On Wed, 05 Feb 2014 02:11:35 +0100 "li...@rhsoft.net" <li...@rhsoft.net> wrote:
> yes, but you provided only one log line which has no evidence that > your client used the submission port (587) *and* authentication as > well as you did not state your submission config in the inital posting I must give the client SMTP Port 587? > you only overwrite "smtpd_recipient_restrictions" in master.cf > but you have other restrictions enabled and "Client host rejected: > cannot find your hostname" is pretty sure from your global > "smtpd_client_restrictions" as well you do not want > your global "smtpd_helo_restrictions" on submission I has change now the restrictons what stand in postfix site. Now i become a relay denied. <mail.log> Feb 5 15:47:38 ks3374456 postfix/smtpd[7063]: connect from unknown[46.115.116.23] Feb 5 15:47:40 ks3374456 postfix/smtpd[7063]: Anonymous TLS connection established from unknown[46.115.116.23]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Feb 5 15:47:42 ks3374456 postfix/smtpd[7063]: NOQUEUE: reject: RCPT from unknown[46.115.116.23]: 554 5.7.1 <unknown[46.115.116.23]>: Client host rejected: Access denied; from=<webmas...@silviosiefke.com> to=<siefkesil...@gmail.com> proto=ESMTP helo=<gentoomobile> Feb 5 15:47:44 ks3374456 postfix/smtpd[7063]: lost connection after RCPT from unknown[46.115.116.23] Feb 5 15:47:44 ks3374456 postfix/smtpd[7063]: disconnect from unknown[46.115.116.23] When i understand the debug log of dovecot correct, the Auth work correct. <dovecot-debug.log> Feb 05 15:47:39 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 05 15:47:39 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Feb 05 15:47:39 auth: Debug: auth client connected (pid=0) Feb 05 15:47:41 auth: Debug: client in: AUTH 1 CRAM-MD5 service=smtp nologin lip=37.187.103.194 rip=46.115.116.23 secured Feb 05 15:47:41 auth: Debug: client passdb out: CONT 1 cryptedpassword Feb 05 15:47:41 auth: Debug: client in: CONT<hidden> Feb 05 15:47:41 auth: Debug: passwd-file /var/vmail/auth.d/silviosiefke.com/passwd: Read 1 users in 0 secs Feb 05 15:47:41 auth: Debug: passwd-file(webmas...@silviosiefke.com,46.115.116.23): lookup: user=webmas...@silviosiefke.com file=/var/vmail/auth.d/silviosiefke.com/passwd Feb 05 15:47:41 auth: Debug: client passdb out: OK 1 user=webmas...@silviosiefke.com Or im wrong? ks3374456 postfix # postconf -n alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = no inet_protocols = ipv4 mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root master_service_disable = message_size_limit = 20480000 minimal_backoff_time = 300s mydestination = $myhostname, localhost.$mydomain myhostname = ks3374456.kimsufi.com mynetworks_style = subnet newaliases_path = /usr/bin/newaliases non_smtpd_milters = unix:/run/opendkim/opendkim.sock policyd-spf_time_limit = 3600 queue_directory = /var/spool/postfix queue_run_delay = 300s readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_client_restrictions = permit_mynetworks, reject smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_restrictions = reject_unknown_helo_hostname smtpd_milters = unix:/run/opendkim/opendkim.sock smtpd_recipient_restrictions = reject_unverified_recipient, permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, check_policy_service unix:private/policyd-spf, check_policy_service unix:private/postgrey smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/postfix/key/postfix.pem smtpd_tls_key_file = /etc/postfix/key/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache strict_rfc821_envelopes = yes unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = /etc/postfix/vhost virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 100 virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:5000 When port 587 mean submission port, then i can delete the SASL Auth Stuff in main.cf? > fix that above > > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_recipient_restrictions=reject_unknown_recipient_domain, > reject_non_fqdn_recipient, > permit_sasl_authenticated, > reject I has change, thank you for help and for your patience. :) Thank you for help & Nice Day Silvio
