Postfix smtp with SASL from ANY ip to ANY address
Hi all,
I have successfully set up Postfix to do smtp and use SASL... but at the moment it is just possible to smtp from IPs i set on mynetworks (e.g. xxx.xxx.xxx.xxx) and ONLY to local addresses. I want my users to be able to smtp from ANY ip and send mail to ANY address (even outside my server) does anyone know how to do this? (i have wasted ages to make this work.. with no luck) Below is a small snippet of the relevant configuration in my main.cf file.. Any help would be appreciated! Alex Code:
# local |
Below is my configuration, which allows smtp from any IP to any IP.
Code:
# see /usr/share/postfix/main.cf.dist for a commented, fuller |
Tnx,
I manage to receive mail from outside address by setting: Code:
smtpd_recipient_restrictions = SASL authentication failure: no secret in database so i still cannot send mail to addresses outside my domains. Any ideas? Code:
Jan 1 15:07:22 xyz postfix/smtpd[7380]: connect from unknown[xx.xxx.xxx.xxx] |
SASL is currently configured to check for usernames/password in a database (/etc/sasldb I think). You will need to confiure SASL to use a differnt authetication method, or add the usernames to the database. The approproate configartion files are /etc/defaults/saslauthd and /etc/postfix/sasl/smtpd.conf I think.
See:Debian Sarge: The Perfect Setup |
Thanks saman007uk,
I am storing it in database and using /etc/postfix/sasl/smtpd.conf. Do you know how should the password be encoded? I am getting this error now: SASL authentication failure: incorrect digest response all the best for the new year, Alex |
That's probably because the postfix daemon is chrooted, and can't access the files. See if the following helps (I rather create symlinks than move files):
Code:
mkdir -p /var/spool/postfix/etc Personally, I rather use PAM to authenticate for SMTP rather than a databse, since it means I don't have to worry about modyfing the databse everytime a user changes their password. |
saman007uk,
I managed to get it working from the database (I am using an admin tool that adds passwords there) .. what is worring is that it needs plain password .. but nevermind this for a sec the problem now is that although the SASL auth works the emails are queued forever because of: "[hotmail.com]: Name or service not known" or [gmx.net]: Name or service not known why could this be? Code:
Jan 1 23:22:40 cytopia postfix/smtpd[10579]: connect from unknown[xx.xxx.xxx.xxx] |
Postfix can't do DNS lookups. Doing the following migth help:
Code:
postconf - e'disable_dns_lookups = no' Code:
dig mx hotmail.com |
Code:
# postconf - e'disable_dns_lookups = no' Code:
xyz:~# su postfix |
From your DNS query, I can see that postfix is unable to lookup MX DNS recors.
You should have gotten something like this: Code:
; <<>> DiG 9.2.5 <<>> mx hotmail.com |
that is bizarre.
why would such a thing happen? Is it my network provider's fault? |
Try the same command as the root user, see what you get. Are you using Debian stable?
|
I am Debian 3.1 stable yes.. and I get the same results for root
.. i also run bind9 on the server.. could this be related somehow? |
Yes, it is very likly that the server is trying to lookup the domaisn from the local bind server.
Look at /etc/resolv.conf and see if it lists the localserver. |
Thanks for you petience saman007uk,
yes you are right there /etc/resolv.conf has: nameserver 127.0.0.1 there is also a weird record: search org (the file says not to edit it by hand) so i did: resolvconf -d nameserver 127.0.0.1 (remove) resolvconf -u (update scripts) but the local address is still in the file.. how do i remove it? |
The command is:
Code:
resolvconf -a eth0 name-server-ip |
resolvconf -a eth0 xxx.xxx.xxx.xxx
stucks! and does not return unless i do "Ctrl^c" does this mean that there is a problem with my nameservers? by the way the nameservers are already in /etc/resolv.conf Alex |
I'm pretty sure that you can just edit /etc/resolv.conf manually, but if you don't like that, the following shoudl also solve your problem.
Add the following to the options{} part of /etc/bind/named.conf: Code:
forwarders { Then, to speed things up a bit, you can add the following for each of other domains/zones that you are hosting DNS data for: Code:
forwarders {}; |
Excellent!
I added the forwarders and all works fine.. all i need now is store the digest-md5 passwords in the database and i should be ready (it already works with plain passwords) BiG thanks to saman007uk and a note to newbies trying to use this howto: http://www.besy.co.uk/projects/debia...rver_howto.htm At its Second version it is not complete and DOES NOT work.. so do not waste your time with it.. the author said a complete third version will be soon available Alex |
I did a bit of searching, and it turns out that the "resolvconf" utility actually reads the DNS data from /etc/network/interfaces.
For example, if your netwrok interface is called eth0, then you file should have something like this: Code:
auto eth0 Code:
resolvconf -u |
i added:
//recursion no; allow-recursion { 127.0.0.1; }; and it works perfect no need to edit resolv.conf Thanks saman007uk, Alex |
All times are GMT -5. The time now is 06:41 PM. |