On 7/12/2011 12:12 AM, Ron Garret wrote:
>
> On Jul 11, 2011, at 9:31 PM, Stan Hoeppner wrote:
>
>> On 7/11/2011 8:12 PM, Ron Garret wrote:
>>> I'm trying to set up a relay host with authentication according to these
>>> instructions:
>>>
>>> http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/
>>>
>>> but it's not working. I know my SMTP server is set up properly because I
>>> can send mail using various other clients, but postfix is apparently not
>>> even attempting to authorize. Here are the relevant lines from main.cf:
>>>
>>> relayhost = secure.genesisgroup.info
>>> smtp_sasl_auth_enable = yes
>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>>> smtp_sasl_security_options =
>>>
>>> Here is a log excerpt from my server from a successful login from a
>>> different client (python smtplib):
>>>
>>> Jul 11 17:59:57 vm01 postfix/smtpd[812]: connect from
>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]
>>> Jul 11 17:59:58 vm01 postfix/smtpd[812]: A567C4CA949:
>>> client=ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10],
>>> sasl_method=LOGIN, sasl_username=XXX
>>>
>>> and here's the same thing when Postfix tries to connect between the same
>>> two machines:
>>>
>>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: connect from
>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]
>>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: NOQUEUE: reject: RCPT from
>>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]: 554 5.7.1
>>> <ron.gar...@gmail.com>: Relay access denied;
>>> from=<r...@sunfire-offices.com> to=<ron.gar...@gmail.com> proto=ESMTP
>>> helo=<mail.sunfire-offices.com>
>>>
>>> As you can see, postfix is not even attempting to authorize.
>>>
>>> What am I doing wrong?
>>
>> You're not telling us what you're attempting to accomplish for starters.
>
> Sorry, I thought that would be clear from the context. I'm trying to do
> exactly what you say:
>
>> When you specify relayhost you're telling Postfix to forward all non
>> local outbound mail to a gateway instead of delivering it directly to
>> internet MX destinations.
>
> Yes, that is exactly what I'm trying to do. The reason is that mail sent
> directly from an EC2 instance is usually flagged as spam by many mail
> recipients because the reverse DNS doesn't resolve properly.
>
>> You're showing smtpd logging, but the relayhost parameter applies to
>> smtp, not smtpd. Your logging shows a host connecting to your Postfix
>> server, not your Postfix server connecting to secure.genesisgroup.info.
>
>
> The log excerpts are taken from the postfix server on
> secure.genesisgroup.info, which is the machine I want to use to relay
> outbound mail from the EC2 instance. Sorry that wasn't clear.
Ok, now the logging snippets make sense. I'm guessing you simply need
to add permit_sasl_authenticated to your smtpd_client_restrictions on
host secure.genesisgroup.info, or if you use the "everything under
smtpd_recipient_restrictions" main.cf style you'd do:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
...
You provided 'postconf -d' instead of 'postconf -n', so it's impossible
for me to tell what your parameters actually are. "-d" simply shows the
Postfix defaults. Please provide 'postconf -n' so we can wrap this
thread up, assuming permit_sasl_authenticated doesn't fix the problem.
--
Stan
