NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-04

Re: postfix and dovecot sasl not relaying mail

From: Dave (dave.mehlergmail.com)
Date: Thu Apr 17 2008 - 22:02:22 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
Thank you for replies. I'm not going to dignify some of the comments
made by responding except to state that late at night is probably not the
best time to send emails for me and dovecot configuration directives have
changed in pre and post 1.0 times.
My postfix version is 2.4.5-2.fc6, dovecot is 1.0.3-6.fc6. The error i'm
getting is sasl, the ip i'm sending from is a dynamic so my postfix is
blocking relaying from it unless sasl auth works. Below is my setup:

maillog-nondebug
#tail -f /var/log/maillog
Apr 17 23:06:29 s15298471 postfix/smtpd[3944]: connect from
unknown[68.51.57.178]
Apr 17 23:06:29 s15298471 postfix/smtpd[3944]: setting up TLS connection
from unknown[68.51.57.178]
Apr 17 23:06:29 s15298471 postfix/smtpd[3944]: TLS connection established
from unknown[68.51.57.178]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr 17 23:06:30 s15298471 postfix/smtpd[3944]: NOQUEUE: reject: RCPT from
unknown[68.51.57.178]: 554 5.7.1 Service unavailable; Client host
[68.51.57.178] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=68.51.57.178; from=<userexample.com>
to=<user1example2.com> proto=ESMTP helo=<satellite>
Apr 17 23:06:30 s15298471 postfix/smtpd[3944]: disconnect from
unknown[68.51.57.178]

maillog-debug (with suggested debug_peer_list="IP" option added)
#tail -f /var/log/maillog
Apr 17 23:23:02 s15298471 postfix/smtpd[7276]: connect from
unknown[68.51.57.178]
Apr 17 23:23:02 s15298471 postfix/smtpd[7276]: setting up TLS connection
from unknown[68.51.57.178]
Apr 17 23:23:02 s15298471 postfix/smtpd[7276]: TLS connection established
from unknown[68.51.57.178]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr 17 23:23:03 s15298471 postfix/smtpd[7276]: NOQUEUE: reject: RCPT from
unknown[68.51.57.178]: 554 5.7.1 Service unavailable; Client host
[68.51.57.178] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=68.51.57.178; from=<userexample.com>
to=<user2gmail.com> proto=ESMTP helo=<satellite>
Apr 17 23:23:04 s15298471 postfix/smtpd[7276]: disconnect from
unknown[68.51.57.178]
Apr 17 23:23:04 s15298471 dovecot: pop3-login: Login:
user=<userexample.com>, method=PLAIN, rip=68.51.57.178, lip=111.111.111.29,
TLS
Apr 17 23:23:04 s15298471 dovecot: POP3(userexample.com): Disconnected:
Logged out top=0/0, retr=0/0, del=0/0, size=0

postconf -n
address_verify_map = btree:/var/spool/postfix/verified_senders
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
default_privs = nobody
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 111.222.333.444
invalid_hostname_reject_code = 554
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 1000000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
multi_recipient_bounce_reject_code = 554
mydestination = localhost
mydomain = example.com
myhostname = mail.example.com
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
queue_directory = /var/spool/postfix
queue_minfree = 25000000
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
recipient_delimiter = +
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.4.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname
smtpd_client_connection_count_limit = 2
smtpd_client_connection_rate_limit = 5
smtpd_client_restrictions = check_recipient_access
hash:/etc/postfix/recipient_access reject_rbl_client images.rbl.msrbl.net,
reject_rbl_client list.dsbl.org reject_rbl_client zen.spamhaus.org,
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unverified_recipient
reject_multi_recipient_bounce, check_helo_access
pcre:/etc/postfix/helo_checks.pcre check_sender_mx_access
cidr:/etc/postfix/bogus_mx reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rbl_client multi.uribl.com, check_sender_access
hash:/etc/postfix/common_spam_senderdomains
smtpd_restriction_classes = has_our_domain_as_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = example.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining reject_sender_login_mismatch reject_rhsbl_sender
dsn.rfc-ignorant.org,
smtpd_soft_error_limit = 2
smtpd_tls_CAfile = /etc/postfix/ssl/ca-cert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_transport = dovecot
virtual_uid_maps = static:5000

dovecot -n
# 1.0.3: /etc/dovecot.conf
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
protocols: pop3s
listen: 74.208.64.129
ssl_ca_file: /etc/dovecot/ca-cert.pem
ssl_cert_file: /etc/dovecot/pop.cert
ssl_key_file: /etc/dovecot/pop.key
ssl_cipher_list: ALL:!LOW
disable_plaintext_auth: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/pop3-login
mail_extra_groups: mail
mail_location: maildir:/home/vmail/%d/%n
maildir_copy_with_hardlinks: yes
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib64/dovecot/pop3
pop3_client_workarounds: outlook-no-nuls oe-ns-eoh
auth default:
  user: vmail
  verbose: yes
  passdb:
    driver: passwd-file
    args: /etc/dovecot/passwd
  userdb:
    driver: passwd-file
    args: /etc/dovecot/users
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384

I've been over the sasl document and the dovecot docs and i'm not seeing
it. I'd welcome any suggestions.
Thanks.
Dave.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]