On 1/28/2014 12:55 PM, Terry Barnum wrote: > First off, thank you Wietse for postfix. It's really amazing software and I > appreciate the hard work and dedication by you and others here that make it > so great. > > Okay, my problem: I have a new employee that works remotely using Windows 7 > Outlook 2010. This is our first Windows and Outlook user but I have eight > other employees successfully sending and receiving mail from outside for > several years using Macs, iPhones & Androids. His Outlook is configured to > use port 587 with TLS and port 993 with SSL. postfix and dovecot use a > self-signed certificate. > > From the (redacted) mail log: > > Jan 27 15:17:20 mailbox postfix/smtpd[84445]: connect from > xx-xx-xx-xx.lightspeed.sndgca.sbcglobal.net[12.34.56.78] > Jan 27 15:17:20 mailbox postfix/smtpd[84445]: Anonymous TLS connection > established from xx-xx-xx-xx.lightspeed.sndgca.sbcglobal.net[12.34.56.78]: > TLSv1 with cipher AES128-SHA (128/128 bits) > Jan 27 15:17:20 mailbox postfix/smtpd[84445]: NOQUEUE: reject: RCPT from > xx-xx-xx-xx.lightspeed.sndgca.sbcglobal.net[12.34.56.78]: 554 5.7.1 > <xx-xx-xx-xx.lightspeed.sndgca.sbcglobal.net[12.34.56.78]>: Client host > rejected: Access denied; from=<u...@dop.com> to=<u...@dop.com> proto=ESMTP > helo=<userPC>
It appears the client did not authenticate. Does your SASL backend offer the LOGIN mechanism? Some outlook versions won't use the PLAIN mechanism that most other clients prefer. Are you sure they're connecting on port 587? It's helpful to add a custom syslog name to the master.cf submission entry so you can tell in the logs. # master.cf ... submission ... smtpd ... -o syslog_name=postfix/submission -- Noel Jones > Jan 27 15:17:20 mailbox postfix/smtpd[84445]: lost connection after RCPT from > xx-xx-xx-xx.lightspeed.sndgca.sbcglobal.net[12.34.56.78] > Jan 27 15:17:20 mailbox postfix/smtpd[84445]: disconnect from > xx-xx-xx-xx.lightspeed.sndgca.sbcglobal.net[12.34.56.78] > > Is there additional Outlook configuration needed or do I have a postfix > config problem that Outlook has bumped into? Everything works fine for all my > other users so I'm not sure where to look. I'm happy to provide additional > info or config settings. > > We're running postfix 2.10.2 and dovecot 2.2.9 via macports on OS X 10.7.5. > > $ postconf -n > broken_sasl_auth_clients = yes > command_directory = /opt/local/sbin > config_directory = /opt/local/etc/postfix > daemon_directory = /opt/local/libexec/postfix > data_directory = /opt/local/var/lib/postfix > debugger_command = > PATH=/opt/local/bin:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > default_privs = nobody > delay_warning_time = 4h > dovecot_destination_recipient_limit = 1 > dspam-lmtp_destination_recipient_limit = 1 > home_mailbox = Maildir/ > html_directory = no > inet_protocols = ipv4 > mail_owner = _postfix > mailq_path = /opt/local/bin/mailq > manpage_directory = /opt/local/share/man > message_size_limit = 51200000 > mydestination = $myhostname, localhost.$mydomain, localhost > myhostname = mailbox.dop.com > mynetworks = 192.168.0.0/23, 127.0.0.0/8, 50.56.203.34, 198.101.248.79, > 198.101.238.188 > myorigin = $mydomain > newaliases_path = /opt/local/bin/newaliases > postscreen_access_list = permit_mynetworks, > cidr:/opt/local/etc/postfix/postscreen_access.cidr > postscreen_bare_newline_action = enforce > postscreen_bare_newline_enable = yes > postscreen_blacklist_action = drop > postscreen_dnsbl_action = enforce > postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 > bl.spameatingmonkey.net*2 dnsbl.ahbl.org*2 bl.spamcop.net dnsbl.sorbs.net > psbl.surriel.com bl.mailspike.net swl.spamhaus.org*-4 > postscreen_dnsbl_threshold = 3 > postscreen_greet_action = enforce > postscreen_non_smtp_command_enable = yes > postscreen_pipelining_action = enforce > postscreen_pipelining_enable = yes > proxy_interfaces = 70.167.15.110 > queue_directory = /opt/local/var/spool/postfix > readme_directory = /opt/local/share/postfix/readme > sample_directory = /opt/local/share/postfix/sample > sendmail_path = /opt/local/sbin/sendmail > setgid_group = _postdrop > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_non_fqdn_helo_hostname > smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_non_fqdn_sender, reject_non_fqdn_recipient, > reject_unknown_sender_domain, reject_unknown_recipient_domain, > reject_unauth_pipelining, reject_unauth_destination, > reject_unlisted_recipient, check_recipient_access > pcre:/opt/local/etc/postfix/recipient_checks.pcre, check_helo_access > hash:/opt/local/etc/postfix/helo_checks, check_sender_access > hash:/opt/local/etc/postfix/sender_checks, check_client_access > hash:/opt/local/etc/postfix/client_checks, check_client_access > pcre:/opt/local/etc/postfix/fqrdns.pcre, reject_rhsbl_client > dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo > dbl.spamhaus.org, check_client_access > pcre:/opt/local/etc/postfix/dspam_filter_access > smtpd_reject_unlisted_sender = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = permit_mynetworks, reject_unknown_address > smtpd_tls_cert_file = /opt/local/etc/postfix/ssl/certs/postfix.cert > smtpd_tls_key_file = /opt/local/etc/postfix/ssl/private/postfix.key > smtpd_tls_loglevel = 1 > smtpd_tls_security_level = may > tls_random_source = dev:/dev/urandom > transport_maps = hash:/opt/local/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > vacation_destination_recipient_limit = 1 > virtual_alias_maps = > proxy:mysql:/opt/local/etc/postfix/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:_vmail > virtual_mailbox_base = /Volumes/mail/vmail/ > virtual_mailbox_domains = > mysql:/opt/local/etc/postfix/mysql_virtual_mailbox_domains.cf > virtual_mailbox_maps = > proxy:mysql:/opt/local/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = _vmail > virtual_transport = dovecot > virtual_uid_maps = static:_vmail > > Thanks, > -Terry > > Terry Barnum > digital OutPost > http://www.dop.com >
