Hi Wietse and Istvan,
thanks for pointing me to my error with the version. Was too busy
digging for information and overlooked the obvious.
I realized that my real problem is that SASL auth is not working. Would
like to get it from dovecot, but as long as it works I'm fine with
cyrus, too. However, none of my attempts worked. Could you guys please
take a look? Thanks!
I read http://www.postfix.org/SASL_README.html and
http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL. The latter seemed
to me the compact version of the first, so I followed it.
This is my current config:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
mydestination = mydomain.com, localhost.localdomain, localhost
myhostname = mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# postconf -a
cyrus
dovecot
and
# grep -v "\#" /etc/dovecot/conf.d/10-master.conf
[...]
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
Regards and groeten
Nathan
Am 20.12.2014 um 04:22 schrieb Wietse Venema:
Jonathan Hermann:
Hi folks,
would like to ask for help with a "relay access denied" problem. We're
talking about postfix 2.9.6 on an ubuntu server.
...
smtpd_relay_restrictions=permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
As documented, "This feature is available in Postix 2.10 and later."
So you need to place that in smtpd_recipient_restrictions.
So, currently I left it with recipient_restrictions.
As far as I understand, this is the point where I need to tweak my
config. But I just can't figure out what exactly I need to set.
Does Thunderbird client authenticate to Postfix with SASL? Should
it authenticate with SASL?
If Thunderbird cannot authenticate with SASL, then its IP address
needs to match "mynetworks" (look at output from the Postfix command
"postconf mynetworks", and adjust the main.cf mynetwork settings
if needed). This parameter is also described in the postconf.5.html
page.
Wietse
