LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 05-04-2011, 10:44 PM   #1
CopalFreak
LQ Newbie
 
Registered: May 2011
Location: Texas, USA
Distribution: Slackware
Posts: 12

Rep: Reputation: Disabled
Exclamation Postfix+Dovecot+MySQL+SASL/TLS : Client host rejected: Access denied


Hiya folks!
I am hoping desperately that there is some uber-guru out there with some extra time on his/her hands to help me with a problem.
I have been searching forums and working on this for 2 weeks now and I am going in circles. I really NEED to get this working very quickly so if anybody out there can assist me, I would appreciate it.

GOAL:
Slackware 13.1 server with postfix and dovecot handling email for 300+ virtual users in MySQL (just the users..the emails them selves are stored on the hard drive), both incoming and outgoing scanned for spam with spamassassin and scanned for viruses with clamav (possibly amavis, not sure yet..current plan is clamav). Users should be able to access email from either an imap client (authentication required to send/receive) or webmail via https.
Server should allow all incoming email as long as the recipient exists as a virtual user (in mysql) AND the sender email matches with a valid FQDname (to cut down on spam) Otherwise, reject it. Sever should relay email for valid virtual user once they have been authenticated.

SITUATION:
sending email (as root) from a command line on the local machine to a virtual user or to a user on an outside domain works great but says its from 'root@{MyHostname}.localdomain'.

sending email from webmail to either a virtual user or user at outside domain results in error :

error from webmail client:
Code:
"Authentication required 530 5.7.0 Must issue a STARTTLS command first"
error in /varlog/maillog/:
Code:
dovecot: auth: mysql: Connected to localhost (mail)
dovecot: imap-login: Login: user=<{myusername@mydomain}>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2822, secured
dovecot: imap({myusername@mydomain}): Disconnected: Logged out bytes=117/1449

postfix/smtpd[2814]: connect from localhost[127.0.0.1]
postfix/smtpd[2814]: lost connection after EHLO from localhost[127.0.0.1]
postfix/smtpd[2814]: disconnect from localhost[127.0.0.1]

sending email from imap e-mail client (both as a valid virtual user sending email to another(or same) valid virtual user, or as an outside domain user sending email TO a valid virtual user) results in error :

error from imap email client:
Code:
"An error occured sending mail: The mail server sent an incorrect greeting 5.7.1 <{MyIP}>: Client host rejected: Access denied."
error in /var/log/maillog/:
Code:
postfix/smtpd[2904]: connect from {MyIP}
postfix/smtpd[2904]: NOQUEUE: reject: CONNECT from {MyIP}: 554 5.7.1 <{MyIP}>: Client host rejected: Access denied; proto=SMTP

here are the portions from /etc/postfix/main.cf that I think might be affecting this :
(this is of course not the whole thing, only the things I think might help determine the problem)
Code:
smtpd_sasl_sender_login_maps =
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = 
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit
smtpd_use_tls = no
virtual_transport = dovecot
virtual_maps = proxy:mysql:/etc/postfix/mysql_virtual_maps.cf
same thing here with /etc/postfix/master.cf
Code:
smtp  inet  n  -  n  -  -  smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=proxy:mysql:/etc/postfix/mysql_virtual_login_maps.cf
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject

#interface
dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/libexec/dovecot/deliver -d $(recipient)

I can NOT telnet localhost 25 :
Code:
554 5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access denied
At one point, I COULD but I was getting this:
Code:
>>ehlo localhost
>>{MyHostname}.localdomain
(instead of {MyDomainName} so if hostname=MyServer and domain = example.com, it would say "MyServer.localdomain" instead of "example.com" or "mail.example.com")

Even when that was the case, I was still getting the 'Client host rejected: access denied' error for mail examples above though...just thought it might be worth mentioning.

I have a feeling I am probably skipping something, so if you have any questions that might help get this thing going, ask away.

I am pretty desperate here and will go out of my way to make this easier on anybody that is willing and able to help get this going in a rapid manner.

I have skype, vent, email, cell-phone, land-line, and might even provide remote access via ssh and a SCREEN session.

