Postfix SASL auth not working
Hi,
I've been having a really hard time with this; maybe someone here can help. I'm getting relay access denied to an email outside of my domain. It seems the passwords are authenticating because I'm not getting invalid password prompts. ### BEGIN POSTFIX CONF ### # postconf -n alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes config_directory = /etc/postfix mailbox_size_limit = 0 message_size_limit = 50240000 mydomain = mycompany.com myhostname = myhost.mycompany.com mynetworks = 127.0.0.0/8,192.168.2.0/24,10.0.0.0/24,hash:/etc/postfix/ pop-before-smtp myorigin = thrud.alliantinternet.com sender_bcc_maps = hash:/etc/postfix/sender_bcc smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname NO UCE ESMTP myhost.mycompany.com smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, hash:/etc/postfix/pop-before-smtp smtpd_delay_reject = no smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, hash:/etc/postfix/sender_access smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 450 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:8 virtual_mailbox_base = /var/spool/postfix/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 500000000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 107 virtual_transport = virtual virtual_uid_maps = static:107 ### END POSTFIX CONF ### If you need anything else to work with, let me know. |
These are the additional items my config has that yours doesn't (differs from yours significantly.)
Code:
smtpd_tls_auth_only = no Edit: Also make sure you remembered to install the required sasl items-- cyrus-sasl-* (more or a less.) |
The difference I see here is that you added
tls_daemon_random_source = dev:/dev/urandom smtpd_tls_auth_only You also have separate ssl keyfiles. Other posts I've seen use the same file for all three properties. Is there a significance to having them vary? How did you generate all three? |
Could the issue also possibly be in one of these three lines?
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, hash:/etc/postfix/pop-before-smtp, check_sender_access hash:/etc/postfix/sender_access smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access is permit_sasl_authenticated required in all three lines? I'm thinking it may be unnecessary (and counterproductive) in the smtpd_sender_restrictions. In the logs, I see "certificate verification failed" for IPs/emails that we deliver mail to, which leads me to believe I need to modify something in those 3 lines above, no? |
All times are GMT -5. The time now is 04:20 AM. |