LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-21-2011, 12:17 PM   #1
malayo
Member
 
Registered: Dec 2010
Posts: 122

Rep: Reputation: 1
Postfix SASL - Relay access denied


distro = debian 5

when i tried to send to other domain, i will get "Relay access denied"

below are my configs

main.cf
Code:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = dubdub.com, mail.dubdub.com, localhost.dubdub.com, localhost
myhostname = mail.dubdub.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = 
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = dubdub.com
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
/etc/default/saslauthd
Code:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/dovecot/dovecot.conf
Code:
...

auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}

}

}
...
what could cause this?
 
Old 03-21-2011, 12:49 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Relay access denied means that Postfix did not get proper authentication of the user attempting to send the message and that the message was for a domain other than one it receives mail for. You've got permit_mynetworks and permit_sasl_authenticated, which suggests that you were trying to send mail to a different domain via an email client on a different host. Your mymyetworks parameter looks to be configured for various versions of localhost. I would look at the postfix logs and if you think the login should have been authenticated, turn on debugging in Dovecot by switching the debug parameters to yes in the dovecot configuration.
 
Old 03-22-2011, 08:28 AM   #3
malayo
Member
 
Registered: Dec 2010
Posts: 122

Original Poster
Rep: Reputation: 1
i don't know what to make of these dovecot debug messages
Code:
dovecot: 2011-03-22 20:22:17 Info: auth(default2): new auth connection: pid=22224
dovecot: 2011-03-22 20:22:17 Info: auth(default): new auth connection: pid=22224
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client in: AUTH      1       PLAIN   service=IMAP    secured lip=100.80.200.60       rip=121.120.10.100
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client out: CONT     1       
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client in: CONT<hidden>
dovecot: 2011-03-22 20:22:19 Info: auth(default2): pam(user1,121.120.10.100): lookup service=dovecot
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client out: OK       1       user=user1
dovecot: 2011-03-22 20:22:19 Info: auth(default2): master in: REQUEST   1       20328   1
dovecot: 2011-03-22 20:22:19 Info: auth(default2): passwd(user1,121.120.10.100): lookup
dovecot: 2011-03-22 20:22:19 Info: auth(default2): master out: USER     1       user1    system_user=user1        uid=1001        gid=1001        home=/home/user1
dovecot: 2011-03-22 20:22:19 Info: imap-login: Login: user=<user1>, method=PLAIN, rip=121.120.10.100, lip=100.80.200.60, TLS
postfix debug messages
Code:
Mar 22 20:22:07 205202 postfix/smtpd[25728]: disconnect from unknown[121.120.10.100]
Mar 22 20:22:10 205202 postfix/smtpd[25728]: connect from unknown[121.120.10.100]
Mar 22 20:22:42 205202 postfix/smtpd[25728]: NOQUEUE: reject: RCPT from unknown[121.120.10.100]: 554 5.7.1 <malayo@malayo.org>: Relay access denied; from=<user1@dubdub.com> to=<malayo@malayo.org> proto=ESMTP helo=<hoi>
but i can send from outside to local user
Code:
Mar 22 21:09:08 205202 postfix/smtpd[26003]: connect from unknown[121.120.10.100]
Mar 22 21:09:46 205202 postfix/smtpd[26003]: 1F681B93130A: client=unknown[121.120.10.100]
Mar 22 21:10:37 205202 postfix/cleanup[1538]: 1F681B93130A: message-id=<20110322130946.1F681B93130A@dubdub.com>
Mar 22 21:10:37 205202 postfix/qmgr[30240]: 1F681B93130A: from=<malayo@malayo.org>, size=374, nrcpt=1 (queue active)
Mar 22 21:10:37 205202 postfix/local[9971]: 1F681B93130A: to=<user1@dubdub.com>, relay=local, delay=67, delays=67/0.02/0/0.05, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
Mar 22 21:10:37 205202 postfix/qmgr[30240]: 1F681B93130A: removed
Mar 22 21:10:40 205202 postfix/smtpd[26003]: disconnect from unknown[121.120.10.100]

Last edited by malayo; 03-22-2011 at 09:13 AM.
 
Old 03-23-2011, 06:45 AM   #4
cincindie
Member
 
Registered: Jul 2004
Location: Zinzinnati, OH
Distribution: RH, FC 1-6, F 7-17, Debian, LinuxPPC, Knoppix, Ubuntu, Yellow Dog
Posts: 175

Rep: Reputation: 31
Did you turn on authentication in your email client? In your postfix log, if you had turned on authentication, you should see something like the following after the connect statement:

Mar 22 20:22:10 205202 postfix/smtpd[25728]: random string: client=server_name[IP], sasl_method=(login or plain), sasl_username=authenticated_username
 
1 members found this post helpful.
Old 03-23-2011, 12:47 PM   #5
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Cincindie, that is a good observation. The logs they posted appear to indicate that dovecot is authenticating the user and resolving the credentials properly, but this is not being passed on to Postfix.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix-Relay access denied i_nomad Linux - Newbie 14 05-01-2008 07:01 PM
Postfix Relay Access Denied dwpondscum Linux - Networking 2 09-20-2007 05:37 AM
HELP! POSTFIX Relay access denied cozyk1515 Linux - Software 3 07-21-2006 09:56 AM
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 08:15 PM
Postfix and Relay access denied jamiguel77 Linux - Software 3 03-12-2005 11:53 AM


All times are GMT -5. The time now is 08:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration