On a new postfix/dovecot configuration, email is generally working OK. That said, I'm seeing "Client host rejected: Access denied" messages in the logs for two of the client company principals when they are connecting remotely. I'm pretty certain their mail clients are set up correctly to authenticate (but will confirm this tomorrow) as the owner is pretty tech-savvy. However, I did note in the logs that their local ip in the helo parameter (e.g. helo=<[192.168.1.125]>) is the same IP block (192.168.1.x) as the office LAN. Is it possible this is what is causing the access to be denied?
My postconf -n output is as follows: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relayhost = [mail.telus.net] sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/pki/tls/certs/mail.iprc.ca.cert smtpd_tls_key_file = /etc/pki/tls/private/mail.iprc.ca.key smtpd_tls_security_level = may tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 Thanks, Des -- Des Dougan Principal Dougan Consulting Group Inc. http://www.DouganConsulting.tel <-- Get all my contact information here. http://www.DouganConsulting.com Peace of Mind, One Computer at a Time. --- Imagine anyone on the planet being able to find and then contact you with a single click. YourName.tel is all you will give anyone ever again. Want in? http://registertel.tel/
