> On 2022-01-17 at 20:09:55 UTC-0500 (Mon, 17 Jan 2022 20:09:55 -0500)
> Joe Acquisto-j4 <[email protected]>
> is rumored to have said:
>
>
>> Sorry for the garbled message. Looking for the config files, etc that
>> are normally requested.
>
>
> The non-default main.cf settings, formatted for human eyes:
> postconf -nf
>
> The master.cf settings, formatted for human eyes:
> postconf -Mf
>
>
>
>
> --
> Bill Cole
> [email protected] or [email protected]
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire
OK, here goes -
Using version 3.4.7 packaged by Suse. I use "fetchmail" to retrieve email via
imap one of which is gmail. The fetched mail is all sent to a local "off box"
machine, via postfix, spamassassin and clamav, all on the same server. The off
box machine let's call it "fubar", runs a rather dated groupware product I used
to support.
I send mail to one upstream provider They require authentication. Seem to have
successfully setup per user SASL authentication, with one "problem" remaining.
Since I would sometimes forget to check the gmail account, added that account
to fetchmail. It would deliver to fubar via the means described above, with a
unique fubar user, via the means mentioned above. It became convenient to
occasionally use the gmail account to test changes I might make to my local
system. That worked well, till now.
Now when I set "smtp_sender_dependent_authentication = yes" any email I send to
the gmail account from fubar, upon being "fetched", fails to deliver to "fubar"
with postfix reporting "501 Authentication failed" and the mail is deferred. If
I set "smtp_sender_dependent_authentication = no" and restart postfix, the
deferred mail is delivered. Any mail that arrives at the gmail account by any
other means delivers normally regardless of the value of
"smtp_sender_dependent_authentication".
Ultimately, I determined the attempt to authenticate to fubar happens with any
mail I send to the gmail account, where the "from" address is any valid user on
the fubar system. That includes test emails sent using swaks, via the same
upstream provider.
On the receiving end I can see logged information that shows fubar is
attempting to authenticate, which it does not attempt to do when sender
dependent authentication is not enabled. At least, not in any visible way or
even any configured way, While from the point of view of the professionals this
may "not be a real problem" perhaps for myriad uttered reasons including "WFT
dude"?, it still seems odd at the least. Probably it will be due to "something
you did and should have known better".
Below is output from postconf -Mf:
smtp inet n - n - - smtpd
-o content_filter=spamassassin
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamassassin unix - n n - - pipe flags=Rq
user=spamfilter argv=/usr/local/bin/spamass.sh -e /usr/sbin/sendmail -oi -f
${sender} -- ${recipient}
tlsmgr unix - - n 1000? 1 tlsmgr
postlog unix-dgram n - n - 1 postlogd
Below is output from postconf -Mf: (obfuscated)
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
compatibility_level = 2
content_filter =
daemon_directory = /usr/lib/postfix/bin/
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
defer_transports =
delay_warning_time = 1h
disable_dns_lookups = yes
disable_mime_output_conversion = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
maillog_file = /var/log/postfix.log
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 0
message_strip_characters = \0
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain
myhostname = myhostname.domain.com
mynetworks = aaa.bbb.0.221/32,aaa.bbb.0.222,aaa.bbb.0.211/32,127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_clientcerts =
relay_domains = $mydestination, hash:/etc/postfix/relay
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_enforce_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/postfix/ssl/certs/cacert.pem
smtp_tls_CApath = /etc/postfix/ssl/certs/
smtp_tls_cert_file = /etc/postfix/ssl/certs/pf-cert.pem
smtp_tls_key_file = /etc/postfix/ssl/certs/pf-key.pem
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database =
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions =
smtpd_delay_reject = yes
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_milters = unix:/var/run/clamav/clamav-milter.socket
smtpd_recipient_restrictions = permit_mynetworks
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/ssl/certs/cacert.pem
smtpd_tls_CApath = /etc/postfix/ssl/certs/
smtpd_tls_ask_ccert = no
smtpd_tls_cert_file = /etc/postfix/ssl/certs/pf-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/certs/pf-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