It seems like I am very close to getting this thing going, but I am at the end of my deadline and am going in circles running into this same issue over and over again.

I suspect there may be several steps in solving this problem, but I am willing to try just about anything at this point.

I would greatly appreciate any assistance anybody could provide in helping me get this thing going asap.

Thanks!!
-=*CopalFreak*=-

Last edited by CopalFreak; 05-05-2011 at 03:24 AM.
 
Old 05-05-2011, 12:41 PM   #2
NetNightmare
Member
 
Registered: Sep 2005
Location: Rome
Distribution: Slackware
Posts: 34

Rep: Reputation: 15
Hi,

I think you miss to give us alot of information , posting just a part of your config leave me with alot of dubt of what you left out , so it is hard to give out advise .. I am far from being a guru of postfix , anyway I l try my best to give you some insight :

1) you say you' ll use spamassassin and clamav ( via amavis ) but I don't see any of this configuration in your master.cf , so I assume you ll configure those later on ... ( anyway if oyur going to deploy amavis you may want also that to manage spamassassin )

2) I think your doing a good lot of misconception as far as go as smtpd configuration via master.cf ... your configuring smtp deamon to require authentication , and that is why your getting the access denied even from localhost ( since you do not even have a permit_mynetworks)

Definitely I suggest you go back to postfix documentation, deploying such a server is not trivial task
 
Old 05-05-2011, 07:41 PM   #3
CopalFreak
LQ Newbie
 
Registered: May 2011
Location: Texas, USA
Distribution: Slackware
Posts: 12

Original Poster
Rep: Reputation: Disabled
Thank you for the reply!

1) Actually I thought Amavis is a separate scanner product altogether. What I meant was that I am currently planning to scan emails with spamassassin and Clamav, but may add Amavis later because most of the example configurations I am seeing on the net are using Amavis. (I don't know enough about that yet, and was planning on getting that done AFTER this part is fixed..I mentioned it in case it makes a difference in the configuration)

2) I do have permit_mynetworks for smtpd_recipient_restrictions in the postfix main.cf (as posted above).
Is it supposed to go somewhere else also? In all of the forums and docs I have seen, I haven't seen it in the master.cf...maybe I missed it..will check again.

I can certainly post the entire contents of the .cf files, but I figured this would be enough for anybody that knows what they are doing..or at least would ask for more info.
It's a TON of junk to go through and as I said, I am willing to go out of my way, so if it's lack of config files that is causing lack of response here, I can certainly post them...just somebody let me know what info I need to give in order to get the proper help I need.

Thanks for the response NetNightmare!
I will look further into the master.cf and go over the docs again.
(although following docs and tutorials on the net is what got me into the situation in the first place)

-=*CopalFreak*=-



Quote:
Originally Posted by NetNightmare View Post
Hi,

I think you miss to give us alot of information , posting just a part of your config leave me with alot of dubt of what you left out , so it is hard to give out advise .. I am far from being a guru of postfix , anyway I l try my best to give you some insight :

1) you say you' ll use spamassassin and clamav ( via amavis ) but I don't see any of this configuration in your master.cf , so I assume you ll configure those later on ... ( anyway if oyur going to deploy amavis you may want also that to manage spamassassin )

2) I think your doing a good lot of misconception as far as go as smtpd configuration via master.cf ... your configuring smtp deamon to require authentication , and that is why your getting the access denied even from localhost ( since you do not even have a permit_mynetworks)

Definitely I suggest you go back to postfix documentation, deploying such a server is not trivial task
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix SASL - Relay access denied malayo Linux - Server 4 03-23-2011 12:47 PM
[SOLVED] TLS / SASL authentication, dovecot and postfix - does this config look correct? TonyAR Linux - Server 2 10-14-2010 12:40 PM
Postfix, Dovecot, MySQL users - issue with SASL silviap Linux - Server 2 06-17-2009 07:24 AM
Postfix: Recipient address rejected: Relay access denied; stormrider_may Linux - Networking 5 02-18-2006 06:38 AM
Postfix error: Client host rejected: cannot find your hostname. olegarr Linux - Networking 2 06-28-2003 04:38 PM


All times are GMT -5. The time now is 05:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration