Start Free Trial

asked on

Postfix - How do I set up a relay so that external users who are logged into the server can email outside the domain?

I didn't see any specific area to post Postfix questions so I hope that this is acceptable.

I have recently setup a postfix email server to replace the "old" sendmail server. Everything appears to be working correct except that when a road warrior logs on to the postfix email serve from outside the building, he cannot send email out to anyone outside the company.

When I log on from insdie the firewall, I can send to local email address as well as outside. The road warriors can receive their email and send to people within the company, but not outside (they use to be able to).

I believe that the problem is in the /etc/postfix/main.cf file. There is an area in the file for relayhost. I believe that it can be configured so that if a person from the outside can log on to the server and receive his email, he will be authorized to relay his email.

Could someone tell me specifically what I need to do?

Tomorrow morning I need to get to work early and hopefully with your help, I'll be able to have this working before people show up.

Thank-you in advance.

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

enable smtp auth mechanisms, these are some settings that you may need to configure in your postfix to support smtp auth.

smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

but firstly you need to install make sure your postfix support SASL and after that you'll need to install cyrus-sasl package.

ASKER

I made all the changes that fajar79 suggested. Everything is working as before, however the road warriors still cannot send emails.

make sure your "road warriors" have set their mail client to send their username and password along with their smtp request. I've yet to come across a mail client that does not have this option available.

you need to make postfix aware of the cyrus-sasl as well.
Look at this previous question.
https://www.experts-exchange.com/questions/21798494/Linux-email-problem.html

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

At / while logged in as root on the mail server, I typed in ehlo and I got an error message:
command not found

I did make a change to the main.cf file. I added the bosses home ip address to the mynetworks = line.

The boss can now email out, but I don't like this solution. I still want to work on using SASL_AUTHMECH

I have created a directory /etc/postfix/sasl

I have created a file smtpd.conf Does this file go in /etc/postfix or /etc/postfix/sasl ?

I have edit the /etc/sysconfig/saslauthd file to include SASL_AUTHMECH="shadow"

Once I know that I have place the smtpd.conf file in the right place, should I restart the postfix service or is there something else that I need to do?

Thank-you

goes in /etc/postfix/sasl/

restart postfix and saslauthd, then you should be good

also, ehlo is a smtp command
from the command line type:
telnet <ip of server> 25
then you will be presented with your mail server banner, that is when you issue the ehlo command

ASKER

I restarted postfix and saslauthd but I still have the same problem. Is it possible that I do not have something set correctly in main.cf?

please post your main.cf and /etc/sysconfig/saslauthd and /etc/postfix/sasl/smtpd.conf

ASKER

First I want to thank all of you for your help. I can't say that enough.

Here are the files, I stripped out the comments, hopefully I didn't strip out something else.

# main.cf
command_directory = /usr/sbin

#
daemon_directory = /usr/libexec/postfix
#

myorigin = $mydomain

mydestination = mailhost.company.com $myhostname localhost.$mydomain $mydomain

#
local_recipient_maps = unix:passwd.byname $alias_maps

#
unknown_local_recipient_reject_code = 550

mynetworks = 71.x.x.x, 127.0.0.0/8

#
relay_domains = $mydestination

alias_maps = hash:/etc/aliases

mail_spool_directory = /var/spool/mail

#
debug_peer_level = 2

debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
#
sendmail_path = /usr/sbin/sendmail.postfix

#
newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop
#
html_directory = no

manpage_directory = /usr/share/man
#
sample_directory = /usr/share/doc/postfix-2.1.5/samples

readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES

smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient

smtpd_sasl_local_domain =

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

message_size_limit = 20971520
mailbox_size_limit = 104857600

delay_notice_recipient = bwilson@custom-mfg-eng.com
bounce_notice_recipient = bwilson@custom-mfg-eng.com
2bounce_notice_recipient = bwilson@custom-mfg-eng.com
error_notice_recipient = bwilson@custom-mfg-eng.com

*********** /etc/sysconfg/saslauthd

SOCKETDIR=/var/run/saslauthd

MECH=pam

FLAGS=

SASL_AUTHMECH="shadow"

*********** /etc/postfix/sasl/smtpd.conf file

mech_list: plain login
pwcheck_method: saslauthd
log_level: 3

main.cf - add the following
----------------------
smtpd_sasl_path = /etc/postfix/sasl

/etc/sysconfig/saslauthd - make contents the following
-------------------------------
SASL_AUTHMECH="shadow"
SASL_MECH_OPTIONS=
SASLAUTHD_OPTS=

make sure that the sasl directory and the smtpd.conf are owned by postfix.

also, do you run postfix chroot'd
basically post the contents of /etc/init.d/saslauthd so that we know that postfix has its own hardlink copy of the mux= socket file to saslauthd for authentication.

ASKER

Both the sasl directory and the smtpd.conf are now owned by postfix

I do not understand <do you run postfix chroot'd>

here is the /etc/init.d/saslauthd file.

