LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Wheezy/Postfix/Dovecot/SASL 554 5.7.1 Client host rejected: Access Denied (https://www.linuxquestions.org/questions/linux-server-73/wheezy-postfix-dovecot-sasl-554-5-7-1-client-host-rejected-access-denied-4175512344/)

RedSquirl 07-26-2014 08:06 AM
Wheezy/Postfix/Dovecot/SASL 554 5.7.1 Client host rejected: Access Denied
 
Hi guys,

I followed this tutorial to the letter: https://www.digitalocean.com/communi...r-with-dovecot

The installation has gone fine, with one small exception: sending messages from a remote client.

It feels as though Postfix is not honoring the permitsaslauthenticated parameter in main.cf (smtpdrecipientrestrictions) - to elaborate:

I can successfully authenticate via IMAP from a remote client (using Outlook 2010), am able to traverse the mail folder structure and receive new email as it comes in, I can't, however, send any mail - initially, it immediately returned a Server error: 554 5.7.1 error. I then modified master.conf and edited out:
# -o smtpdrecipientrestrictions=permitmynetworks,permitsaslauthenticated,rejectunauth_destination - this has now left me with messages sitting in the outbound queue and subsequently timing out.

I was just wondering if anybody is able to offer an opinion as to what's happening and how I might fix it.

One other thing to note: of course, if I add my remote IP to mynetworks, I can send mail without issue.


postconf -n:

aliasdatabase = hash:/etc/aliases
aliasmaps = hash:/etc/aliases
configdirectory = /etc/postfix
inetinterfaces = all
localrecipientmaps = proxy:unix:passwd.byname $aliasmaps
mailboxsizelimit = 0
mydestination = mail.domain.com, domain.com, localhost, localhost.localdomain
myhostname = mail.domain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
recipientdelimiter = +
relayhost =
smtptlssessioncachedatabase = btree:${datadirectory}/smtpscache
smtpdrecipientrestrictions = permitmynetworks permitsaslauthenticated deferunauthdestination
smtpdtlscertfile = /etc/ssl/certs/mailcert.pem
smtpdtlskeyfile = /etc/ssl/private/mail.key
smtpdtlsprotocols = !SSLv2, !SSLv3
smtpdtlssecuritylevel = may
smtpdtlssessioncachedatabase = btree:${datadirectory}/smtpdscache
smtpdusetls = yes

master.cf:

smtp inet n - - - - smtpd
-o content_filter=spamassassin
smtp inet n - - - 1 postscreen
smtpd pass - - - - - smtpd
dnsblog unix - - - - 0 dnsblog
tlsproxy unix - - - - 0 tlsproxy

submission inet n - - - - smtpd
-o syslogname=postfix/submission
-o smtpdtlswrappermode=no
-o smtpdtlssecuritylevel=encrypt
-o smtpdsaslauthenable=yes
-o smtpdclientrestrictions=permitsaslauthenticated,reject
-o smtpdrecipientrestrictions=permitmynetworks,permitsaslauthenticated,rejectunauthdestination
-o miltermacrodaemonname=ORIGINATING
-o smtpdsasltype=dovecot
-o smtpdsaslpath=private/auth
smtps inet n - - - - smtpd
-o syslogname=postfix/smtps
-o smtpdtlswrappermode=yes
-o smtpdsaslauthenable=yes
-o smtpdclientrestrictions=permitsaslauthenticated,reject
-o miltermacrodaemonname=ORIGINATING
628 inet n - - - - qmqpd

pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
qmgr fifo n - n 300 1 oqmgr

tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtphelotimeout=5 -o smtpconnecttimeout=5

showq unix n - - - - showq

/var/log/mail.log (modified):

Jul 26 13:37:08 Scratchy dovecot: imap-login: Login: user=<user>, method=PLAIN, rip=1.2.3.4, lip=4.5.6.7, mpid=20681, TLS, session=<2WC58hf/xgBeDEO/>
Jul 26 13:37:08 Scratchy dovecot: imap-login: Login: user=<user>, method=PLAIN, rip=1.2.3.4, lip=4.5.6.7, mpid=20683, TLS, session=<Q6y88hf/zABeDEO/>
Jul 26 13:37:42 Scratchy dovecot: imap(user): Disconnected: Logged out in=97 out=620
Jul 26 13:37:47 Scratchy postfix/submission/smtpd[20685]: warning: hostname <address> does not resolve to address 4.5.6.7: No address associated with hostname
Jul 26 13:37:47 Scratchy postfix/submission/smtpd[20685]: connect from unknown[4.5.6.7]
Jul 26 13:37:47 Scratchy postfix/submission/smtpd[20685]: NOQUEUE: reject: RCPT from unknown[4.5.6.7]: 554 5.7.1 <unknown[4.5.6.7]>: Client host rejected: Access denied; from=some@email.com to=some.other@email.com proto=ESMTP helo=<8ZV1YY1PC>
Jul 26 13:37:49 Scratchy postfix/submission/smtpd[20685]: disconnect from unknown[4.5.6.7]

ceyx 07-26-2014 05:43 PM
Your underscores are missing ?
from your linked tutorial :

Quote:
o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
Where are yours ?

Quote:
-o smtpdrecipientrestrictions=permitmynetworks,permitsaslauthenticated,rejectunauthdestination

RedSquirl 07-27-2014 08:13 AM
Apologies, this was simply a formatting error - the underscores are there exactly as they should be

ceyx 07-27-2014 12:14 PM
Looks like postfix cannot identify the sender of the emails.

What is the output of
Quote:
hostname -f
on the computer that is sending the emails ?
It should be the same as
Quote:
hostname
, but without the FQDN suffix.

You might want to put the troublesome line back in, but shorten it to
Quote:
smtpd_recipient_restrictions=permit_mynetworks,
and then once working properly, add on the rest in succession and test each addition.

Postfix looks ( to me ) to be saying "we don't know who this sender is":
Quote:
warning: hostname <address> does not resolve to address 4.5.6.7: No address associated with hostname
. Postfix performs a reverse dns lookup and if it does not match the forward dns lookup then it rejects the email, as it quite correctly assumes it to be spam.

Check your dns settings on all machines using the postfix server.

Keep us posted ( ha ha )


All times are GMT -5. The time now is 02:42 AM.