SMTP authentication for outgoing emails from Windows-based devices

Mon, 06 Jan 2014 10:22:47 -0800

Hi, I've encountered a problem with Windows-based devices, such as Windows Phones, being unable to send mail through postfix. The problem and resolution are described at http://answers.microsoft.com/en-us/winphone/forum/wp8-wpemail/smtp-authentication-for-outgoing-emails-via-a/2132a705-e1d0-401d-9883-f22f7ed2cb6a
However, if I add LOGIN to mech_list in /etc/postfix/sasl/smtpd.conf to address that problem, our SMTP server becomes an open relay. Does anyone have any idea what might be causing this and what the fix is to allow Windows devices to send mail while not opening a mail relay? 


/etc/postfix/sasl/smtpd.conf:

pwcheck_method: saslauthd
mech_list: PLAIN
log_level: 0


postconf -n

address_verify_poll_count = ${stress?1}${stress:3}
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, ldap:ldap
anvil_rate_time_unit = 60s
append_dot_mydomain = yes
body_checks = pcre:/etc/postfix/access/body_access
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
default_process_limit = 250

default_rbl_reply = $rbl_code Service unavailable; $rbl_class 
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}. 
Contact <postmas...@whoi.edu> if this is in error.

header_checks = pcre:/etc/postfix/access/header_access
html_directory = /usr/share/doc/postfix/html
mailbox_size_limit = 0
message_size_limit = 104857600
mime_header_checks = pcre:/etc/postfix/access/mime_header_checks

mydestination = $myhostname, $mydomain, postal2.$mydomain, 
outbox.$mydomain, 	mail.$mydomain, localhost.$mydomain, 
localhost.localdomain, localhost,	beachcomberscompanion.org, 
whoi.net,	cinar.org,	bco-dmo.org,	bcodmo.org,	oceanopportunities.org

myhostname = postal2.whoi.edu
mynetworks = 128.128.0.0/16, 127.0.0.0/8, 199.92.168.150, 172.16.8.0/24
myorigin = $mydomain
parent_domain_matches_subdomains =
permit_mx_backup_networks = $mynetworks
rbl_reply_maps = hash:/etc/postfix/access/dnsbl_replies
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +

relay_domains = hash:/etc/postfix/mx_host_relays,	oceanus.whoi.edu, 
atlantis.whoi.edu	knorr.whoi.edu,	tioga.whoi.edu,	bosun.whoi.edu, 
striker.whoi.edu,	striker2.whoi.edu,	sssg1.whoi.edu,	wbc.whoi.edu

relayhost =
relocated_maps = hash:/etc/postfix/relocated
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_rate_limit = 60
smtpd_client_message_rate_limit = 250
smtpd_client_new_tls_session_rate_limit = 60
smtpd_client_recipient_rate_limit = 300

smtpd_client_restrictions = check_client_access 
hash:/etc/postfix/access/connect_client_access

smtpd_delay_reject = yes
smtpd_error_sleep_time = 5s
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks,        check_helo_access 
pcre:/etc/postfix/access/final_helo_access

smtpd_junk_command_limit = ${stress?1}${stress:100}

smtpd_recipient_restrictions = reject_unauth_pipelining, 
reject_non_fqdn_recipient,        check_sender_access 
pcre:/etc/postfix/access/final_sender_access, 
reject_unknown_recipient_domain,	permit_sasl_authenticated, 
permit_mynetworks,	reject_unauth_destination, 
reject_unknown_sender_domain,        check_recipient_access 
pcre:/etc/postfix/access/final_recipient_access, 
check_client_access hash:/etc/postfix/access/final_client_access, 
 check_helo_access pcre:/etc/postfix/access/suspect_helo, 
reject_rbl_client b.barracudacentral.org,	reject_rbl_client 
zen.spamhaus.org,        reject_rbl_client autospam.whoi.edu, 
reject_rhsbl_sender dsn.rfc-ignorant.org,        reject_rbl_client 
dnsbl.ahbl.org,        reject_rbl_client http.dnsbl.sorbs.net, 
reject_rbl_client socks.dnsbl.sorbs.net,        reject_rbl_client 
misc.dnsbl.sorbs.net,        reject_rbl_client web.dnsbl.sorbs.net, 
   reject_rbl_client dul.dnsbl.sorbs.net,        reject_rbl_client bl.
 spamcop.net,	reject_rbl_client cbl.abuseat.org, 
reject_rbl_client dyna.spamrats.com,        reject_rbl_client 
noptr.spamrats.com,        reject_rbl_client virbl.dnsbl.bit.nl, 
reject_rbl_client ix.dnsbl.manitu.net,	reject_rbl_client 
backscatter.spameatingmonkey.net,	reject_rbl_client 
bl.spameatingmonkey.net,	reject_rhsbl_sender 
fresh.spameatingmonkey.net,	reject_rhsbl_client 
fresh.spameatingmonkey.net,	reject_rhsbl_sender 
uribl.spameatingmonkey.net,	reject_rhsbl_client 
uribl.spameatingmonkey.net,	reject_rhsbl_sender 
urired.spameatingmonkey.net,	reject_rhsbl_client 
urired.spameatingmonkey.net, 	check_sender_access 
hash:/etc/postfix/access/check_backscatterer,	check_policy_service 
inet:127.0.0.1:10023,        permit

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated,  permit_mynetworks
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = ${stress?10}${stress:300}s
smtpd_timeout = ${stress?10}${stress:300}s
smtpd_tls_CAfile = /etc/postfix/tls/whoi-inCommon-interim.cer
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/tls/whoi-inCommon-certificate.cer
smtpd_tls_key_file = /etc/postfix/tls/whoi-inCommon-private.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:vldap























					Reply via email to