        Your configuration misses smtpd_sasl_path.
        http://www.postfix.org/SASL_README.html#server_sasl_enable

        --
        Alex JOST
      • Edgar Pettijohn
        ... not sure if it matters but you have smtp_sasl_type defined twice once with cyrus and once with dovecot
        Message 3 of 8 , Jun 29, 2014
        • 0 Attachment
          On 06/29/2014 02:36 PM, Alex JOST wrote:
          > Am 29.06.2014 20:43, schrieb Jerry:
          >> Okay, I know I am an idiot, but bear with me. I had a perfectly good
          >> Postfix/Dovecot setup working for several years. I never touched it.
          >> Then the
          >> HD died and I cannot find any of the backups. They would be quite old
          >> anyway.
          >> So, after fixing the sytem, I installed FreeBSD-10 and the latest
          >> versions of
          >> Postfix and Dovecot. Now, I cannot get them working together again.
          >>
          >> Neither SASL or Sender Dependent Relaying is working.
          >>
          >> When I attempt, as shown below, to send to a "yahoo" address, it does
          >> not use
          >> the sender dependent relaying or invoke SASL. The message is rejected by
          >> "yahoo". It is the same no matter what domain I attempt to send to.
          >>
          >> Jun 29 14:17:32 scorpio sm-mta[35398]: STARTTLS=server, relay=localhost
          >> [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA,
          >> bits=128/128 Jun 29 14:17:33 scorpio sm-mta[35398]: s5TIHWZf035398:
          >> from=<gerard.seibert@...>, size=367, class=0, nrcpts=1,
          >> msgid=<20140629141732.58cc7659@scorpio>, proto=ESMTP, daemon=Daemon0,
          >> relay=localhost [127.0.0.1] Jun 29 14:17:33 scorpio sm-mta[35400]:
          >> STARTTLS=client, relay=mta7.am0.yahoodns.net., version=TLSv1/SSLv3,
          >> verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 Jun 29
          >> 14:17:36
          >> scorpio sm-mta[35400]: s5TIHWZf035398: to=<gesbbb@...>,
          >> delay=00:00:03,
          >> xdelay=00:00:03, mailer=esmtp, pri=30367, relay=mta7.am0.yahoodns.net.
          >> [98.138.112.37], dsn=2.0.0, stat=Sent (ok dirdel)
          >>
          >> Now, if I attempt to use port 587, the entire process breaks down.
          >>
          >> Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: connect from
          >> localhost[127.0.0.1]
          >> Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: Anonymous
          >> TLS connection established from localhost[127.0.0.1]: TLSv1.2 with
          >> cipher DHE-RSA-AES128-SHA (128/128 bits)
          >> Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: warning:
          >> SASL: Connect to smtpd failed: No such file or directory
          >> Jun 29 14:15:27 scorpio postfix/submission/smtpd[35390]: fatal: no
          >> SASL authentication mechanisms
          >> Jun 29 14:15:28 scorpio postfix/master[35382]: warning: process
          >> /usr/local/libexec/postfix/smtpd pid 35390 exit status 1
          >> Jun 29 14:15:28 scorpio postfix/master[35382]: warning:
          >> /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
          >> Jun 29 14:17:32 scorpio sm-mta[35398]: STARTTLS=server,
          >> relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO,
          >> cipher=DHE-RSA-AES128-SHA, bits=128/128
          >> Jun 29 14:17:33 scorpio sm-mta[35398]: s5TIHWZf035398:
          >> from=<gerard.seibert@...>, size=367, class=0, nrcpts=1,
          >> msgid=<20140629141732.58cc7659@scorpio>, proto=ESMTP, daemon=Daemon0,
          >> relay=localhost [127.0.0.1]
          >> Jun 29 14:17:33 scorpio sm-mta[35400]: STARTTLS=client,
          >> relay=mta7.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL,
          >> cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
          >> Jun 29 14:17:36 scorpio sm-mta[35400]: s5TIHWZf035398:
          >> to=<gesbbb@...>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp,
          >> pri=30367, relay=mta7.am0.yahoodns.net. [98.138.112.37], dsn=2.0.0,
          >> stat=Sent (ok dirdel)
          >> Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: connect from
          >> localhost[127.0.0.1]
          >> Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: warning:
          >> SASL: Connect to smtpd failed: No such file or directory
          >> Jun 29 14:24:48 scorpio postfix/submission/smtpd[35420]: fatal: no
          >> SASL authentication mechanisms
          >> Jun 29 14:24:49 scorpio postfix/master[35382]: warning: process
          >> /usr/local/libexec/postfix/smtpd pid 35420 exit status 1
          >> Jun 29 14:24:49 scorpio postfix/master[35382]: warning:
          >> /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
          >>
          >> -- postconf -fn --
          >> authorized_submit_users = !www, static:all
          >> broken_sasl_auth_clients = yes
          >> canonical_maps = hash:/usr/local/etc/postfix/canonical
          >> command_directory = /usr/local/sbin
          >> config_directory = /usr/local/etc/postfix
          >> daemon_directory = /usr/local/libexec/postfix
          >> data_directory = /var/db/postfix
          >> debug_peer_level = 2
          >> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
          >> $daemon_directory/$process_name $process_id & sleep 5
          >> delay_warning_time = 12h
          >> disable_vrfy_command = yes
          >> dovecot_destination_recipient_limit = 1
          >> enable_long_queue_ids = yes
          >> html_directory = /usr/local/share/doc/postfix
          >> inet_protocols = ipv4
          >> mail_owner = postfix
          >> mailq_path = /usr/local/bin/mailq
          >> manpage_directory = /usr/local/man
          >> message_size_limit = 26214400
          >> milter_default_action = accept
          >> mydestination =
          >> mydomain = seibercom.net
          >> myhostname = scorpio.seibercom.net
          >> mynetworks_style = subnet
          >> myorigin = $mydomain
          >> newaliases_path = /usr/local/bin/newaliases
          >> queue_directory = /var/spool/postfix
          >> readme_directory = /usr/local/share/doc/postfix
          >> sample_directory = /usr/local/etc/postfix
          >> sender_dependent_relayhost_maps =
          >> hash:/usr/local/etc/postfix/sender_relay
          >> sendmail_path = /usr/local/sbin/sendmail
          >> setgid_group = maildrop
          >> smtp_sasl_auth_enable = yes
          >> smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
          >> smtp_sasl_security_options = noanonymous
          >> smtp_sasl_type = cyrus
          >> smtp_sender_dependent_authentication = yes
          >> smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
          >> smtp_tls_CApath = /usr/local/etc/postfix/certs/
          >> smtp_tls_note_starttls_offer = yes
          >> smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
          >> smtp_tls_security_level = may
          >> smtp_tls_session_cache_database =
          >> btree:/var/db/postfix/smtp_tls_session_cache
          >> smtpd_authorized_verp_clients = $mynetworks
          >> smtpd_client_restrictions = reject_unauth_pipelining
          >> permit_sasl_authenticated
          >> reject_unknown_client_hostname
          >> smtpd_milters = unix:/var/run/clamav/clmilter.sock
          >> smtpd_recipient_restrictions = reject_unauth_pipelining
          >> permit_sasl_authenticated permit_mynetworks
          >> reject_unknown_recipient_domain
          >> reject_unauth_destination
          >> smtpd_reject_footer = For assistance, please provide the following
          >> information
          >> in your problem report: time ($localtime), client
          >> ($client_address) and
          >> server ($server_name).
          >> smtpd_sasl_auth_enable = yes
          >> smtpd_sasl_authenticated_header = yes
          >> smtpd_sasl_local_domain = $myhostname
          >> smtpd_sasl_security_options = noanonymous, noplaintext
          >> smtpd_sasl_tls_security_options = noanonymous
          >> smtpd_sasl_type = dovecot
          >> smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
          >> smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem
          >> smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem
          >> smtpd_tls_received_header = yes
          >> smtpd_tls_security_level = may
          >> smtpd_tls_session_cache_database =
          >> btree:/var/db/postfix/smtpd_tls_session_cache
          >> tls_random_source = dev:/dev/urandom
          >> transport_maps = hash:/usr/local/etc/postfix/transport
          >> unknown_local_recipient_reject_code = 550
          >> virtual_gid_maps = static:1002
          >> virtual_mailbox_base = /var/mail/vhost
          >> virtual_mailbox_domains = seibercom.net
          >> virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
          >> virtual_minimum_uid = 100
          >> virtual_transport = dovecot
          >> virtual_uid_maps = static:1002
          >>
          >
          > Your configuration misses smtpd_sasl_path.
          > http://www.postfix.org/SASL_README.html#server_sasl_enable
          >
          not sure if it matters but you have smtp_sasl_type defined twice once
          with cyrus and once with dovecot
        • lists@rhsoft.net
          ... says who? smtp != smtpd smtp can only by cyrus and is part of the topic smtpd_sasl_type is for smtpd server smtp_sasl_type is for smtp client
          Message 4 of 8 , Jun 29, 2014
          • 0 Attachment
            Am 29.06.2014 22:05, schrieb Edgar Pettijohn:
            > not sure if it matters but you have smtp_sasl_type defined twice once
            > with cyrus and once with dovecot

            says who?

