Question

Recipient address rejected: Relay access denied. How do I fix this?

Asked by: hyperion8

I have a Fedora Core 7 server using Postfix SMTP server I am getting the following error when I try to send an email via an email client (thunderbird/outlook):

The mail server responded 5.7.1: Recipient address rejected: Relay access denied.

I can receive mail fine, just not send.  In email client I have selected authentication for outgoing using full email address as username.

Below is the output of my main.cf and master.cf as well as the output of the maillog when I attempt to send a message.

Can anyone help me fix this error so I can send mail? Thanks!

Output of tail -f /var/log/maillog:
 
Mar 29 18:15:53 ip-72-167-163-127 postfix/smtpd[11644]: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in
Mar 29 18:15:53 ip-72-167-163-127 postfix/smtpd[11644]: connect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 18:15:53 ip-72-167-163-127 postfix/smtpd[11644]: setting up TLS connection from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 18:15:55 ip-72-167-163-127 postfix/smtpd[11644]: Anonymous TLS connection established from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 29 18:15:55 ip-72-167-163-127 postfix/smtpd[11644]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Mar 29 18:15:55 ip-72-167-163-127 postfix/smtpd[11644]: NOQUEUE: reject: RCPT from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: 554 5.7.1 <[email address]>: Recipient address rejected: Relay access denied; from=<[email address]> to=<[email address]> proto=ESMTP helo=<[127.0.0.1]>
Mar 29 18:15:57 ip-72-167-163-127 postfix/smtpd[11644]: disconnect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
 
 
main.cf
 
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.6/samples
readme_directory = /usr/share/doc/postfix-2.3.6/README_FILES
smtpd_sasl_local_domain = 
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces permit_sasl_authenticated check_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
relayhost = k2smtpout.secureserver.net
myorigin = $mydomain
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
 
 
master.cf
 
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd -o content_filter=spamassassin
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       nqmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamassassin
          unix  -       n       n       -       -       pipe
  user=nobody argv=/usr/bin/spamc -f
                   -e /usr/sbin/sendmail.postfix 
                   -oi -f ${sender} ${recipient}
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
discard   unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap
                                  
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:

Select allOpen in new window

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-03-29 at 18:20:23ID23280159
Tags

Fedora Core 7

,

Postfix

,

2.5.1

,

Linux

,

5.7.1: Recipient address rejected: Relay access denied.

Topics

Simple Mail Transfer Protocol (SMTP)

,

Linux Networking

,

Email Servers

Participating Experts
1
Points
500
Comments
23

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Fedora Core 5 Configuration as SMTP Relay
    I'm trying to configure a few Fedora Core 5 computers to act as SMTP relay servers. However, I've never used Linux for that before, so I'm not sure where to start. My question is: what is the best (free) program to use as an SMTP relay, and how do I configure it to relay mail...
  2. SMTP Relay
    Ok, I know this has probably been answered 1000 time here, but humor me as I make sure I understand Exchange 2000 SMTP Relay. I have and exchange server sitting on my active directory domain, domain1.com and domain2.com. My domain is behind a firewall via NAT. Domain1...
  3. exchange - smtp  - relaying
    exchange server 2003 (upgraded from 2000) before upgrade this situation was working Here is situation : If i use outlook, outlook express, Thunderbird(pop and smtp) to send mail, mail is delivered everywhere so from the point of regular user mail is working. but if i u...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: cohenphilPosted on 2008-03-29 at 20:27:46ID: 21239479

i've been monitoring both your questions.
Can you confirm ps saslauthd has been started (wax | grep saslauthd.)

You should get a result similar to
942?      S    1:07 /usr/sbin/saslauthd -m /var/run/saslauthd/mux  -a shadow

Could you also repost your entire main.cf  with comments included(im trying to work out if you just have bad formatting or your actually missing some Varibals , its a little hard to follow :) )

eg. in this config your missing "mydomain" yet on line 48 you reference myorigin = $mydomain (however in your other question [http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/Email/SMTP/Q_23278991.html]
you have mydomain defined on line3 ?? -- which should just be your FQDN i might add.)
then you should define your host name using myhostname = mail.[mydomain.net]

once again in this config i dont see mynetworks?.... Maybe i should wait until i get the current config :) however i'll keep posting whilst its fresh in my mind

Now for your SASL config.. firstly try and keep it all together (makes it easy to diag and refer to incase you need to check the config - rather than me(you) having to scroll up and down looking for all your settings. Whilst im at it, are you sure your line 33 is correct?
i think it should read: smtpd_sasl_local_domain = $myhostname

So formatted nicely it should read..
# ENABLE SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

Now i also dont see any section for relay_domains  (maybe you have it commented out so Its not posted..? either way please paste this below  "relay_domains = "
smtpd_recipient_restrictions =  permit_sasl_authenticated,  permit_mynetworks, check_relay_domains

Ok now save and reload postfix.

Try again and let me know your results... (dont forget to give me your complete main.cf

cCheers,
Phil

p.s Do i get points for both questions if i solve it :)



 

by: hyperion8Posted on 2008-03-29 at 21:31:11ID: 21239605

Thanks for your response. Yes I have changed the config since my first post, sorry!  It looks like the service is started.

9340       root       /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
9341       root       /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2

I made the changes you suggested but got the same error.  Here is the entire main.cf.

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
mydomain = ip-72-167-163-127.ip.secureserver.net
hostname = mail.pharmati.net
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.6/samples
readme_directory = /usr/share/doc/postfix-2.3.6/README_FILES
 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
relay_domains = 
smtpd_recipient_restrictions =  permit_sasl_authenticated,  permit_mynetworks, check_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
relayhost = k2smtpout.secureserver.net
myorigin = $mydomain
smtpd_use_tls = yes
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:

Select allOpen in new window

 

by: cohenphilPosted on 2008-03-29 at 22:09:31ID: 21239684

have you added your credentials to /etc/postfix/sasl_passwd ?

say your  username is hyperion and your password is secretpass.

open /etc/postfix/sasl_passwd and add your credentials. so when you have saved it check it was cat

cat /etc/postfix/sasl_passwd
you should get
k2smtpout.secureserver.net      hyperion:secretpass

 

by: cohenphilPosted on 2008-03-29 at 22:29:40ID: 21239723

Oh yeah whoops you'll need to enable sasl server auth support too!!!

add the following!

# SASL SERVERS AUTH
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

 

by: cohenphilPosted on 2008-03-29 at 22:30:45ID: 21239725

and of course RELOAD postfix!! with: postfix reload

Try again :)

 

by: hyperion8Posted on 2008-03-29 at 22:32:59ID: 21239730

Ok, I'll give that a try, but why would I want to put my password in there? I want the authentication to be checked when a user logs in through smtp.

 

by: hyperion8Posted on 2008-03-29 at 22:37:13ID: 21239739

ok still getting that 5.7.1 error after trying that.

 

by: hyperion8Posted on 2008-03-29 at 22:48:52ID: 21239762

here is what the log is saying when I try to send an email

Mar 29 22:47:15 ip-72-167-163-127 postfix/smtpd[15708]: connect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 22:47:15 ip-72-167-163-127 postfix/smtpd[15708]: setting up TLS connection from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 22:47:15 ip-72-167-163-127 postfix/smtpd[15708]: Anonymous TLS connection established from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 29 22:47:16 ip-72-167-163-127 postfix/smtpd[15708]: NOQUEUE: reject: RCPT from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: 554 5.7.1 <[email address]>: Recipient address rejected: Relay access denied; from=<[email address]> to=<[email address]> proto=ESMTP helo=<[127.0.0.1]>
Mar 29 22:47:17 ip-72-167-163-127 postfix/smtpd[15708]: disconnect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
                                              
1:
2:
3:
4:
5:

Select allOpen in new window

 

by: cohenphilPosted on 2008-03-29 at 23:17:32ID: 21239796

please change mydomain = ip-72-167-163-127.ip.secureserver.net
 to
mydomain = pharmati.net

and directly under it to MYhostname instead of just hostname

I've got to hit the hay - im buggered.. (i'll pick this up in the morn) sorry

cheers,phil

 

by: hyperion8Posted on 2008-03-29 at 23:22:02ID: 21239803

ok ill give that a try. thanks for all your help so far.

 

by: hyperion8Posted on 2008-03-29 at 23:32:10ID: 21239817

ok same result after doing that.  I tried this, I added a domain name in the relay_domains line, such as

relay_domains = gmail.com

When I do that, I am able to send an email to a gmail address.

So how do I set relay_domains to allow ALL/ANY domains?

 

by: hyperion8Posted on 2008-03-29 at 23:35:02ID: 21239820

and setting it to "relay_domains = all" doesnt work

 

by: hyperion8Posted on 2008-03-29 at 23:36:00ID: 21239821

nor does leaving it blank

 

by: cohenphilPosted on 2008-03-30 at 16:05:41ID: 21242309

the reason you're not able to relay is that your still not authenticating.

when I connect to your server via telnet I dont see any
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

which is displayed when your server offers the use of SMTP AUTH .

Im thinking SASL isnt configured correctly still!

please post config again :)

 

by: hyperion8Posted on 2008-03-30 at 16:23:42ID: 21242357

ok heres the latest. I made some changes since last time, just trying different things.

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
mydomain = pharmati.net
myhostname = mail.pharmati.net
inet_interfaces = all
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.6/samples
readme_directory = /usr/share/doc/postfix-2.3.6/README_FILES
smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_security_options =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, csns01.$mydomain
relay_domains = $inet_interfaces, $myhostname, $mydestination, gmail.com
smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sender_restrictions = permit
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
relayhost = k2smtpout.secureserver.net
myorigin = $mydomain
smtpd_use_tls = yes
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:

Select allOpen in new window

 

by: cohenphilPosted on 2008-03-30 at 20:29:50ID: 21243023

one thing i forgot to ask: what are you trying to authenticate your users against? LDAP ,System accounts, an mySql db etc?

since  I just noticed your saslauthd is running with PAM. (/usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 )  
have you configured smtpd.conf with the following contents:
pwcheck_method: pam

then in your main.cf add
smtpd_sasl_path = smtpd

also, please hash out line 26. smtp_sasl_auth_enable = yes (you have it above on line 23

 

by: cohenphilPosted on 2008-03-30 at 20:35:08ID: 21243043

alternatively since saslauthd is running as root lets try configuring it to use shadow
Can you oince again edit smtpd.conf with the following contents:
pwcheck_method: saslauthd

and launch saslauthd like this
/usr/sbin/saslauthd -m /var/run/saslauthd/  -a shadow
 reload postfix and try again

Sorry about all the config changes.. I think your system is running 1/2 one auth method and 1/2 another :)

any chance of remote access ;)

 

by: cohenphilPosted on 2008-03-30 at 20:39:55ID: 21243052

Ok lets get back to basics and make sure saslauthd is working
you should also be able to test your saslauthd with
testsaslauthd -u username -p password

you should get
 0: OK "Success."

please advise if this workss.

 

by: hyperion8Posted on 2008-03-30 at 20:51:18ID: 21243076

Im just trying to authenticate them based on their email address/password for their email account. I made all the changes you suggested and still getting the relay error. How can I send you info for remote access? Dont want to post it here.

 

by: hyperion8Posted on 2008-03-30 at 20:56:41ID: 21243090

and when I did the testsaslauthd, I did get 0: OK "Success."

 

by: cohenphilPosted on 2008-03-30 at 21:10:52ID: 21243120

check my profile for a link to contact me. Pass it through there and i'll take a look

Glad the testsaslauth is working.

I'm about to head into work for a while so I might have to get back to you in a bit.. Lets hope we can nut this one out within the next 24hrs.

Cheers,
Phil

 

by: hyperion8Posted on 2008-03-30 at 21:12:41ID: 21243125

ok ill send over the info. thanks for all your help.

 

by: cohenphilPosted on 2008-04-04 at 14:12:35ID: 21285689

Ok so the main problem was that postfix was installed without AUTH support (cyrus-sasl)

Since there was no way for a client to authenticate 
(this system is configured to deny relay emails unless user is authenticated, which is configured in the line

smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, check_relay_domains

to fix this the only was that worked was to remove postfix via yum and then recompile postfix SRPM with the extra cyrus-sasl support (here is an edited copy/paste from my history file to save time with a few #comments

#get latest version of postfix source
   71  wget http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.1-1.src.rpm
  73  cd /usr/src
   74  ls
   81  mkdir redhat
   82  cd redhat/
   83  mkdir SOURCES
   86  rpm -ivh postfix-2.5.1-1.src.rpm
   87  cd /usr/src/redhat/SOURCES/

# set the required build options
   88  export POSTFIX_MYSQL_REDHAT=1
   89  export POSTFIX_SASL=2

   90  chmod 744 make-postfix.spec
   91  ./make-postfix.spec
 
 92  cd ..
 93  cd SPECS/

#Build the source into and RPM
#note I had to install rpmbuild, openldap-devel and db4-devel
   
  100  rpmbuild -ba postfix.spec  
# this took a little while
 
#install the built rpm
101  cd ..
  102  cd RPMS/
  103  cd i386/
  105  rpm -ivh postfix-2.5.1-1.mysql.sasl2.fc7.i386.rpm --replacefiles
  106  service postfix restart




Then configured support for auth in main.cf adding:
 'smtpd_sasl_local_domain ='
'smtpd_sasl_auth_enable = yes'
 'smtpd_sasl_security_options = noanonymous'
'broken_sasl_auth_clients = yes'
'smtpd_recipient_restrictions permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
 'inet_interfaces = all'
 'mynetworks = 127.0.0.0/8'


Confirmed TLS support was enabled (hyperion8 had already set this up)
'smtpd_tls_auth_only = no'
'smtp_use_tls = yes'
'smtpd_use_tls = yes'
'smtp_tls_note_starttls_offer = yes'
'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
'smtpd_tls_loglevel = 1'
'smtpd_tls_received_header = yes'
'smtpd_tls_session_cache_timeout = 3600s'
'tls_random_source = dev:/dev/urandom'
'smtpd_sasl_authenticated_header = yes'

Reloaded postfix config and restarted postfix and saslauthd

Grabbed a copy of saslfinger to do some testing / diag
wget http://postfix.state-of-mind.de/patrick.koetter/saslfinger/saslfinger-1.0.2.tar.gz

Extracted and installed
gzip -d saslfinger-1.0.2.tar.gz
tar xf saslfinger-1.0.2.tar
cd saslfinger-1.0.2
chmod 755 install.sh
./install.sh
Ran both server and client config diag.
saslfinger -c
saslfinger -s

Found i was missing some config settings 
added password maps to the config.
 (smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd      )
reloaded postfix config

Checked logs for errors
watch tail -f /var/log/messages

set client to use outgoing authentication (for some reason we couldnt get outlook express or outlook 2007 working. outlook 2003 and thunderbird worked perfectly.


I think thats all that we needed to get it going -- Hyperion8 please post if you think of anything else.
Cheers,
Phil

main.cf
 
command_directory = /usr/sbin		
daemon_directory = /usr/libexec/postfix		
unknown_local_recipient_reject_code = 550		
alias_maps = hash:${config_directory}/aliases	hash:/etc/mailman/aliases	hash:${config_directory}/turbopanel/aliases
alias_database = hash:/etc/postfix/aliases		
debug_peer_level = 2		
 		
debugger_command =		
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin		
         xxgdb $daemon_directory/$process_name $process_id & sleep 5		
 		
mydomain = DOMAIN.com	
myhostname = mail.domain.com 		
inet_interfaces = all		
sendmail_path = /usr/sbin/sendmail.postfix		
newaliases_path = /usr/bin/newaliases.postfix		
mailq_path = /usr/bin/mailq.postfix		
setgid_group = postdrop		
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html		
manpage_directory = /usr/share/man		
sample_directory = /usr/share/doc/postfix-2.3.6/samples		
readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme		
#smtp_sasl_auth_enable = yes		
smtpd_sasl_path = smtpd		
smtpd_sasl_type = cyrus		
smtpd_sasl_auth_enable = yes		
smtpd_sasl_security_options = noanonymous		
smtpd_sasl_local_domain = 		
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd		
broken_sasl_auth_clients = yes		
mydestination = $myhostname	localhost.$mydomain	localhost
relay_domains = 		
smtpd_recipient_restrictions = permit_sasl_authenticated	permit_mynetworks	check_relay_domains
smtpd_tls_auth_only = no		
smtp_use_tls = yes		
smtp_tls_note_starttls_offer = yes		
smtpd_tls_key_file = ${config_directory}/ssl/post.pem		
smtpd_tls_cert_file = ${config_directory}/ssl/post.pem		
smtpd_tls_CAfile = ${config_directory}/ssl/post.pem		
smtpd_tls_loglevel = 3		
smtpd_tls_received_header = yes		
smtpd_sender_restrictions = permit		
smtpd_tls_session_cache_timeout = 3600s		
tls_random_source = dev:/dev/urandom		
smtpd_sasl_authenticated_header = yes		
relayhost = k2smtpout.secureserver.net		
myorigin = $mydomain		
smtpd_use_tls = yes		
queue_directory = /var/spool/postfix		
mail_owner = postfix		
data_directory = /var/lib/postfix		
mynetworks = 127.0.0.0/8		
virtual_mailbox_domains = hash:${config_directory}/virtual_domains	hash:${config_directory}/turbopanel/virtual_domains	
virtual_alias_maps = hash:${config_directory}/virtual_alias	hash:/etc/mailman/virtual-mailman	hash:${config_directory}/turbopanel/virtual_alias
virtual_mailbox_maps = ${virtual_alias_maps}		
sender_canonical_maps = hash:${config_directory}/sender_canonical	hash:${config_directory}/turbopanel/sender_canonical	
tls_random_exchange_name = /var/run/prng_exch		
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp		
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp		
recipient_delimiter = +		
owner_request_special = no		
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:

Select allOpen in new window

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...