LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix rejecting mail from Outlook (https://www.linuxquestions.org/questions/linux-server-73/postfix-rejecting-mail-from-outlook-868957/)

grob115 03-16-2011 10:48 AM
Postfix rejecting mail from Outlook
 
Hi, thought if I have enforced to use the Linux /etc/passwd file to authenticate myself from Outlook, Postfix will accept mail from any IPs. However, I'm not able to send mails from my Outlook via my mail server to someone else on the Internet. Am seeing the following in Postfix's log.
Code:
Mar 11 21:07:39 production postfix/smtpd[16366]: connect from pcdxxxxx.netvigator.com[203.218.211.256]
Mar 11 21:07:39 production postfix/smtpd[16366]: NOQUEUE: reject: RCPT from pcdxxxxx.netvigator.com[203.218.211.256]: 554 5.7.1 <someone@hotmail.com>: Relay access denied; from=<mate@mydomain.com> to=<someone@hotmail.com> proto=ESMTP helo=<Windows>
Mar 11 21:07:42 production postfix/smtpd[16366]: disconnect from pcdxxxxx.netvigator.com[203.218.211.256]
Here are my Postfix settings.
Code:
[root@production ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = <mail server's public IP>, 127.0.0.1
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.1
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550

business_kid 03-16-2011 12:58 PM
Quote:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Do you want to try removing that last bit?(reject_unauth_destination). This isn't a solution, but an attempt to clarify the problem. BTW, there's great stuff on postfix config in the clamav docs, among other places.

Berhanie 03-16-2011 01:21 PM
Quote:
Do you want to try removing that last bit?
that's a bit risky. you'd be relying on postfix's builtin safety net, if any, to prevent your becoming an open relay.

@grob115, in light of your smtpd_recipient_restrictions, your client (outlook) is not successful in authenticating. maybe you should do a manual authentication test as described here. also, since you might consider using sasl over tls, unless you don't plan on using PLAIN/LOGIN authentication.

jamrock 03-16-2011 08:55 PM
Quote:
mynetworks = 127.0.0.1
This line determines the i.p. addresses from which Postfix will relay mail. Only your server is configured to relay mail to the internet.

Change this to

mynetworks = subnet

Postfix will relay mail from i.p. addresses on the subnet in which your server is located.

It is best to use this document when learning Postfix.

http://www.postfix.org/BASIC_CONFIGURATION_README.html

Read the section entitled "What clients to relay from". A few more options exist.

grob115 03-22-2011 09:40 AM
Hi, thanks for the responses. I recalled that I actually was able to get send mail and no changes to the mail server setup has been applied so not sure why it's not behaving now. Nevertheless, I attempted to verify my memory by going over the settings versus the steps listed on Postfix's site for SASL. Here are the two lines that I want to emphasize.

Code:
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
The second line should have permitted me to send mail, as long as I'm authenticated via SASL successfully regardless of what my client's IP is.

The first one should have generated the following
250-AUTH PLAIN

However I'm seeing this instead
Code:
220 mail.domain.com ESMTP Service ready
EHLO mail.hotmail.com
250-Requested mail action okay, completed
250-SIZE 10000000
250-ETRN
250-8BITMIME
250 OK

Can someone tell me why I am not seeing the line
Quote:
250-AUTH PLAIN
?

Noway2 03-22-2011 12:12 PM
Postfix by itself does not perform authentication (SASL). In order to add this functionality you need a 3rd party library. Last I recall, Postfix supported this feature with either the Dovecot or Cyrus authentication libraries. Of the two, Dovecot is easier to configure.

grob115 03-23-2011 08:17 AM
That has been configured. The point is, why am I not seeing the AUTH line, after I have typed in EHLO mail.hotmail.com. Any ideas?

Berhanie 03-23-2011 10:02 AM
two things come to mind:
1. error in postfix<->cyrus-sasl communication: check maillog for errors.
2. the smtp dialog you pasted above did not come from the postfix server in question: the banner is non-standard, and so it the "Requested mail action okay, completed" line.

grob115 03-26-2011 07:42 AM
Um... it is indeed from the mail server. What specific messages should I grep for if I check the /var/log/maillog?

Noticed if I have Putty onto the box and do the same test, I have the following.
Code:
220 mail.domain.com ESMTP Postfix
ehlo mail.hotmail.com
250-mail.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN CRAM-MD5 LOGIN DIGEST-MD5
250-AUTH=PLAIN CRAM-MD5 LOGIN DIGEST-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Deleted the firewall policy and added it again, and it now works. So it was a firewall issue.


All times are GMT -5. The time now is 04:36 PM.