            smtp != smtpd
            smtp can only by cyrus and is part of the topic
            smtpd_sasl_type is for smtpd server
            smtp_sasl_type is for smtp client

            smtp_sasl_type = cyrus
            smtpd_sasl_type = dovecot
          • Edgar Pettijohn
            ... sorry didn t see the d
            Message 5 of 8 , Jun 29, 2014
            • 0 Attachment
              On 06/29/2014 03:40 PM, lists@... wrote:
              > Am 29.06.2014 22:05, schrieb Edgar Pettijohn:
              >> not sure if it matters but you have smtp_sasl_type defined twice once
              >> with cyrus and once with dovecot
              > says who?
              >
              > smtp != smtpd
              > smtp can only by cyrus and is part of the topic
              > smtpd_sasl_type is for smtpd server
              > smtp_sasl_type is for smtp client
              >
              > smtp_sasl_type = cyrus
              > smtpd_sasl_type = dovecot
              sorry didn't see the "d"
            • Jerry
              ... Neither SASL and or Sender Dependent Relay appear to be working. I made some changes to the main.cf: authorized_submit_users = !www, static:all
              Message 6 of 8 , Jun 29, 2014
              • 0 Attachment
                On Sun, 29 Jun 2014 16:02:05 -0500, Edgar Pettijohn stated:

                >
                >On 06/29/2014 03:40 PM, lists@... wrote:
                >> Am 29.06.2014 22:05, schrieb Edgar Pettijohn:
                >>> not sure if it matters but you have smtp_sasl_type defined twice once
                >>> with cyrus and once with dovecot
                >> says who?
                >>
                >> smtp != smtpd
                >> smtp can only by cyrus and is part of the topic
                >> smtpd_sasl_type is for smtpd server
                >> smtp_sasl_type is for smtp client
                >>
                >> smtp_sasl_type = cyrus
                >> smtpd_sasl_type = dovecot
                >sorry didn't see the "d"

                Neither SASL and or Sender Dependent Relay appear to be working. I made some
                changes to the main.cf:

                authorized_submit_users = !www, static:all
                broken_sasl_auth_clients = yes
                canonical_maps = hash:/usr/local/etc/postfix/canonical
                command_directory = /usr/local/sbin
                config_directory = /usr/local/etc/postfix
                daemon_directory = /usr/local/libexec/postfix
                data_directory = /var/db/postfix
                debug_peer_level = 2
                debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
                $daemon_directory/$process_name $process_id & sleep 5
                delay_warning_time = 12h
                disable_vrfy_command = yes
                dovecot_destination_recipient_limit = 1
                enable_long_queue_ids = yes
                html_directory = /usr/local/share/doc/postfix
                inet_protocols = ipv4
                mail_owner = postfix
                mailq_path = /usr/local/bin/mailq
                manpage_directory = /usr/local/man
                message_size_limit = 26214400
                milter_default_action = accept
                mydestination =
                mydomain = seibercom.net
                myhostname = scorpio.seibercom.net
                mynetworks_style = subnet
                myorigin = $mydomain
                newaliases_path = /usr/local/bin/newaliases
                queue_directory = /var/spool/postfix
                readme_directory = /usr/local/share/doc/postfix
                sample_directory = /usr/local/etc/postfix
                sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay
                sendmail_path = /usr/local/sbin/sendmail
                setgid_group = maildrop
                smtp_sasl_auth_enable = yes
                smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
                smtp_sasl_security_options = noanonymous
                smtp_sender_dependent_authentication = yes
                smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
                smtp_tls_CApath = /usr/local/etc/postfix/certs/
                smtp_tls_note_starttls_offer = yes
                smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
                smtp_tls_security_level = may
                smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
                smtpd_authorized_verp_clients = $mynetworks
                smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
                reject_unknown_client_hostname
                smtpd_milters = unix:/var/run/clamav/clmilter.sock
                smtpd_recipient_restrictions = reject_unauth_pipelining
                permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain
                reject_unauth_destination
                smtpd_reject_footer = For assistance, please provide the following information
                in your problem report: time ($localtime), client ($client_address) and
                server ($server_name).
                smtpd_sasl_auth_enable = yes
                smtpd_sasl_authenticated_header = yes
                smtpd_sasl_local_domain = $myhostname
                smtpd_sasl_path = private/auth
                smtpd_sasl_security_options = noanonymous, noplaintext
                smtpd_sasl_tls_security_options = noanonymous
                smtpd_sasl_type = dovecot
                smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
                smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem
                smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem
                smtpd_tls_received_header = yes
                smtpd_tls_security_level = may
                smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
                tls_random_source = dev:/dev/urandom
                transport_maps = hash:/usr/local/etc/postfix/transport
                unknown_local_recipient_reject_code = 550
                virtual_gid_maps = static:1002
                virtual_mailbox_base = /var/mail/vmail/seibercom/gerard
                virtual_mailbox_domains = seibercom.net
                virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
                virtual_minimum_uid = 100
                virtual_transport = dovecot
                virtual_uid_maps = static:1002

