Re: 554 5.7.1 relay access denied

Tue, 16 Feb 2010 13:57:47 -0800 

On 2/16/2010 2:43 PM, Jeff Lacki wrote:

Noel Jones wrote:


And did postfix log that this session authenticated?

No....and I think I see the problem, but not sure where it is.
When I telnet localhost 25 and authenticate I get:

Feb 17 15:19:42 202010-1 postfix/smtpd[23113]: connect from
localhost.localdomain[127.0.0.1]
Feb 17 15:20:12 202010-1 dovecot: auth(default): client in: AUTH 2 plain
service=smtp nologin lip=127.0.0.1 rip=127.0.0.1 resp=<hidden>
Feb 17 15:20:12 202010-1 dovecot: auth(default):
passwd-file(jeff,127.0.0.1): lookup: user=jeff file=/etc/shadow
Feb 17 15:20:12 202010-1 dovecot: auth(default): client out: OK 2 user=jeff

Feb 17 15:20:32 202010-1 postfix/smtpd[23113]: 4C4486581D2:
client=localhost.localdomain[127.0.0.1], sasl_method=plain,
sasl_username=jeff
Feb 17 15:20:44 202010-1 postfix/smtpd[23113]: disconnect from
localhost.localdomain[127.0.0.1]

Which appears to authenticate I believe.


Yes, authentication was successful above.


Show your current "postconf -n".

local_recipient_maps =



This should be left at the default so that local recipients 
are validated.  Otherwise you'll get loads of undeliverable 
mail clogging your queue and will eventually get blacklisted 
as a backscatter source.


Just remove it from your main.cf.


smtpd_client_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/client_access


change "permit_mynetworks" to
"permit_mynetworks, permit_sasl_authenticated"

Do this for all your smtpd_*_restrictions entries.


smtpd_data_restrictions = reject_unauth_pipelining, permit



This should really have "permit_mynetworks, 
permit_sasl_authenticated" to prevent accidentally rejecting 
mail from your own users.




smtpd_hard_error_limit = 6
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_client_access


again, "permit_mynetworks, permit_sasl_authenticated, "


hash:/etc/postfix/good_clients, hash:/etc/post
fix/access, hash:/etc/postfix/bad_ips, reject_unknown_helo_hostname,
reject_non_fqdn_hostname, reject
_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname,
reject_unknown_hostname
smtpd_recipient_restrictions = permit_mynetworks, check_client_access


again, "permit_mynetworks, permit_sasl_authenticated, "


hash:/etc/postfix/client_access, permit
_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject
_non_fqdn_recipient, reject_unknown_sender_domain,



Nothing else jumps out at me as an error.  You might want to 
review your list of RBLs and make sure they're all still active.



  -- Noel Jones






















					Reply via email to