Sent from my iPhone
On 22/04/2010, at 12:49, Noel Jones <njo...@megan.vbhcs.org> wrote:
On 4/21/2010 9:03 PM, Oliver Schinagl wrote:
On 04/22/10 03:55, Noel Jones wrote:
On 4/21/2010 8:39 PM, Oliver Schinagl wrote:
Heh, I suppose it wasn't as straightforward as that; I'll look
more into
it after some sleep, I enabled it with the following:
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
(even tried uncommenting both, which shouldn't matter inmo?)
But got denied errors, telnet didn't tell me much, thunderbird
told me
slightly more:
An error occurred sending mail: The mail server sent an incorrect
greeting: 5.7.1<yyy-yy-ftth.myisp.nl[yyy.yyy.yy.yyy]>: Client host
rejected: Access denied.
It won't even ask me for my sasl password, nothing. A mistery for
the
next day.
Please show your current "postconf -n" and the error message from
the
postfix logs. Showing error messages from the client or from telnet
are not particularly useful.
-- Noel Jones
My current postconf -n is exactly as above in the mail; i hadn't
changed
anything, i only pasted the relevant part from master.conf that i
changed.
I don't see a postconf -n in this mail. I asked for a new copy to
make sure of its current contents, and because I deleted your
previous messages and don't feel like rummaging around in the trash.
Apr 21 21:39:19 example postfix/smtpd[21360]: connect from
yyy-yyy-ftth.myisp.nl[yyy.yyy.yyy.yyy]
Apr 21 21:39:19 example postfix/smtpd[21360]: NOQUEUE: reject:
CONNECT
from yyy-yyy-ftth.myisp.nl[yyy.yyy.yyy.yyy]
: 554 5.7.1<yyy-yyy-ftth.myisp.nl[yyy.yyy.yyy.yyy]>: Client host
rejected: Access denied; proto=SMTP
Apr 21 21:39:24 example postfix/smtpd[21360]: disconnect from
yyy-yyy-ftth.myisp.nl[yyy.yyy.yyy.yyy]
The client was rejected during the CONNECT stage. This implies you
are using "smtpd_delay_reject = no".
Don't do that, the client doesn't get a chance to authenticate.
is the corresponding postfix error; Basically what thunderbird
reported :)
The postfix log is far more useful; it tells us your problem is (at
least) you need to unset smtpd_delay_reject. There may be other
problems exposed once you fix this one.
Looking at the message you sent David Cottle, I think he's doing what
Matt suggested I should do? Use submission to bypass RBL stuff; I'd
gladly add those 2 options as well, but why would they not be in the
default config? You'd think that the default submission bit was
exactly
that, allow users to bypass everything and submit messages
directly. I'm
to tired to think atm so I'll check it all out again tomorrow :)
Sleep well :)
There is no evidence David's client ever authenticates. Not quite
the same problem. Your client doesn't authenticate either, but
that's because you don't give them the chance.
Using the "submission" port is an accepted solution to the common
problems[1] of how to allow mobile users to send mail to your
server. The main advantage is it allows you to specify a different
policy[2] for authenticated users.
You can add "-o smtpd_delay_reject=yes" to the submission entry in
master.cf to insure that changes to that parameter in main.cf won't
affect the submission service. But a better solution is just don't
mess with that setting; leave it at the default "yes".
"submission" is commented out in the default postfix config because
a relatively small subset of folks using postfix need it, and it's
not nice to open ports not needed.
[1] IP listed in RBL. ISP or hotspot blocks port 25 access.
[2] accept mail from authenticated clients no matter how screwed up
their mailer or their IP
-- Noel Jones
Hi Noel,
I tried running
testsaslauthd -u usermailname -p matchingpass -s smtp
I get
connect () : No such file or directory
