Relay doubt
Hi! I have an Postfix as gateway for other domains (domain1, domain2, domain3). When domain1 send an e-mail to domain2, it goes to Postfix and then to domain2, and vice-versa. When domain2 send an e-mail to Internet, it goes to Postfix and then do the Internet. I want to know where to put the IPs of domain1 (2 and 3) to allow them to relay though Postfix. I put them in network_table mynetworks = hash:/etc/postfix/network_table /etc/postfix/network_table IP_DOMAIN_1 OK IP_DOMAIN_2 OK smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, check_client_access regexp:/etc/postfix/white_list_ip, permit smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_multi_recipient_bounce, reject_unauth_destination, check_sender_access regexp:/etc/postfix/white_list_from, check_recipient_access regexp:/etc/postfix/white_list_to, check_sender_access regexp:/etc/postfix/black_list_from, check_recipient_access regexp:/etc/postfix/black_list_to, check_client_access regexp:/etc/postfix/black_list_ip, check_client_access regexp:/etc/postfix/black_list_client_ip, check_policy_service inet:127.0.0.1:2501, permit smtpd_client_restrictions = regexp:/etc/postfix/ip-access, permit The problem is that the verifications in the check_sender_access and check_recipient_access is not in action, because the permit_mynetworks in the beginning smtpd_recipient_restrictions. I'm using postfix-2.5.6 compiled on Ubuntu 8.10. Regards, Rodrigo. -- M. Rodrigo Monteiro fale...@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: Relay doubt
> Okay, so move those restrictions above permit_mynetworks. When placing > check_sender_access restrictions above reject_unauth_destination in > smtpd_recipient_restrictions, you must be very careful not to return > OK in that table since that would make you an open relay. If the > restriction must apply for clients in mynetworks, I suggest you move > the restriction to smtpd_sender_restrictions instead. That way your > server cannot turn into an open relay (for that reason, anyway). > Hi! Since this server is the gateway for Internet too, how should be my smtpd_sender_restrictions, smtpd_recipient_restrictions and smtpd_client_restrictions to prevent relay from it, and still have the check_*_access working? Regards, Rodrigo. -- M. Rodrigo Monteiro fale...@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: Relay doubt
> Place check_sender_access in smtpd_sender_retrictions, probably > before permit_mynetworks unless you want to exempt local clients > from the checks. As long as smtpd_delay_reject = yes you can place > check_recipient_access in the same place, otherwise you need to keep > them in smtpd_recipient_restrictions (but again, possibly placed > above permit_mynetworks). Hi! Ok. The problem now is when I put the permit_mynetworks in the last in smtpd_recipient_restrictions, the domains are getting "Relay access denied". My question: why? Regards, Rodrigo. -- M. Rodrigo Monteiro fale...@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Postfix and LDAP disabled user
Hi! I'm reading the "Postfix: The Definitive Guide". Great book, BTW. In the LDAP configuration, I realise that the filter for the active users is "(&(mail=%s)(accountStatus=active))". In my LDAP schema (from Ubuntu slapd - core.schema, cosine.schema, nis.schema, misc.schema - and from Ubuntu Samba samba.schema) don't have the accountStatus attribute. When the user become disabled, what I saw in his attribute is the sambaAcctFlags changing from [U] to [UD]. I guess the D is for disabled. My question is: how can Postfix verify if the user is disabled in this configuration? Or should I change someting? Regards, Rodrigo. -- M. Rodrigo Monteiro fale...@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Compile error
Hi! I'm tryind to compile Postfix with Dovecot support. CentOS 5.5 Kernel 2.6.18-194.26.1.el5 Dovecot 2.0.8 Postfix 2.7.2 The make command: make -f Makefile.init makefiles \ 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DHAS_PCRE -I/usr/include -DHAS_DB -I/usr/include/db4 -DUSE_TLS -I/usr/include/openssl -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -I/usr/local/dovecot/include/dovecot' \ 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lpcre -L/usr/lib -ldb -L/usr/lib -lssl -lcrypto -l/usr/local/dovecot/lib/dovecot' This is the error: In file included from ctable.c:61: ./sys_defs.h:717:1: warning: "HAS_DB" redefined :1:1: warning: this is the location of the previous definition gcc -Wmissing-prototypes -Wformat -DHAS_MYSQL -I/usr/include/mysql -DHAS_PCRE -I/usr/include -DHAS_DB -I/usr/include/db4 -DUSE_TLS -I/usr/include/openssl -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -I/usr/local/dovecot/include/dovecot -g -O -I. -DLINUX2 -c dict.c In file included from dict.c:179: sys_defs.h:717:1: warning: "HAS_DB" redefined :1:1: warning: this is the location of the previous definition In file included from dict_ht.h:18, from dict.c:199: /usr/local/dovecot/include/dovecot/dict.h:43: error: expected declaration specifiers or ‘...’ before ‘pool_t’ /usr/local/dovecot/include/dovecot/dict.h:44: error: conflicting types for ‘dict_lookup’ dict.h:128: error: previous declaration of ‘dict_lookup’ was here /usr/local/dovecot/include/dovecot/dict.h:54: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘dict_iterate’ dict.c: In function ‘dict_eval_lookup’: dict.c:432: warning: passing argument 1 of ‘dict_lookup’ from incompatible pointer type dict.c:432: error: too few arguments to function ‘dict_lookup’ make: *** [dict.o] Error 1 make: *** [update] Error 1 Regards, Rodrigo.
Re: Compile error
On Wed, Dec 15, 2010 at 15:30, Victor Duchovni wrote: > -- > Viktor. > Thanks Viktor! With the makefile below, Postfix compile without even warning errors. make -f Makefile.init makefiles \ 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DHAS_PCRE -DUSE_TLS -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"' \ 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lpcre -ldb -lssl -lcrypto' Regards, Rodrigo.
DSN virus
Hi! In my Postfix (2.8.2), I want to send DSN when Amavisd-new (2.6.4) find a virus. Below is the log. Apr 8 10:17:35 SERVER amavis[12988]: (12988-09) Blocked INFECTED (Eicar-Test-Signature), [XXX.XXX.XXX.XXX] [XXX.XXX.XXX.XXX] -> , quarantine: virus-1rFPr7cPzGAO, Message-ID: <1302268654.16516.6.camel@rodrigo>, mail_id: 1rFPr7cPzGAO, Hits: -, size: 1146, 101 ms Apr 8 10:17:35 SERVER postfix/lmtp[8920]: E818C3EF80B5: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.16, delays=0.05/0/0/0.1, dsn=2.5.0, status=sent (250 2.5.0 Ok , DSN suppressed (554 5.7.0 Reject, id=12988-09 - INFECTED: Eicar-Test-Signature)) As you can see, the sender (me, in this case) don't recieve the message saying that he sent a virus. How can I configure this? Regards, Rodrigo. -- M. Rodrigo Monteiro "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: DSN virus
Hi! Thanks for all of your replies. Regards, Rodrigo. -- M. Rodrigo Monteiro "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Cyrus SASL Auth
Hi! I'm trying to setup an SMTP Gateway, with Postfix authenticating in Cyrus SASL. # postconf mail_version mail_version = 2.8.2 # postconf -a cyrus dovecot # /usr/local/cyrus-sasl/sbin/saslauthd -l -n 10 -a rimap -O imap_server # /usr/local/cyrus-sasl/sbin/testsaslauthd -u rodrigo.monteiro@mydmoain -p password 0: OK "Success." ### main.cf ### smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_sasl_path = smtpd cyrus_sasl_config_path = /usr/lib/sasl2/smtpd.conf smtp_sasl_path = /usr/lib/sasl2/smtpd.conf # # cat /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN saslauthd_path: /usr/local/cyrus-sasl/var/mux ### maillog ### May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication failure: Password verification failed ## What am I missing? Why Postfix is trying to use /etc/sasldb2 instead of saslauthd? Regards, Rodrigo. -- M. Rodrigo Monteiro "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: Cyrus SASL Auth
Hi Matthias! On Mon, May 30, 2011 at 09:12, Matthias Andree wrote: > The cyrus_sasl_config_path expects a directory, you've specified a file. > Check and correct that. Thanks, now it's: cyrus_sasl_config_path = /usr/lib/sasl2 smtp_sasl_path = /usr/lib/sasl2 > Note that a particular Cyrus version is required > for this to work, check man 5 postconf (or man -s 5 postconf). Cyrus SASL 2.1.22 or later. I'm using cyrus-sasl-2.1.23 > > Is Postfix reading the configuration the way you mean it? Check the > output of "postconf -n". Yes > > Is smtpd run in a chroot? Check master.cf. No: smtp inet n - n - - smtpd > > After all that: does your Cyrus installation really read its > configuration from /usr/lib/sasl2, or rather from /usr/local/lib/sasl2? > You haven't quoted relevant configuration to that extent. Try setting > a relative symlink: > ln -s ../../lib/sasl2 /usr/local/lib (be sure to update the chroot if > you use one!) > It's alredy a symbolic link. # ls -la /usr/lib/ | grep sasl2 lrwxrwxrwx 1 root root 31 May 27 17:21 sasl2 -> /usr/local/cyrus-sasl/lib/sasl2 # ls -la /usr/local/cyrus-sasl/lib/sasl2/ -rw-r--r-- 1 root root 96 May 29 18:12 smtpd.conf So, now it appears to be trying to connect to saslauthd, after I correct the path os smtpd.conf ### maillog ### May 30 09:28:27 sec56 postfix/smtpd[23554]: warning: unknown[200.194.105.195]: SASL PLAIN authentication failed: authentication failure May 30 09:28:33 sec56 postfix/smtpd[23554]: warning: unknown[200.194.105.195]: SASL LOGIN authentication failed: authentication failure # Why am I getting wrong password now? # /usr/local/cyrus-sasl/sbin/testsaslauthd -u rodrigo.monteiro@mydomain -p password 0: OK "Success." Regards, Rodrigo. -- M. Rodrigo Monteiro "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: Cyrus SASL Auth
> > > Why am I getting wrong password now? > It was missing the "-r" parameter in saslauthd. Problem resolved. Thanks for the help! Regards, Rodrigo. -- M. Rodrigo Monteiro "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: new alternative to spamassassin
Anyone tried? M. Rodrigo Monteiro "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Relay access denied 454 not 544
Hi. I wanna know why Postfix is reject mail with temp error (4xx) and not 5xx for Relay access denied. Here is the log: May 27 12:11:34 postfix/smtpd[31197]: NOQUEUE: reject: RCPT from mx2.mydomain.com.br[XXX.XXX.XXX.37]: 454 4.7.1 < return-58306-110-...@otherdomain.com.br>: Relay access denied; from=<> to=< return-58306-110-...@otherdomain.com.br> proto=ESMTP helo=< mx2.mydomain.com.br> Here is the conf: smtpd_recipient_restrictions = reject_multi_recipient_bounce, permit_mynetworks, reject_unauth_destination, permit # postconf relay_domains_reject_code relay_domains_reject_code = 554 This server is a content filter only. It recieves mail from 2 MXs (mx1 and mx2.mydomain.com), verify virus and spam, and relay to the destination. M. Rodrigo Monteiro <http://twitter.com/MarcioRodrigoM/> <http://www.facebook.com/mrodrigom/> <http://br.linkedin.com/pub/m%C3%A1rcio-rodrigo-de-oliveira-monteiro/28/491/3b8> <http://foursquare.com/marciorodrigom> "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730 Pense antes de imprimir. Think before printing. AVISO LEGAL Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial e/ou legalmente privilegiada. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. Fica desprovida de eficácia e validade a mensagem que contiver vínculos obrigacionais, expedida por quem não detenha poderes de representação. LEGAL ADVICE This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system. The message that bears any mandatory links, issued by someone who has no representation powers, shall be null or void.
Re: Relay access denied 454 not 544
2014-05-27 16:43 GMT-03:00 Wietse Venema : > > Maybe the SMTP server has soft_bounce turned on. > > # postconf soft_bounce soft_bounce = no > Maybe the server has logged a DNS temporary lookup error prior to > this reject. > > No. > Wietse >
Re: Relay access denied 454 not 544
2014-05-27 16:54 GMT-03:00 Viktor Dukhovni : > On Tue, May 27, 2014 at 04:38:31PM -0300, M. Rodrigo Monteiro wrote: > > > Hi. > > I wanna know why Postfix is reject mail with temp error (4xx) and not 5xx > > for Relay access denied. > > What version of Postfix is this? > > # postconf | grep mail_v mail_version = 2.11.1 > > Here is the conf: > > Generally, you should post the output of "postconf -n" rather than > just what you think is relevant. > > Ok. > > smtpd_recipient_restrictions = > > reject_multi_recipient_bounce, > > permit_mynetworks, > > reject_unauth_destination, > > permit > > > > # postconf relay_domains_reject_code > > relay_domains_reject_code = 554 > > With 2.10 or later, relay control is via smtpd_relay_restrictions. > > # postconf | grep smtpd_relay_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination It's it. Thanks. I didn't know that was changed. Thanks! In my scenario, should I use relay in transport_maps? Whats the diference between relay and smtp? MX -> Content Filter (this) -> Mailbox (Zimbra, Postfix or qmail) -- > Viktor. >
Re: Postfix has a bizarre dependency and does not start
2014-06-04 3:44 GMT-03:00 James Moe : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Port 126 is defined since port 25 is used by the main MTA. I am > using postfix as a local transport. > The port bind seems to be a IPv6 issue. Is there some way to prevent > that? > > inet_protocols = ipv4 - -- > James Moe > moe dot james at sohnen-moe dot com > 520.743.3936 > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.22 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlOOwGQACgkQzTcr8Prq0ZMzqQCcDJWTG/hN/+bty1j0mxw8qB2s > /SkAnAr1b4ld3MGM9KVKL/MW1k2/2IJJ > =ccCp > -END PGP SIGNATURE- >
Message size
Hi! This postfix act as a Relay. >From all servers, but one, the message size is 20MB. For these one it's 10MB # postconf message_size_limit message_size_limit = 20971520 Here is the telnet response from all servers # telnet relay 25 Trying XXX... Connected to XXX. Escape character is '^]'. 220 relay ESMTP Postfix ehlo teste 250-relay 250-PIPELINING 250-SIZE 20971520 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME quit Here is from just one spefic server # telnet relay 25 Trying XXX... Connected to relay Escape character is '^]'. 220 relay ESMTP Service ready ehlo server 250-Requested mail action okay, completed 250-SIZE 1000 250-ETRN 250-8BITMIME 250-STARTTLS 250 OK ^] telnet> quit Connection closed. The ehlo response from this specific server it's not equal too. What could be happening?
Re: Message size
2014-08-05 14:47 GMT-03:00 Noel Jones : > On 8/5/2014 12:23 PM, M. Rodrigo Monteiro wrote: >> Hi! >> >> This postfix act as a Relay. >> From all servers, but one, the message size is 20MB. For these one it's 10MB >> >> # postconf message_size_limit >> message_size_limit = 20971520 >> >> >> Here is the telnet response from all servers >> >> # telnet relay 25 >> Trying XXX... >> Connected to XXX. >> Escape character is '^]'. >> 220 relay ESMTP Postfix >> ehlo teste >> 250-relay >> 250-PIPELINING >> 250-SIZE 20971520 >> 250-ETRN >> 250-STARTTLS >> 250-ENHANCEDSTATUSCODES >> 250 8BITMIME >> quit >> > > OK, looks like normal postfix. Ok > > >> >> Here is from just one spefic server >> >> # telnet relay 25 >> Trying XXX... >> Connected to relay >> Escape character is '^]'. >> 220 relay ESMTP Service ready >> ehlo server >> 250-Requested mail action okay, completed >> 250-SIZE 1000 >> 250-ETRN >> 250-8BITMIME >> 250-STARTTLS >> 250 OK >> ^] >> telnet> quit >> Connection closed. >> > > And this doesn't look like postfix. Either there's some sort of > proxy interfering with SMTP, or this isn't connecting to the same > server. Maybe some security software or firewall on the oddball server? > Yes, I thought that too. But the first 220 replay with my Relay name (smtp2.tld.com) indicates otherwise, not? But, I'll investigate on that. Thanks. > > > -- Noel Jones
Re: Message size
Enabling debug for the Servers IP, here comes. Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250-ERLAY_HOST Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250-PIPELINING Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250-SIZE 20971520 Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250-ETRN Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250-STARTTLS Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250-ENHANCEDSTATUSCODES Aug 5 15:22:35 intsrv025 postfix/smtpd[1412]: > SERVER_HOST[SERVER_IP]: 250 8BITMIME So, the Relay it's responding OK. The problem for sure is on the Server.
Limit one forward do a specified user
Hi All! Currently, I use the forwards in /etc/aliases like this: # cat /etc/aliases forward1: user1 user2 forward2: user3 forward3: user1 user2 user3 I wanna know if I can limit the use of forward3, because I want to only the user9 send e-mail to forward3. All users can send e-mail to forward1 and forward2, but only user9 can send to forward3. Can I do that? How? I'm using Postfix 2.3.8. Regards, Rodrigo. -- M. Rodrigo Monteiro [EMAIL PROTECTED] "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: Limit one forward do a specified user
On Tue, Nov 4, 2008 at 17:06, Nikita Kipriyanov <[EMAIL PROTECTED]> wrote: > http://www.postfix.org/RESTRICTION_CLASS_README.html#internal > > You have to add forward3 into protected_destinations file, and user9 into > insiders file. My main.cf : smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/protected_destinations, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_multi_recipient_bounce, reject_unauth_destination, permit smtpd_client_restrictions = permit_mynetworks, permit smtpd_restriction_classes = insiders_only insiders_only = check_sender_access hash:/etc/postfix/insiders, reject # cat insiders [EMAIL PROTECTED] OK # cat protected_destinations [EMAIL PROTECTED] insiders_only With this configuration, all users are still able to send e-mail to [EMAIL PROTECTED] I did something wrong? Regards, Rodrigo. -- M. Rodrigo Monteiro [EMAIL PROTECTED] "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Re: Limit one forward do a specified user
Hi Brian. On Mon, Nov 10, 2008 at 12:14, Brian Evans - Postfix List <[EMAIL PROTECTED]> wrote: > Notice you put permit_mynetworks first. This wins over the > check_recipient_access if any client is within mynetworks.. > Also, recommend putting reject_unauth_destination right below > permit_sasl_authenticated to save DNS checks for relay mail you'll > reject anyway. The client isn't in mynetworks. # cat main.cf mynetworks = 127.0.0.0/8, LOCAL_IP_MACHINE The client is within the subnet, but the subnet isn't in the mynetworks. Regards, Rodrigo. -- M. Rodrigo Monteiro [EMAIL PROTECTED] "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
Bypass content_filter for some recipient
Hi! I'm running Postfix 2.11.1. I have amavisd-new as content filter (content_filter = amavisfeed:[127.0.0.1]:10024). I want to bypass this check (amavisd-new) for some recipient (mail to). It's for recipient, not for sender (mail from). How can I accomplish that? Using smtpd_recipient_restrictions? Please give me some example. Regards, Rodrigo.
Postfix and Cyrus SASL
>From command line, SASL Auth is working. The auth is from a remote zimbra (imap) server. Init saslauthd /usr/sbin/saslauthd -m /var/run/saslauthd -a rimap -O IP -r -l -n 10 # cat /etc/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login # testsaslauthd -u u...@domain.tld -p 'password' 0: OK "Success." As the log shows, Postfix is trying to auth from a local /etc/sasldb2 and not from the remote imap server as the log below shows. And in fact I'm monitoring Zimbra with tcpdump and it has no connection from the Postfix server. # tail -f /var/log/maillog Jan 9 10:35:29 DMZ postfix/submission/smtpd[16987]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Jan 9 10:35:29 DMZ postfix/submission/smtpd[16987]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Jan 9 10:35:29 DMZ postfix/submission/smtpd[16987]: warning: unknown[IP]: SASL LOGIN authentication failed: authentication failure Jan 9 10:35:31 DMZ postfix/submission/smtpd[16987]: disconnect from unknown[IP] # postconf -a cyrus dovecot # postconf -A cyrus # postconf -n alias_maps = broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix cyrus_sasl_config_path = /usr/lib/sasl2 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.1 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no relayhost = relay.domain.tld:25 sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_sasl_path = /usr/lib/sasl2 smtp_use_tls = yes smtpd_enforce_tls = no smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes smtpd_tls_cert_file = $config_directory/mails.cert smtpd_tls_key_file = $config_directory/mails.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_use_tls = yes # cat master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickupunix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix
Re: Postfix and Cyrus SASL
2015-01-09 11:01 GMT-03:00 Wietse Venema : > M. Rodrigo Monteiro: >> >From command line, SASL Auth is working. The auth is from a remote >> zimbra (imap) server. >> >> >> Init saslauthd >> /usr/sbin/saslauthd -m /var/run/saslauthd -a rimap -O IP -r -l -n 10 >> >> # cat /etc/sasl2/smtpd.conf > > Please show evidence that libsasl2 actually uses this file. > For example, strace the smtpd process as described in > http://www.postfix.org/DEBUG_README.html. > > Wietse Thanks for pointing that. I've linked smtpd.conf to /etc/postfix/sasl/smtpd.conf but forgot to do in the main directory: /usr/lib/sasl2/.