#! /bin/bash
#
# saslauthd Start/Stop the SASL authentication daemon.
#
# chkconfig: - 95 05
# description: saslauthd is a server process which handles plaintext \
# authentication requests on behalf of the cyrus-sasl library.
# processname: saslauthd

# Source function library.
. /etc/init.d/functions

# Source our configuration file for these variables.
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
if [ -f /etc/sysconfig/saslauthd ] ; then
      . /etc/sysconfig/saslauthd
fi

RETVAL=0

# Set up some common variables before we launch into what might be
# considered boilerplate by now.
prog=saslauthd
path=/usr/sbin/saslauthd

# Ugh. Switch to a specific copy of saslauthd if there's one with $MECH
# in its name, in case it wasn't included in the base cyrus-sasl package
# because it would have dragged in too many undesirable dependencies.
if test -x ${path}.${MECH} ; then
      path=/usr/sbin/saslauthd.$MECH
fi

start() {
      echo -n $"Starting $prog: "
      daemon $path -m $SOCKETDIR -a $MECH $FLAGS
      RETVAL=$?
      echo
      [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
      return $RETVAL
}

stop() {
      echo -n $"Stopping $prog: "
      killproc $path
      RETVAL=$?
      echo
      [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
      return $RETVAL
}

restart() {
      stop
      start
}

case "$1" in
start)
      start
      ;;
stop)
      stop
      ;;
restart)
      restart
      ;;
status)
      status $path
      ;;
condrestart)
      [ -f /var/lock/subsys/$prog ] && restart || :
      ;;
*)
      echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
      exit 1
esac

exit $?

look in your master.cf, there is a chroot column. this basically means that if you run postfix chroot'd then even if it gets hacked, the hacker can't compromise the rest of your machine, only postfix's chroot jailed environment.

your saslauthd script doesn't create a hardlink. I need to look thru mine and find exactly what it does and then I'll post again.

ASKER

Here is my master.cf file. I see the chroot column. Do I need to change any of the settings?

Thank-you

#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#

#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}

cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

nope

ok, lets try to see if it is actually working. restart postfix and saslauthd, then try to send.
then look at the logs "/var/log/mail/info"
do
tail -10000 /var/log/mail/info | grep sasl
that should produce a line with the username you tried to authenticate as and some other sasl info

ASKER

I am waiting for my tester to try to send a message from outside. In the mean time, I looked for the /var/log/mail/info file.

The only thing in that directory is a file called statistics

ASKER

My tester tried to send an email and it did not work.

What should I try next?

Thanks

ASKER

My tester is getting a

554 transaction failed

message.

I have been restarting Dovecot, Postfix, and saslauthd

Does it matter what order I restart them in?

dovecot is just the pop3/imap server so you can disregard that. and no, it doesn't matter, you just need to restart them to ensure that the daemons re-read the configs.

you can also look at /var/log/syslog and modify the previous command to do this
tail -10000 /var/log/syslog | grep postfix | grep sasl

what is the client of your remote test, also you can test it out yourself even though you are on one of the mynetworks because the logs should show the sasl_username line. also change this line in the master.cf
smtp inet n - n - - smtpd
to this
smtp inet n - n - - smtpd -v -v

this will turn on verbose logging and show the smtp communication that is happening. also, look in the /etc/syslog.conf to see where the mail logs are being stored if they even are broken off, there isn't any lines specifically saying mail, then the /var/log/syslog log file contains those logs.

ASKER

I will make the change to the master.cf file as soon as I post this.

/var/log/maillog output

mailhost postfix/smtpd[4062]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

mailhost postfix/smtpd[4062]: 3ACC93F9107: client=unknown[192.x.x.x], sasl_method=PLAIN, sasl_username=xxxxxx
(this was one of our users who forgot his password)

ASKER

I made the change to master.cf

Do I need to restart it? (How?) :(

/etc/init.d/postfix restart

before you do though, i think postfix is grabbing its sasl parameters from a different file than we want it to. you did put
smtpd_sasl_path = /etc/postfix/sasl
into the main.cf, correct?

ASKER

let me check

ASKER

I double checked and it is in the correct

what are the results of this:
find / -name smtpd.conf

ASKER

/etc/postfix/sasl/smtpd.conf
/var/ftp/pub/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/usr/lib/sasl/smtpd.conf

ASKER

the /etc/postfix/sasl/smtpd.conf file has the changes that you recommended

The two /usr files are different.

the /var/ftp is a copy of the /etc/postfix file

ASKER

modified the two /usr files so that they are the same as /etc/postfix/sasl/smtpd.conf

I will be restarting postfix and running another test

ASKER

I ran the test and I got the same error message

what do the logs say....and to go back to an earlier post, you did configure the client to say that your server requires authentication, right? what client are you using again

ASKER

pop-before-smtp has been suggested to me. Do any of you experts have any experiece with it?

