On 04/21/2010 07:19 PM, Oliver Schinagl wrote: > On 04/21/10 23:47, mouss wrote: >> Oliver Schinagl a écrit : >> >>> Hello all, >>> >>> I've been trying to figure out why a new server I setup using postfix >>> doesn't allow me to relay messages after I authenticate (using >>> cyrus-sasl). It appears then I can authenticate just fine, but when I >>> try to send a message, I get a RBL error. I obviously want my ADSL IP >>> not to be whitelisted from the sending end (as it's dhcp and just a >>> regular adsl ip) but I would have expected that after authentication the >>> RBL would be bypassed? >>> >>> >> Show logs that prove your claims: >> 1- user was authenticated >> 2- relay was denied >> >> for (1), you should find a line like this: >> Apr 21 00:11:06 imlil postfix/smtpd[41827]: 454E8E54888: >> client=ouzoud.netoyen.net[82.239.111.75], sasl_method=PLAIN, >> sasl_username=mo...@ml.netoyen.net >> >> > Sorry for forgetting, > > I can post 2; I'm having troubles finding 1, because I think that's > whats going wrong ;) > > Apr 19 14:30:36 example postfix/smtpd[26549]: connect from > xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx] > Apr 19 14:30:36 example postfix/smtpd[26549]: NOQUEUE: reject: CONNECT > from xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx]: 554 5.7.1 Service > unavailable; Client host [xx.xxx.xx.xx] blocked using zen.spamhaus.org; > http://www.spamhaus.org/query/bl?ip=xx.xxx.xx.xx; proto=SMTP > Apr 19 14:30:36 example postfix/smtpd[26549]: too many errors after > CONNECT from xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx] > Apr 19 14:30:36 example postfix/smtpd[26549]: disconnect from > xx-xxx-xx-xx.ip.someisp.nl[xx.xxx.xx.xx] > > What does work however, is if i telnet from my own host (which isn't in > the pbl so it makes testing for me really hard (unless I could fake my > domain temporarly to be on the pbl?) and AUTH LOGIN and send a message > it does work, so sasl_auth must be working right? > > Apr 21 19:17:42 example postfix/smtpd[27551]: 3A47410E63: > client=yyy-yy-ftth.myisp.nl[yyy.yyy.yy.yyy], sasl_method=LOGIN, > sasl_username=theuser > > > Either thunderbird isn't trying to auth at all (even though I told it > to) or it gets RBLed before it could even try to auth, which is what I'm > thinking. > > My test box, (diff server basically) which is on the pbl normally, is > down for maintanance atm (broken nic :S) so all I got is users > complaining unable to send mail on the new server, and I can't figure > out what I have done wrong. >> >> >>> I thought I pretty much set it up the same way as my older server, which >>> accepts my mail just fine! Guess I was wrong, and I can't find the >>> differences. >>> >>> As I've setup my server, I tried to document it as well as possible over >>> at the gentoo-wiki; >>> >>> http://en.gentoo-wiki.com/wiki/Complete_Virtual_Mail_Server >>> >>> >>> The entire postfix server seems to be running excellently as far as I >>> can tell, except for not being able to send from remote 'internet' IP's >>> that are on the PBL. >>> >>> Find below my postconf -n (having replaced the real hostname with >>> foo.example) >>> === >>> postconf -n >>> biff = no >>> broken_sasl_auth_clients = no >>> command_directory = /usr/sbin >>> config_directory = /etc/postfix >>> daemon_directory = /usr/lib64/postfix >>> data_directory = /var/lib/postfix >>> debug_peer_level = 1 >>> disable_vrfy_command = yes >>> home_mailbox = .maildir/ >>> html_directory = /usr/share/doc/postfix-2.6.5/html >>> mail_owner = postfix >>> mailq_path = /usr/bin/mailq >>> manpage_directory = /usr/share/man >>> message_size_limit = 20480000 >>> mydomain = example.com >>> myhostname = foo.example.com >>> mynetworks_style = host >>> newaliases_path = /usr/bin/newaliases >>> queue_directory = /var/spool/postfix >>> readme_directory = /usr/share/doc/postfix-2.6.5/readme >>> recipient_delimiter = + >>> relay_domains = pgsql:/etc/postfix/pgsql/pgsql-relay-domains-maps.cf >>> sendmail_path = /usr/sbin/sendmail >>> setgid_group = postdrop >>> smtpd_banner = $myhostname NO UCE ESMTP >>> smtpd_client_restrictions = permit_mynetworks, >>> permit_sasl_authenticated, permit_mx_backup, reject_rbl_client >>> zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client >>> bl.spamcop.net >>> smtpd_delay_reject = no >>> smtpd_helo_required = yes >>> smtpd_helo_restrictions = reject_invalid_hostname >>> smtpd_recipient_restrictions = permit_mynetworks, >>> permit_sasl_authenticated, permit_mx_backup, check_policy_service >>> inet:127.0.0.1:2525, reject_unauth_destination >>> smtpd_sasl_auth_enable = yes >>> smtpd_sasl_authenticated_header = no >>> smtpd_sasl_local_domain = >>> smtpd_sasl_security_options = noanonymous >>> smtpd_tls_CAfile = /etc/ssl/certs/cacert.org.pem >>> smtpd_tls_auth_only = no >>> smtpd_tls_cert_file = /etc/postfix/ssl/smtp.example.com_server.pem >>> smtpd_tls_key_file = /etc/postfix/ssl/smtp.example.com_privatekey.pem >>> smtpd_tls_loglevel = 0 >>> smtpd_tls_received_header = yes >>> smtpd_tls_session_cache_timeout = 3600s >>> smtpd_use_tls = yes >>> soft_bounce = no >>> tls_random_source = dev:/dev/urandom >>> unknown_local_recipient_reject_code = 550 >>> virtual_alias_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-alias-maps.cf >>> virtual_gid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-gid-maps.cf >>> virtual_mailbox_base = /var/vmail >>> virtual_mailbox_domains = >>> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-domains.cf >>> virtual_mailbox_limit_maps = >>> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-limit-maps.cf >>> virtual_mailbox_limit_override = yes >>> virtual_mailbox_maps = >>> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-maps.cf >>> virtual_maildir_extended = yes >>> virtual_maildir_limit_message = "Sorry, the recipients mailbox is >>> currently full. Please try again later." >>> virtual_overquota_bounce = no >>> virtual_trash_count = no >>> virtual_trash_name = ".Trash" >>> virtual_uid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-uid-maps.cf >>> >> >
Is there some reason you aren't using the submission port (587) ? -matt
