LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix SASL - Relay access denied (https://www.linuxquestions.org/questions/linux-server-73/postfix-sasl-relay-access-denied-870012/)

malayo 03-21-2011 11:17 AM
Postfix SASL - Relay access denied
 
distro = debian 5

when i tried to send to other domain, i will get "Relay access denied"

below are my configs

main.cf
Code:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = dubdub.com, mail.dubdub.com, localhost.dubdub.com, localhost
myhostname = mail.dubdub.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = dubdub.com
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
/etc/default/saslauthd
Code:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/dovecot/dovecot.conf
Code:
...

auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}

}

}
...
what could cause this?

Noway2 03-21-2011 11:49 AM
Relay access denied means that Postfix did not get proper authentication of the user attempting to send the message and that the message was for a domain other than one it receives mail for. You've got permit_mynetworks and permit_sasl_authenticated, which suggests that you were trying to send mail to a different domain via an email client on a different host. Your mymyetworks parameter looks to be configured for various versions of localhost. I would look at the postfix logs and if you think the login should have been authenticated, turn on debugging in Dovecot by switching the debug parameters to yes in the dovecot configuration.

malayo 03-22-2011 07:28 AM
i don't know what to make of these dovecot debug messages
Code:
dovecot: 2011-03-22 20:22:17 Info: auth(default2): new auth connection: pid=22224
dovecot: 2011-03-22 20:22:17 Info: auth(default): new auth connection: pid=22224
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client in: AUTH      1      PLAIN  service=IMAP    secured lip=100.80.200.60      rip=121.120.10.100
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client out: CONT    1     
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client in: CONT<hidden>
dovecot: 2011-03-22 20:22:19 Info: auth(default2): pam(user1,121.120.10.100): lookup service=dovecot
dovecot: 2011-03-22 20:22:19 Info: auth(default2): client out: OK      1      user=user1
dovecot: 2011-03-22 20:22:19 Info: auth(default2): master in: REQUEST  1      20328  1
dovecot: 2011-03-22 20:22:19 Info: auth(default2): passwd(user1,121.120.10.100): lookup
dovecot: 2011-03-22 20:22:19 Info: auth(default2): master out: USER    1      user1    system_user=user1        uid=1001        gid=1001        home=/home/user1
dovecot: 2011-03-22 20:22:19 Info: imap-login: Login: user=<user1>, method=PLAIN, rip=121.120.10.100, lip=100.80.200.60, TLS
postfix debug messages
Code:
Mar 22 20:22:07 205202 postfix/smtpd[25728]: disconnect from unknown[121.120.10.100]
Mar 22 20:22:10 205202 postfix/smtpd[25728]: connect from unknown[121.120.10.100]
Mar 22 20:22:42 205202 postfix/smtpd[25728]: NOQUEUE: reject: RCPT from unknown[121.120.10.100]: 554 5.7.1 <malayo@malayo.org>: Relay access denied; from=<user1@dubdub.com> to=<malayo@malayo.org> proto=ESMTP helo=<hoi>
but i can send from outside to local user
Code:
Mar 22 21:09:08 205202 postfix/smtpd[26003]: connect from unknown[121.120.10.100]
Mar 22 21:09:46 205202 postfix/smtpd[26003]: 1F681B93130A: client=unknown[121.120.10.100]
Mar 22 21:10:37 205202 postfix/cleanup[1538]: 1F681B93130A: message-id=<20110322130946.1F681B93130A@dubdub.com>
Mar 22 21:10:37 205202 postfix/qmgr[30240]: 1F681B93130A: from=<malayo@malayo.org>, size=374, nrcpt=1 (queue active)
Mar 22 21:10:37 205202 postfix/local[9971]: 1F681B93130A: to=<user1@dubdub.com>, relay=local, delay=67, delays=67/0.02/0/0.05, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
Mar 22 21:10:37 205202 postfix/qmgr[30240]: 1F681B93130A: removed
Mar 22 21:10:40 205202 postfix/smtpd[26003]: disconnect from unknown[121.120.10.100]

cincindie 03-23-2011 05:45 AM
Did you turn on authentication in your email client? In your postfix log, if you had turned on authentication, you should see something like the following after the connect statement:

Mar 22 20:22:10 205202 postfix/smtpd[25728]: random string: client=server_name[IP], sasl_method=(login or plain), sasl_username=authenticated_username

Noway2 03-23-2011 11:47 AM
Cincindie, that is a good observation. The logs they posted appear to indicate that dovecot is authenticating the user and resolving the credentials properly, but this is not being passed on to Postfix.


All times are GMT -5. The time now is 09:00 PM.