Thank-you

Change
smtpd_sasl_local_domain =
to
smtpd_sasl_local_domain = $myhostname

ASKER

I made the change and restarted postfix. I will repost after I test

ASKER

no change

can I see some output from the logs, also, your positive that the client is configured right, correct?

ASKER

Here is the result of the maillog The last entry is one of our people who apparently entered the wrong password.

May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:02:38 mailhost postfix/smtpd[13886]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response AHJicnVubwBwYXNzd29yZA==
May 24 09:02:38 mailhost postfix/smtpd[13886]: smtpd_sasl_authenticate: decoded initial response
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated status=1
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated status=1
May 24 09:02:38 mailhost postfix/smtpd[13886]: D27133F9115: client=unknown[192.x.x.x], sasl_method=PLAIN, sasl_username=name@mailhost.company.com

ASKER

Today we used a different client that we did yesterday. The client can logon to the mailserver and download their mail as well as send email to people internally. Several diffenent people have mentioned that they cannot send emails out, but no one has mentioned that they cannot receive their emails from outside. There have been no complaints about anything internally.

ASKER

The client who was testing yesterday was able to relay emails when we added his ip to the file. We did that as a test. Afterwards we removed that ip. We are going thru a firewall, but once again, when a specific ip was added, emails could be relayed.

ASKER

in main.cf we had added a specific ip and that did work for that one person. I noticed that the ip is still there. could that be causing problems? the line is listed below with the ip number replaced with x

mynetworks = 71.x.x.x, 127.0.0.0/8

can we get a little more of the logs, for mine a session looks like this

May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_helo_access pcre:/etc/postfix/helo_checks
May 24 09:48:58 mail postfix/smtpd[3179]: mac_parse: permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_helo_access pcre:/etc/postfix/helo_checks
May 24 09:48:58 mail postfix/smtpd[3179]: dict_eval: const permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_helo_access pcre:/etc/postfix/helo_checks
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_application_name = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_application_name = smtpd
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
May 24 09:48:58 mail postfix/smtpd[3179]: mac_parse: /etc/postfix/sasl:/usr/lib/sasl2
May 24 09:48:58 mail postfix/smtpd[3179]: dict_eval: const /etc/postfix/sasl:/usr/lib/sasl2
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_local_domain = mail.satolabeling.com
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_exceptions_networks = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_exceptions_networks =
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_tls_security_options = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: mac_parse: $smtpd_sasl_security_options
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_eval: expand $smtpd_sasl_security_options -> noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_tls_security_options = noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_auth_enable = yes
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_authenticated_header = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_authenticated_header = no
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: broken_sasl_auth_clients = yes
May 24 09:48:58 mail postfix/smtpd[3179]: smtpd_sasl_initialize: SASL config file is smtpd.conf
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile conf: /etc/postfix/sasl/smtpd.conf
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/libplain.so.2
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/libdigestmd5.so.2
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/liblogin.so.2
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/libcrammd5.so.2
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:49:02 mail postfix/smtpd[3228]: A877ADEE67: client=X.X.X.X, sasl_method=LOGIN, sasl_username=user@mail.example.com

ASKER

We are using dovecot. This launches postfix (correct)

What launches saslauthd and should it be set to -a pam (or shadow or what?)

my log doesn't show what you are showing

ASKER

does this help?

May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: mac_parse: reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval_action: type literal buf reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit context mail_dict "" recursive
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] result reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: mac_parse: permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval_action: type literal buf permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient context mail_dict "reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit" recursive
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_application_name = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_update: smtpd_sasl_application_name = smtpd
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_local_domain = $myhostname
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_exceptions_networks = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_update: smtpd_sasl_exceptions_networks =
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_tls_security_options = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16571]: mac_parse: $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval_action: type variable buf smtpd_sasl_security_options context mail_dict "" recursive
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_update: smtpd_sasl_tls_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_auth_enable = yes
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: broken_sasl_auth_clients = yes
May 24 10:27:20 mailhost postfix/smtpd[16571]: smtpd_sasl_initialize: SASL config file is smtpd.conf
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated status=0
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated status=0
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: mac_parse: reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval_action: type literal buf reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit context mail_dict "" recursive
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] result reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: mac_parse: permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval_action: type literal buf permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient context mail_dict "reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit" recursive
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_application_name = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_update: smtpd_sasl_application_name = smtpd
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_local_domain = $myhostname
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_exceptions_networks = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_update: smtpd_sasl_exceptions_networks =
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_tls_security_options = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16573]: mac_parse: $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval_action: type variable buf smtpd_sasl_security_options context mail_dict "" recursive

ASKER

I will be closing this question out. The decision has been made to work at installing "Pop-before-smtp".

I appreciate all the help and the knowledge that I got from you guys and as a result I will be splitting up the points.

Thank-you all.

I'll probably be posting a new question about "Pop-before-smtp" next week.