On 07/11/2011 10:12 PM, Ron Garret wrote: > > On Jul 11, 2011, at 9:31 PM, Stan Hoeppner wrote: > >> On 7/11/2011 8:12 PM, Ron Garret wrote: >>> I'm trying to set up a relay host with authentication according to these >>> instructions: >>> >>> http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/ >>> >>> but it's not working. I know my SMTP server is set up properly because I >>> can send mail using various other clients, but postfix is apparently not >>> even attempting to authorize. Here are the relevant lines from main.cf: >>> >>> relayhost = secure.genesisgroup.info >>> smtp_sasl_auth_enable = yes >>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >>> smtp_sasl_security_options = >>> >>> Here is a log excerpt from my server from a successful login from a >>> different client (python smtplib): >>> >>> Jul 11 17:59:57 vm01 postfix/smtpd[812]: connect from >>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >>> Jul 11 17:59:58 vm01 postfix/smtpd[812]: A567C4CA949: >>> client=ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10], >>> sasl_method=LOGIN, sasl_username=XXX >>> >>> and here's the same thing when Postfix tries to connect between the same >>> two machines: >>> >>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: connect from >>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >>> Jul 11 18:00:26 vm01 postfix/smtpd[820]: NOQUEUE: reject: RCPT from >>> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]: 554 5.7.1 >>> <ron.gar...@gmail.com>: Relay access denied; >>> from=<r...@sunfire-offices.com> to=<ron.gar...@gmail.com> proto=ESMTP >>> helo=<mail.sunfire-offices.com> >>> >>> As you can see, postfix is not even attempting to authorize. >>> >>> What am I doing wrong? >> >> You're not telling us what you're attempting to accomplish for starters. > > Sorry, I thought that would be clear from the context. I'm trying to do > exactly what you say: > >> When you specify relayhost you're telling Postfix to forward all non >> local outbound mail to a gateway instead of delivering it directly to >> internet MX destinations. > > Yes, that is exactly what I'm trying to do. The reason is that mail sent > directly from an EC2 instance is usually flagged as spam by many mail > recipients because the reverse DNS doesn't resolve properly. > >> You're showing smtpd logging, but the relayhost parameter applies to >> smtp, not smtpd. Your logging shows a host connecting to your Postfix >> server, not your Postfix server connecting to secure.genesisgroup.info. > > > The log excerpts are taken from the postfix server on > secure.genesisgroup.info, which is the machine I want to use to relay > outbound mail from the EC2 instance. Sorry that wasn't clear. > >> Either you don't understand the relayhost parameter, or I simply don't >> understand your goal here, or probably both. > > > Well, I'm clearly missing something. But I don't think it's the relayhost > parameter. > > rg >
As stated by Jeroen, supplying the list with the output of 'postconf -n' would be much more preferred than sending the entire output of 'postconf'. There is no need for people to wade through hundreds of lines that are configured for default values. The server at secure.genesisgroup.info only advertises AUTH support after STARTTLS. Therefore, in order to successfully authenticate with that server from the client at 184.73.65.10, the following configuration changes will need to be made on 184.73.65.10: Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at least a setting of 'may'. This will allow the SMTP client to attempt STARTTLS connections with remote hosts. Set smtp_sasl_security_options = noanonymous (or whatever is appropriate). The remote server at secure.genesisgroup.info advertises the following: AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN Read the TLS_README and SASL_README files for more information. -Mike
