Postfix is Installed

aratis · 02-07-2006, 08:09 PM

So I have the following installed and working:
-Postfix
-Dovecot
-Spamassassin
-ClamAV
-MailScanner
-SquirrelMail
-SASL

I can send Emails to the outside world from the machine itself and I can also use SquirrelMail to send Emails to the outside world. I can send Emails from user to user on the system but I can't, however, send Emails to a user on the system from another Email system (ie. if I try to send an Email to user@mydomain.com from Hotmail it just bounces with a "Relay 554" message).

My questions are:
-How can I setup this mail server to send from anywhere? I want to be able to connect to mail.mydomain.com from anywhere that I travel using Thunderbird. Webmail is to slim in features.
-How can I accept Emails from people that aren't on my network? Receive Emails from *@*.com

I know the answers lie within the "main.cf" but I am still new to the whole mail server world and I don't won't to play around and start pullin' cables

Thanks For Any Help.

aratis · 02-12-2006, 09:41 PM

is there no possible way to do this?

msound · 02-12-2006, 10:25 PM

well receiving emails shouldn't be a problem. As long as you have the myhostname and mydomain parameters setup correctly, and the appropriate ports opened up, you should be able to receive from other domains (ie hotmail, gmail, yahoo, anything).

The only parameters I have for receiving mail are -
myhostname = mail.mydomain.com
mydomain = mydomain.com
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

Again just double check that your firewall is allowing ports 25, 110, and 143. And make sure your services are listening for connections by running netstat -an | grep 25 in the command line.

Sending from anywhere is usally the tricky part. But as long as you have SASL authentication working then you just need to add -
permit_sasl_authenticated to the smtpd_recipient_restrictions paramenter. That tells postfix to allow anyone whos authenticated via sasl to send messages to any outside domain. Servers put a block on relaying by default because spammers will find and abuse the hell out of open relays.

I hope this helps.

msound · 02-12-2006, 10:30 PM

Edit - oops, double post.

aratis · 02-13-2006, 07:01 AM

Thanks I will give it a go and let you know if I have any problems!

aratis · 02-15-2006, 09:47 AM

Ok. I have done what has been suggested and I am still getting the following
http://aiquma.com/3.png

This message appears when I try to use the server to send to someone on another domain.....?

I am lost?

msound · 02-15-2006, 02:07 PM

Did you configure thunderbird's smtp settings to use a username and password? Any mail client that accesses your server will need to have smtp authentication turned on, otherwise the relaying access will be denied.

aratis · 02-15-2006, 04:04 PM

Yes it is set to authenticate. I just checked.

msound · 02-15-2006, 07:46 PM

do you get prompted for smtp authentication? If not then there's a problem with your sasl and main.cf. If you do get prompted, and it can distinguish between a valid and invalid username and password, then we can narrow it down to just your main.cf file.

aratis · 02-16-2006, 04:48 AM

No. I do not get prompted for a pass or the like. I am almost sure it is something in my main.cf but I am not sure.... below is my main.cf

Code:

#soft_bounce = no


queue_directory = /var/spool/postfix


command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

mail_owner = postfix

#default_privs = nobody

#aratis 2-7-06

myhostname = mail.tunneltr.com
#myhostname = virtual.domain.tld

#
#aratis 2-7-06
#
mydomain = tunneltr.com

#aratis 2-7-06
#
#myorigin = $myhostname
myorigin = $mydomain

#
#aratis 2-7-06
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost

#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

#
#aratis 2-7-06
#
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#	mail.$mydomain, www.$mydomain, ftp.$mydomain

#aratis 2-7-06
#
local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

#aratis 2-7-06
#
unknown_local_recipient_reject_code = 550

#
#aratis 2-7-06
# 
#mynetworks_style = class
mynetworks_style = subnet
#mynetworks_style = host

#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

#aratis 2-7-06
#
relay_domains = $mydestination

#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

# 
#relay_recipient_maps = hash:/etc/postfix/relay_recipients

#in_flow_delay = 1s

#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

#
#recipient_delimiter = +

#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
 
#
#aratis 2-7-06
#
#mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail

#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =

#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
  
#
#header_checks = regexp:/etc/postfix/header_checks

# 
#fast_flush_domains = $relay_domains

#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)