                maillog:

                Jun 29 17:09:21 scorpio sm-mta[36451]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA, bits=128/128
                Jun 29 17:09:21 scorpio sm-mta[36451]: s5TL9Llc036451: from=<gerard.seibert@...>, size=363, class=0, nrcpts=1, msgid=<20140629170921.5ffc300b@scorpio>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
                Jun 29 17:09:22 scorpio sm-mta[36453]: STARTTLS=client, relay=mta6.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
                Jun 29 17:09:24 scorpio sm-mta[36453]: s5TL9Llc036451: to=<gesbbb@...>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30363, relay=mta6.am0.yahoodns.net. [66.196.118.37], dsn=2.0.0, stat=Sent (ok dirdel)

                This is not being relayed through the proper ISP and there is no SASL being used.
              • Paul C
                Maybe you need to set your restrictions to more strict settings, here s my setting for smtpd restrictions, someone else may have a better config so open to
                Message 7 of 8 , Jun 29, 2014
                • 0 Attachment
                  Maybe you need to set your restrictions to more strict settings,
                  here's my setting for smtpd restrictions, someone else may have a
                  better config so open to discussion:

                  smtpd_recipient_restrictions = permit_mynetworks,
                  permit_sasl_authenticated, reject_invalid_hostname,
                  reject_non_fqdn_hostname, reject_non_fqdn_recipient,
                  reject_unauth_destination, reject_unauth_pipelining,
                  reject_non_fqdn_sender, reject_unknown_sender_domain,
                  reject_unknown_recipient_domain



