I've been fighting with this problem a bit now. Google and RTFM have
been pretty kind to me, and I'm about 90% to having a solution
implemented. I've gotten hung up on one little detail, and I find
myself in need of some guidance.
I run a RHEL5 server with postfix, clam, spamassassin, & dovecot. About
a year or so ago I switched from Sendmail (which I had been running
since 1995) to Postfix when I rebuilt my mail server, and it's been a
pretty painless conversion. I have discovered a couple of mail servers
on the net that will not accept mail from any customer at my ISP ("We're
sorry, but the class B that you're coming from is in the MAPS database
as being dynamically assigned, so bugger off!" Funny... I've paid for
a block of static addresses for 3 years now from my ISP) so I've got to
relay mail to a couple of specific domain through my ISP's mail server.
Their server admin is a pretty decent guy and generally has a clue and
I've got things mostly working. My ISP's mail server is doing
non-encrypted SASL for outbound mail on an odd-ball port, (577) and only
accepting connections from IP address space allocated to it's customers.
In my main.cf I have this line:
transport_maps = hash:/etc/postfix/transport
in my /etc/postfix/transport I have these two lines: (host/domain names
changed to protect the innocent)
foo.com smtp:[smtp.my-isp.net]:577
.foo.com smtp:[smtp.my-isp.net]:577
and in /etc/postfix/sasl_password I have this:
smtp.my-isp.net:577 MyUsernameHere:MyPasswordHere
I have used postmap to hash the transport file and the sasl_password
file. When I tail -f /var/log/maillog, and send a test e-mail to
someone at foo.com, here's what I see:
Sep 3 20:17:55 perrin postfix/smtp[25264]: certificate verification
failed for mail.my-isp.net: num=20:unable to get local issuer certificate
Sep 3 20:17:55 perrin postfix/smtp[25264]: certificate verification
failed for mail.my-isp.net: num=27:certificate not trusted
Sep 3 20:17:55 perrin postfix/smtp[25264]: certificate verification
failed for mail.my-isp.net: num=21:unable to verify the first certificate
Sep 3 20:17:55 perrin postfix/smtp[25264]: Server certificate could not
be verified
Sep 3 20:17:57 perrin postfix/smtp[25264]: 0CC783353FA:
to=<[EMAIL PROTECTED]>, relay=mail.southslope.net[167.142.226.73],
delay=7, status=bounced (host mail.my-isp.net[167.42.226.73] said: 530
[EMAIL PROTECTED] You must authenticate first (in reply to MAIL FROM command))
Sep 3 20:18:01 perrin postfix/cleanup[25211]: 4C44D3353FF:
message-id=<[EMAIL PROTECTED]>
Sep 3 20:18:01 perrin postfix/qmgr[19404]: 4C44D3353FF: from=<>,
size=2703, nrcpt=1 (queue active)
Sep 3 20:18:01 perrin postfix/qmgr[19404]: 0CC783353FA: removed
Sep 3 20:18:01 perrin postfix/local[25254]: 4C44D3353FF:
to=<[EMAIL PROTECTED]>, relay=local, delay=0, status=sent (delivered to
mailbox)
Sep 3 20:18:01 perrin postfix/qmgr[19404]: 4C44D3353FF: removed
It looks a lot like it's not doing any sort of authentication when
trying to connect to the ISP's mail server. Any suggestions? Feel
free to suggest something that might seem painfully obvious to you,
Thanks,
- Micah
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
