Hello everyone, We have our mail relays. In these relays we check the users aliases in our LDAP.
Furthermore, we want other servers to relay on our sides authenticating with a fix user with sasl_password, but I can't make this work. This is our config, postconf -n: alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes html_directory = /usr/share/doc/postfix-2.2.8-documentation/html inet_protocols = ipv4 local_recipient_maps = ldap:/etc/postfix/validUser.cf $alias_maps local_transport = smtp:[192.168.100.203]:25 mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man matchlogin_bind = yes matchlogin_bind_dn = cn=mailuser,dc=domain,dc=es matchlogin_bind_pw = ********** matchlogin_query_filter = (|(mail=%s)(mailAlternateAddress=%s)) matchlogin_result_attribute = uid matchlogin_scope = sub matchlogin_search_base = idnc=usuarios,dc=domain,dc=es matchlogin_server_host = ldaps://virt_ldap matchlogin_server_port = 636 matchlogin_timeout = 10 matchlogin_version = 3 maximal_queue_lifetime = 5d message_size_limit = 30000000 mydestination = /etc/postfix/dominiosMigrados mydomain = my.domain.es myhostname = relay.domain.es mynetworks = 127.0.0.0/8 mynetworks_style = subnet myorigin = relay.domain.es newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.8-documentation/readme recipient_canonical_maps = hash:/etc/postfix/recipient_canonical relayhost = [192.168.100.212] sample_directory = /etc/postfix sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_banner = relay.domain.es ESMTP DOMAIN Mail Server smtpd_client_restrictions = check_client_access hash:/etc/postfix/emisores-prohibidos smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_overshoot_limit = 100 smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_login_maps = ldap:matchlogin smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/emisores-prohibidos smtpd_timeout = 300s smtpd_tls_CAfile = /var/SGI/certificados/certificados2012/TERENASSLCA.crt smtpd_tls_cert_file = /var/SGI/certificados/certificados2012/certificate.crt smtpd_tls_key_file = /var/SGI/certificados/certificados2012/certificate_nopass.pem smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = ldap:/etc/postfix/ldapListasTransport.cf, ldap:/etc/postfix/ldapUsuariosLocalesTransport.cf, hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 In the other servers accessing to ours, is similar but relaying to our server. We created the sasl_password file with this: 192.168.13.19 user:password And in the main.cf: smtpd_sasl_auth_enable = yes #smtpd_sasl_application_name = smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_password_maps = hash:/etc/postfix/sasl-passwords smtpd_sasl_local_domain = broken_sasl_auth_clients = yes In our servers it keeps showing this error: Dec 17 16:54:45 relay postfix/smtpd[19444]: NOQUEUE: reject: RCPT from unknown[192.168.13.50]: 553 5.7.1 <u...@my.domain.es>: Sender address rejected: not logged in; from=<u...@my.domain.es> to=<us...@domain2.com> proto=ESMTP helo=<estafeta2.relay.es> Which is normal, because it can't check the users identity. Is there anything I'm missing in order to communicate between our servers? Thank you very much in advanced. Kind regards. Héctor Moreno Blanco. P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________