#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

debug_peer_level = 2

#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

#
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

# 
sendmail_path = /usr/sbin/sendmail.postfix

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix

# mailq_path: The full pathname of the Postfix mailq command.  This
# is the Sendmail-compatible mail queue listing command.
# 
mailq_path = /usr/bin/mailq.postfix

# setgid_group: The group for mail submission and queue management
# commands.  This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop

# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no

# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.1.5/samples

# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES


#
#
#
#   All Below aratis 2-7-06
#
#
#
header_checks = regexp:/etc/postfix/header_checks
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

message_size_limit = 20971520
mailbox_size_limit = 1004857600

msound · 02-16-2006, 01:04 PM

Alrighty I have a few changes for you to try.

I dont use the relay_domains parameter. So comment that line out.
Then change smtpd_recipient_restrictions
from:
permit_sasl_authenticated, permit_mynetworks, check_relay_domains
to:
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

I also uncommented the mynetworks and included:
192.168.0.0/28, 192.168.1.0/28, 127.0.0.0/8, 127.0.0.1/8

and I didnt' use the network_style option. The main thing to try is removing the relay_domains parameters. The server should only care about the sasl authentication. If a user can authenticate, then the domain is irrelevant.

Here are my SASL rules:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

Holla back.

aratis · 02-16-2006, 01:35 PM

Still getting the same message. I was excited that there is help out there, but to no avail. here is the new main.cf file

Code:

#soft_bounce = no

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

mail_owner = postfix

#default_privs = nobody

#admin 2-7-06
#
myhostname = mail.aaa.com
#myhostname = virtual.domain.tld

#admin 2-7-06
#
mydomain = aaa.com

#admin 2-7-06
#
#myorigin = $myhostname
myorigin = $mydomain

#admin 2-7-06
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost

#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

#admin 2-7-06
#
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#	mail.$mydomain, www.$mydomain, ftp.$mydomain

#admin 2-7-06
#
local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

#admin 2-7-06
#
unknown_local_recipient_reject_code = 550

#admin 2-16-06
# 
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

#admin 2-16-06
#
mynetworks = 168.100.189.0/28, 127.0.0.0/8, 192.168.0.0/28, 192.168.1.0/28, 127.0.0.0/8, 127.0.0.1/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

#in_flow_delay = 1s

#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

#recipient_delimiter = +

#home_mailbox = Mailbox
#home_mailbox = Maildir/
 
#admin 2-7-06
#
#mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail

#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
  
#header_checks = regexp:/etc/postfix/header_checks

#fast_flush_domains = $relay_domains

#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

debug_peer_level = 2

#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.1.5/samples

readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES


#
#
#
#   All Below admin 2-7-06
#
#
#
header_checks = regexp:/etc/postfix/header_checks
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

message_size_limit = 20971520
mailbox_size_limit = 1004857600

msound · 02-16-2006, 02:08 PM

Try the following changes:

uncomment
#default_privs = nobody

It doesn't look like you have smtp_client options. Try adding:
smtpd_client_restrictions =
permit_mynetworks
reject_rbl_client relays.ordb.org
reject_rbl_client sbl.spamhaus.org
permit

Remember the white space IS important at the start of each line. Or you can use your comma method.
The new line above tells postfix to access SMTP connections from every client IP that isn't blacklisted. You need this to allow remote user relaying. I'm sorry I didn't catch that before.

Granting SMTP access to everyone sounds bad, but your sasl authentication will prevent malicious spammers from turning you into an open relay... Unless they gain access to a valid username and password. So remember to use strong passwords!

aratis · 02-16-2006, 07:19 PM

Still no luck. I think I am going to throw in the towel and resort to OS X on a G5. It promises "out of the box" rediness and this has taken this ole goof too long to get working

Does anyone know how to get MailScanner working on OSX mail server? I know that the setup is Postfix...

Thanks a lot for your help msound!

aratis · 02-19-2006, 04:39 PM

Well OSX was a bust! Mailscanner doesn't work in OSX.

I have setup Postfix again in CentOS 4.2 and I can send emails fine as long as I am connected to the network that the server is on....I can't connect up remotely.

Any help?