                  On Sun, Jun 29, 2014 at 5:19 PM, Jerry <postfix-user@...> wrote:
                  > On Sun, 29 Jun 2014 16:02:05 -0500, Edgar Pettijohn stated:
                  >
                  >>
                  >>On 06/29/2014 03:40 PM, lists@... wrote:
                  >>> Am 29.06.2014 22:05, schrieb Edgar Pettijohn:
                  >>>> not sure if it matters but you have smtp_sasl_type defined twice once
                  >>>> with cyrus and once with dovecot
                  >>> says who?
                  >>>
                  >>> smtp != smtpd
                  >>> smtp can only by cyrus and is part of the topic
                  >>> smtpd_sasl_type is for smtpd server
                  >>> smtp_sasl_type is for smtp client
                  >>>
                  >>> smtp_sasl_type = cyrus
                  >>> smtpd_sasl_type = dovecot
                  >>sorry didn't see the "d"
                  >
                  > Neither SASL and or Sender Dependent Relay appear to be working. I made some
                  > changes to the main.cf:
                  >
                  > authorized_submit_users = !www, static:all
                  > broken_sasl_auth_clients = yes
                  > canonical_maps = hash:/usr/local/etc/postfix/canonical
                  > command_directory = /usr/local/sbin
                  > config_directory = /usr/local/etc/postfix
                  > daemon_directory = /usr/local/libexec/postfix
                  > data_directory = /var/db/postfix
                  > debug_peer_level = 2
                  > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
                  > $daemon_directory/$process_name $process_id & sleep 5
                  > delay_warning_time = 12h
                  > disable_vrfy_command = yes
                  > dovecot_destination_recipient_limit = 1
                  > enable_long_queue_ids = yes
                  > html_directory = /usr/local/share/doc/postfix
                  > inet_protocols = ipv4
                  > mail_owner = postfix
                  > mailq_path = /usr/local/bin/mailq
                  > manpage_directory = /usr/local/man
                  > message_size_limit = 26214400
                  > milter_default_action = accept
                  > mydestination =
                  > mydomain = seibercom.net
                  > myhostname = scorpio.seibercom.net
                  > mynetworks_style = subnet
                  > myorigin = $mydomain
                  > newaliases_path = /usr/local/bin/newaliases
                  > queue_directory = /var/spool/postfix
                  > readme_directory = /usr/local/share/doc/postfix
                  > sample_directory = /usr/local/etc/postfix
                  > sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay
                  > sendmail_path = /usr/local/sbin/sendmail
                  > setgid_group = maildrop
                  > smtp_sasl_auth_enable = yes
                  > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
                  > smtp_sasl_security_options = noanonymous
                  > smtp_sender_dependent_authentication = yes
                  > smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
                  > smtp_tls_CApath = /usr/local/etc/postfix/certs/
                  > smtp_tls_note_starttls_offer = yes
                  > smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
                  > smtp_tls_security_level = may
                  > smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
                  > smtpd_authorized_verp_clients = $mynetworks
                  > smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
                  > reject_unknown_client_hostname
                  > smtpd_milters = unix:/var/run/clamav/clmilter.sock
                  > smtpd_recipient_restrictions = reject_unauth_pipelining
                  > permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain
                  > reject_unauth_destination
                  > smtpd_reject_footer = For assistance, please provide the following information
                  > in your problem report: time ($localtime), client ($client_address) and
                  > server ($server_name).
                  > smtpd_sasl_auth_enable = yes
                  > smtpd_sasl_authenticated_header = yes
                  > smtpd_sasl_local_domain = $myhostname
                  > smtpd_sasl_path = private/auth
                  > smtpd_sasl_security_options = noanonymous, noplaintext
                  > smtpd_sasl_tls_security_options = noanonymous
                  > smtpd_sasl_type = dovecot
                  > smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
                  > smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem
                  > smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem
                  > smtpd_tls_received_header = yes
                  > smtpd_tls_security_level = may
                  > smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
                  > tls_random_source = dev:/dev/urandom
                  > transport_maps = hash:/usr/local/etc/postfix/transport
                  > unknown_local_recipient_reject_code = 550
                  > virtual_gid_maps = static:1002
                  > virtual_mailbox_base = /var/mail/vmail/seibercom/gerard
                  > virtual_mailbox_domains = seibercom.net
                  > virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
                  > virtual_minimum_uid = 100
                  > virtual_transport = dovecot
                  > virtual_uid_maps = static:1002
                  >
                  > maillog:
                  >
                  > Jun 29 17:09:21 scorpio sm-mta[36451]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES128-SHA, bits=128/128
                  > Jun 29 17:09:21 scorpio sm-mta[36451]: s5TL9Llc036451: from=<gerard.seibert@...>, size=363, class=0, nrcpts=1, msgid=<20140629170921.5ffc300b@scorpio>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
                  > Jun 29 17:09:22 scorpio sm-mta[36453]: STARTTLS=client, relay=mta6.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
                  > Jun 29 17:09:24 scorpio sm-mta[36453]: s5TL9Llc036451: to=<gesbbb@...>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30363, relay=mta6.am0.yahoodns.net. [66.196.118.37], dsn=2.0.0, stat=Sent (ok dirdel)
                  >
                  > This is not being relayed through the proper ISP and there is no SASL being used.
                • Jerry
                  ... Okay, I almost have it. If I send from my mail client to Postfix via port 587, then everything apparently works fine. However, if I send via port 25, the
                  Message 8 of 8 , Jun 29, 2014
                  • 0 Attachment
                    On Sun, 29 Jun 2014 17:47:33 -0400, Paul C stated:

                    >Maybe you need to set your restrictions to more strict settings,
                    >here's my setting for smtpd restrictions, someone else may have a
                    >better config so open to discussion:
                    >
                    >smtpd_recipient_restrictions = permit_mynetworks,
                    >permit_sasl_authenticated, reject_invalid_hostname,
                    >reject_non_fqdn_hostname, reject_non_fqdn_recipient,
                    >reject_unauth_destination, reject_unauth_pipelining,
                    >reject_non_fqdn_sender, reject_unknown_sender_domain,
                    >reject_unknown_recipient_domain

                    Okay, I almost have it. If I send from my mail client to Postfix via port
                    587, then everything apparently works fine. However, if I send via port 25,
                    the "sender dependent rely" does not work and I see no sign that SASL was
                    used. Obviously, I have made a simple mistake, but I cannot find it.

                    --
                    Jerry
                  Your message has been successfully submitted and would be delivered to recipients shortly.