LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-16-2011, 10:48 AM   #1
grob115
Member
 
Registered: Oct 2005
Posts: 528

Rep: Reputation: 32
Postfix rejecting mail from Outlook


Hi, thought if I have enforced to use the Linux /etc/passwd file to authenticate myself from Outlook, Postfix will accept mail from any IPs. However, I'm not able to send mails from my Outlook via my mail server to someone else on the Internet. Am seeing the following in Postfix's log.
Code:
Mar 11 21:07:39 production postfix/smtpd[16366]: connect from pcdxxxxx.netvigator.com[203.218.211.256]
Mar 11 21:07:39 production postfix/smtpd[16366]: NOQUEUE: reject: RCPT from pcdxxxxx.netvigator.com[203.218.211.256]: 554 5.7.1 <someone@hotmail.com>: Relay access denied; from=<mate@mydomain.com> to=<someone@hotmail.com> proto=ESMTP helo=<Windows>
Mar 11 21:07:42 production postfix/smtpd[16366]: disconnect from pcdxxxxx.netvigator.com[203.218.211.256]
Here are my Postfix settings.
Code:
[root@production ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = <mail server's public IP>, 127.0.0.1
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.1
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
 
Old 03-16-2011, 12:58 PM   #2
business_kid
Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 6,373

Rep: Reputation: 557Reputation: 557Reputation: 557Reputation: 557Reputation: 557Reputation: 557
Quote:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Do you want to try removing that last bit?(reject_unauth_destination). This isn't a solution, but an attempt to clarify the problem. BTW, there's great stuff on postfix config in the clamav docs, among other places.
 
Old 03-16-2011, 01:21 PM   #3
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Quote:
Do you want to try removing that last bit?
that's a bit risky. you'd be relying on postfix's builtin safety net, if any, to prevent your becoming an open relay.

@grob115, in light of your smtpd_recipient_restrictions, your client (outlook) is not successful in authenticating. maybe you should do a manual authentication test as described here. also, since you might consider using sasl over tls, unless you don't plan on using PLAIN/LOGIN authentication.

Last edited by Berhanie; 03-16-2011 at 01:32 PM.
 
Old 03-16-2011, 08:55 PM   #4
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Quote:
mynetworks = 127.0.0.1
This line determines the i.p. addresses from which Postfix will relay mail. Only your server is configured to relay mail to the internet.

Change this to

mynetworks = subnet

Postfix will relay mail from i.p. addresses on the subnet in which your server is located.

It is best to use this document when learning Postfix.

http://www.postfix.org/BASIC_CONFIGURATION_README.html

Read the section entitled "What clients to relay from". A few more options exist.

Last edited by jamrock; 03-16-2011 at 09:01 PM.
 
Old 03-22-2011, 09:40 AM   #5
grob115
Member
 
Registered: Oct 2005
Posts: 528

Original Poster
Rep: Reputation: 32
Hi, thanks for the responses. I recalled that I actually was able to get send mail and no changes to the mail server setup has been applied so not sure why it's not behaving now. Nevertheless, I attempted to verify my memory by going over the settings versus the steps listed on Postfix's site for SASL. Here are the two lines that I want to emphasize.

Code:
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
The second line should have permitted me to send mail, as long as I'm authenticated via SASL successfully regardless of what my client's IP is.

The first one should have generated the following
250-AUTH PLAIN

However I'm seeing this instead
Code:
220 mail.domain.com ESMTP Service ready
EHLO mail.hotmail.com
250-Requested mail action okay, completed
250-SIZE 10000000
250-ETRN
250-8BITMIME
250 OK

Can someone tell me why I am not seeing the line
Quote:
250-AUTH PLAIN
?
 
Old 03-22-2011, 12:12 PM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Postfix by itself does not perform authentication (SASL). In order to add this functionality you need a 3rd party library. Last I recall, Postfix supported this feature with either the Dovecot or Cyrus authentication libraries. Of the two, Dovecot is easier to configure.
 
Old 03-23-2011, 08:17 AM   #7
grob115
Member
 
Registered: Oct 2005
Posts: 528

Original Poster
Rep: Reputation: 32
That has been configured. The point is, why am I not seeing the AUTH line, after I have typed in EHLO mail.hotmail.com. Any ideas?
 
Old 03-23-2011, 10:02 AM   #8
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
two things come to mind:
1. error in postfix<->cyrus-sasl communication: check maillog for errors.
2. the smtp dialog you pasted above did not come from the postfix server in question: the banner is non-standard, and so it the "Requested mail action okay, completed" line.
 
Old 03-26-2011, 07:42 AM   #9
grob115
Member
 
Registered: Oct 2005
Posts: 528

Original Poster
Rep: Reputation: 32
Um... it is indeed from the mail server. What specific messages should I grep for if I check the /var/log/maillog?

Noticed if I have Putty onto the box and do the same test, I have the following.
Code:
220 mail.domain.com ESMTP Postfix
ehlo mail.hotmail.com
250-mail.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN CRAM-MD5 LOGIN DIGEST-MD5
250-AUTH=PLAIN CRAM-MD5 LOGIN DIGEST-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Deleted the firewall policy and added it again, and it now works. So it was a firewall issue.

Last edited by grob115; 03-26-2011 at 08:44 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Postfix 2.0.16 on Redhat Enterprise Linux 3.0AS does not deliver mail to outlook lilthon2002 Linux - Newbie 2 03-16-2011 11:18 PM
Rejecting mail where sender matches recipient in postfix Gethyn Linux - Server 3 08-23-2009 10:51 AM
Postfix removes text/html part from mail client Outlook 2007 mcvilla Linux - Newbie 2 03-08-2008 10:13 AM
Rejecting non local mail for specific e-mail address vrsic Linux - Server 4 10-24-2006 02:46 AM
postfix outgoing mail fail from outlook express importboy03 Linux - Networking 0 02-20-2003 02:54 PM


All times are GMT -5. The time now is 03:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration