Advertisement

03.29.2008 at 06:20PM PDT, ID: 23280159
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.8
Recipient address rejected: Relay access denied. How do I fix this?
Zones: Simple Mail Transfer Protocol (SMTP), Linux Networking, Email Servers
Tags: Fedora Core 7, Postfix, 2.5.1, Linux, 5.7.1: Recipient address rejected: Relay access denied.
I have a Fedora Core 7 server using Postfix SMTP server I am getting the following error when I try to send an email via an email client (thunderbird/outlook):

The mail server responded 5.7.1: Recipient address rejected: Relay access denied.

I can receive mail fine, just not send.  In email client I have selected authentication for outgoing using full email address as username.

Below is the output of my main.cf and master.cf as well as the output of the maillog when I attempt to send a message.

Can anyone help me fix this error so I can send mail? Thanks!
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:

Output of tail -f /var/log/maillog:
 
Mar 29 18:15:53 ip-72-167-163-127 postfix/smtpd[11644]: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in
Mar 29 18:15:53 ip-72-167-163-127 postfix/smtpd[11644]: connect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 18:15:53 ip-72-167-163-127 postfix/smtpd[11644]: setting up TLS connection from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 18:15:55 ip-72-167-163-127 postfix/smtpd[11644]: Anonymous TLS connection established from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 29 18:15:55 ip-72-167-163-127 postfix/smtpd[11644]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Mar 29 18:15:55 ip-72-167-163-127 postfix/smtpd[11644]: NOQUEUE: reject: RCPT from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: 554 5.7.1 <[email address]>: Recipient address rejected: Relay access denied; from=<[email address]> to=<[email address]> proto=ESMTP helo=<[127.0.0.1]>
Mar 29 18:15:57 ip-72-167-163-127 postfix/smtpd[11644]: disconnect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
 
 
main.cf
 
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.6/samples
readme_directory = /usr/share/doc/postfix-2.3.6/README_FILES
smtpd_sasl_local_domain = 
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces permit_sasl_authenticated check_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
relayhost = k2smtpout.secureserver.net
myorigin = $mydomain
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
 
 
master.cf
 
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd -o content_filter=spamassassin
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       nqmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamassassin
          unix  -       n       n       -       -       pipe
  user=nobody argv=/usr/bin/spamc -f
                   -e /usr/sbin/sendmail.postfix 
                   -oi -f ${sender} ${recipient}
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
discard   unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap
Start your free trial to view this solution
Question Stats
Zone: Networking
Question Asked By: hyperion8
Solution Provided By: cohenphil
Participating Experts: 1
Solution Grade: A
Views: 248
Translate:
Loading Advertisement...
03.29.2008 at 08:27PM PDT, ID: 21239479
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 09:31PM PDT, ID: 21239605
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 10:09PM PDT, ID: 21239684
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 10:29PM PDT, ID: 21239723
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 10:30PM PDT, ID: 21239725
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 10:32PM PDT, ID: 21239730
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 10:37PM PDT, ID: 21239739
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 10:48PM PDT, ID: 21239762
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 11:17PM PDT, ID: 21239796
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 11:22PM PDT, ID: 21239803
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 11:32PM PDT, ID: 21239817
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 11:35PM PDT, ID: 21239820
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.29.2008 at 11:36PM PDT, ID: 21239821
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 04:05PM PDT, ID: 21242309
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 04:23PM PDT, ID: 21242357
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 08:29PM PDT, ID: 21243023
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 08:35PM PDT, ID: 21243043
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 08:39PM PDT, ID: 21243052
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 08:51PM PDT, ID: 21243076
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 08:56PM PDT, ID: 21243090
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 09:10PM PDT, ID: 21243120
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.30.2008 at 09:12PM PDT, ID: 21243125
hyperion8:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.04.2008 at 02:12PM PDT, ID: 21285689
cohenphil:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Handhelds / PDAs
  • Displays / Monitors
  • Components
  • Networking Hardware
  • Peripherals
  • Laptops/Notebooks
  • Storage
  • Servers
  • Desktops
  • New Users
  • Misc
  • Apple
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMWare
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMWare
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Community Advisor
  • Lounge
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • Community Advisor
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
03.29.2008 at 08:27PM PDT, ID: 21239479
cohenphil:
i've been monitoring both your questions.
Can you confirm ps saslauthd has been started (wax | grep saslauthd.)

You should get a result similar to
942?      S    1:07 /usr/sbin/saslauthd -m /var/run/saslauthd/mux  -a shadow

Could you also repost your entire main.cf  with comments included(im trying to work out if you just have bad formatting or your actually missing some Varibals , its a little hard to follow :) )

eg. in this config your missing "mydomain" yet on line 48 you reference myorigin = $mydomain (however in your other question [http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/Email/SMTP/Q_23278991.html]
you have mydomain defined on line3 ?? -- which should just be your FQDN i might add.)
then you should define your host name using myhostname = mail.[mydomain.net]

once again in this config i dont see mynetworks?.... Maybe i should wait until i get the current config :) however i'll keep posting whilst its fresh in my mind

Now for your SASL config.. firstly try and keep it all together (makes it easy to diag and refer to incase you need to check the config - rather than me(you) having to scroll up and down looking for all your settings. Whilst im at it, are you sure your line 33 is correct?
i think it should read: smtpd_sasl_local_domain = $myhostname

So formatted nicely it should read..
# ENABLE SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

Now i also dont see any section for relay_domains  (maybe you have it commented out so Its not posted..? either way please paste this below  "relay_domains = "
smtpd_recipient_restrictions =  permit_sasl_authenticated,  permit_mynetworks, check_relay_domains

Ok now save and reload postfix.

Try again and let me know your results... (dont forget to give me your complete main.cf

cCheers,
Phil

p.s Do i get points for both questions if i solve it :)



 
03.29.2008 at 09:31PM PDT, ID: 21239605
hyperion8:
Thanks for your response. Yes I have changed the config since my first post, sorry!  It looks like the service is started.

9340       root       /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
9341       root       /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2

I made the changes you suggested but got the same error.  Here is the entire main.cf.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
mydomain = ip-72-167-163-127.ip.secureserver.net
hostname = mail.pharmati.net
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.6/samples
readme_directory = /usr/share/doc/postfix-2.3.6/README_FILES
 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
relay_domains = 
smtpd_recipient_restrictions =  permit_sasl_authenticated,  permit_mynetworks, check_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
relayhost = k2smtpout.secureserver.net
myorigin = $mydomain
smtpd_use_tls = yes
Open in New Window
 
03.29.2008 at 10:09PM PDT, ID: 21239684
cohenphil:
have you added your credentials to /etc/postfix/sasl_passwd ?

say your  username is hyperion and your password is secretpass.

open /etc/postfix/sasl_passwd and add your credentials. so when you have saved it check it was cat

cat /etc/postfix/sasl_passwd
you should get
k2smtpout.secureserver.net      hyperion:secretpass
 
03.29.2008 at 10:29PM PDT, ID: 21239723
cohenphil:
Oh yeah whoops you'll need to enable sasl server auth support too!!!

add the following!

# SASL SERVERS AUTH
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
 
03.29.2008 at 10:30PM PDT, ID: 21239725
cohenphil:
and of course RELOAD postfix!! with: postfix reload

Try again :)
 
03.29.2008 at 10:32PM PDT, ID: 21239730
hyperion8:
Ok, I'll give that a try, but why would I want to put my password in there? I want the authentication to be checked when a user logs in through smtp.
 
03.29.2008 at 10:37PM PDT, ID: 21239739
hyperion8:
ok still getting that 5.7.1 error after trying that.
 
03.29.2008 at 10:48PM PDT, ID: 21239762
hyperion8:
here is what the log is saying when I try to send an email
1:
2:
3:
4:
5:

Mar 29 22:47:15 ip-72-167-163-127 postfix/smtpd[15708]: connect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 22:47:15 ip-72-167-163-127 postfix/smtpd[15708]: setting up TLS connection from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Mar 29 22:47:15 ip-72-167-163-127 postfix/smtpd[15708]: Anonymous TLS connection established from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 29 22:47:16 ip-72-167-163-127 postfix/smtpd[15708]: NOQUEUE: reject: RCPT from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]: 554 5.7.1 <[email address]>: Recipient address rejected: Relay access denied; from=<[email address]> to=<[email address]> proto=ESMTP helo=<[127.0.0.1]>
Mar 29 22:47:17 ip-72-167-163-127 postfix/smtpd[15708]: disconnect from 216-164-169-108.c3-0.tlg-ubr4.atw-tlg.pa.cable.rcn.com[216.164.169.108]
Open in New Window
 
03.29.2008 at 11:17PM PDT, ID: 21239796
cohenphil:
please change mydomain = ip-72-167-163-127.ip.secureserver.net
 to
mydomain = pharmati.net

and directly under it to MYhostname instead of just hostname

I've got to hit the hay - im buggered.. (i'll pick this up in the morn) sorry

cheers,phil
 
03.29.2008 at 11:22PM PDT, ID: 21239803
hyperion8:
ok ill give that a try. thanks for all your help so far.
 
03.29.2008 at 11:32PM PDT, ID: 21239817
hyperion8:
ok same result after doing that.  I tried this, I added a domain name in the relay_domains line, such as

relay_domains = gmail.com

When I do that, I am able to send an email to a gmail address.

So how do I set relay_domains to allow ALL/ANY domains?
 
03.29.2008 at 11:35PM PDT, ID: 21239820
hyperion8:
and setting it to "relay_domains = all" doesnt work
 
03.29.2008 at 11:36PM PDT, ID: 21239821
hyperion8:
nor does leaving it blank
 
03.30.2008 at 04:05PM PDT, ID: 21242309
cohenphil:
the reason you're not able to relay is that your still not authenticating.

when I connect to your server via telnet I dont see any
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

which is displayed when your server offers the use of SMTP AUTH .

Im thinking SASL isnt configured correctly still!

please post config again :)
 
03.30.2008 at 04:23PM PDT, ID: 21242357
hyperion8:
ok heres the latest. I made some changes since last time, just trying different things.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
mydomain = pharmati.net
myhostname = mail.pharmati.net
inet_interfaces = all
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.6/samples
readme_directory = /usr/share/doc/postfix-2.3.6/README_FILES
smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_security_options =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, csns01.$mydomain
relay_domains = $inet_interfaces, $myhostname, $mydestination, gmail.com
smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sender_restrictions = permit
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
relayhost = k2smtpout.secureserver.net
myorigin = $mydomain
smtpd_use_tls = yes
Open in New Window
 
03.30.2008 at 08:29PM PDT, ID: 21243023
cohenphil:
one thing i forgot to ask: what are you trying to authenticate your users against? LDAP ,System accounts, an mySql db etc?

since  I just noticed your saslauthd is running with PAM. (/usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 )  
have you configured smtpd.conf with the following contents:
pwcheck_method: pam

then in your main.cf add
smtpd_sasl_path = smtpd

also, please hash out line 26. smtp_sasl_auth_enable = yes (you have it above on line 23

 
03.30.2008 at 08:35PM PDT, ID: 21243043
cohenphil:
alternatively since saslauthd is running as root lets try configuring it to use shadow
Can you oince again edit smtpd.conf with the following contents:
pwcheck_method: saslauthd

and launch saslauthd like this
/usr/sbin/saslauthd -m /var/run/saslauthd/  -a shadow
 reload postfix and try again

Sorry about all the config changes.. I think your system is running 1/2 one auth method and 1/2 another :)

any chance of remote access ;)
 
03.30.2008 at 08:39PM PDT, ID: 21243052
cohenphil:
Ok lets get back to basics and make sure saslauthd is working
you should also be able to test your saslauthd with
testsaslauthd -u username -p password

you should get
 0: OK "Success."

please advise if this workss.
 
03.30.2008 at 08:51PM PDT, ID: 21243076
hyperion8:
Im just trying to authenticate them based on their email address/password for their email account. I made all the changes you suggested and still getting the relay error. How can I send you info for remote access? Dont want to post it here.
 
03.30.2008 at 08:56PM PDT, ID: 21243090
hyperion8:
and when I did the testsaslauthd, I did get 0: OK "Success."
 
03.30.2008 at 09:10PM PDT, ID: 21243120
cohenphil:
check my profile for a link to contact me. Pass it through there and i'll take a look

Glad the testsaslauth is working.

I'm about to head into work for a while so I might have to get back to you in a bit.. Lets hope we can nut this one out within the next 24hrs.

Cheers,
Phil
 
03.30.2008 at 09:12PM PDT, ID: 21243125
hyperion8:
ok ill send over the info. thanks for all your help.
 
04.04.2008 at 02:12PM PDT, ID: 21285689
cohenphil:
Ok so the main problem was that postfix was installed without AUTH support (cyrus-sasl)

Since there was no way for a client to authenticate 
(this system is configured to deny relay emails unless user is authenticated, which is configured in the line

smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, check_relay_domains

to fix this the only was that worked was to remove postfix via yum and then recompile postfix SRPM with the extra cyrus-sasl support (here is an edited copy/paste from my history file to save time with a few #comments

#get latest version of postfix source
   71  wget http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.1-1.src.rpm
  73  cd /usr/src
   74  ls
   81  mkdir redhat
   82  cd redhat/
   83  mkdir SOURCES
   86  rpm -ivh postfix-2.5.1-1.src.rpm
   87  cd /usr/src/redhat/SOURCES/

# set the required build options
   88  export POSTFIX_MYSQL_REDHAT=1
   89  export POSTFIX_SASL=2

   90  chmod 744 make-postfix.spec
   91  ./make-postfix.spec
 
 92  cd ..
 93  cd SPECS/

#Build the source into and RPM
#note I had to install rpmbuild, openldap-devel and db4-devel
   
  100  rpmbuild -ba postfix.spec  
# this took a little while
 
#install the built rpm
101  cd ..
  102  cd RPMS/
  103  cd i386/
  105  rpm -ivh postfix-2.5.1-1.mysql.sasl2.fc7.i386.rpm --replacefiles
  106  service postfix restart




Then configured support for auth in main.cf adding:
 'smtpd_sasl