Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Postfix and Dovecot new mail setup not working

Installed Postfix and Dovecot today, I'm receiving email fine but, I cannot send at all, no matter where I try and send an email to I get.........

Transaction failed
554 5.7.1 <email address@domain.com>: Relay access denied

I'm VERY weak with Linux - can someone give me some guidance

If I change the line in my /etc/postfix/main.cf to

mynetworks = localhost

Open in new window


Then it works, but my Outlook client stops being able to send and my iPhone does not work with my mail account.

Pete
0
Pete Long
Asked:
Pete Long
  • 6
  • 5
1 Solution
 
Jon BrelieSystem ArchitectCommented:
You probably want to define your networks manually.  Is the server on the same subnet as your outlook client?

At anyrate, if you're relaying for 'mynetworks' then 'mynetworks' has to contain the address info for everything you want to relay for.  You can enter this in class or host mode

mynetworks = 127.0.0.0/8, 192.168.0.0/28

etc...  try that and reload postfix
0
 
Pete LongConsultantAuthor Commented:
I could enter 0.0.0.0/0 but I suspect then I suspect I would be an open relay?

There must be a way to only allow authenticated users to send/relay?

PL
0
 
Pete LongConsultantAuthor Commented:
I could  be using any IP at any site - Outlook needs to be able to connect to and send via SMTP as does my iphone? I cant add every single IP address I might need to send from?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Pete LongConsultantAuthor Commented:
0.0.0.0/0 works

It seems to ad authentication I need to add, to

smtpd_recipient_restrictions,

"permit_sasl_authenticated,reject_unauth_destination"

But thats not making any sense at the moment......................
0
 
Jon BrelieSystem ArchitectCommented:
Ah.  I gotcha.

Yeah, you don't want to set up an open relay.  What you are looking for is authentication via ESMTP or POP-before_SMTP.  With Pop-before-SMTP, essentially, IPs from which successful POP authentications are made are added to a short term relay list.  The duration is configurable.  It's been many years since I did it, but it worked okay.

I've never used ESMTP, but you might want to look into that first.

take a look at this link: http://wiki2.dovecot.org/HowTo/PopBSMTPAndDovecot
0
 
Pete LongConsultantAuthor Commented:
I think this will de what I need http://www.postfix.org/SASL_README.html
0
 
Jon BrelieSystem ArchitectCommented:
yeah that looks like it would work as well.
0
 
Pete LongConsultantAuthor Commented:
it didn't - my lack of Linux knowledge is very frustrating I don't have a clue what I'm doing ;(
0
 
Jon BrelieSystem ArchitectCommented:
That makes it pretty difficult to run a mailserver.  Have you considered Google Apps or Office 365?
0
 
Jon BrelieSystem ArchitectCommented:
Sorry, I re-read that last post and realized it's not very helpful and comes off kind of rude.

I only mean to illustrate that getting a mailserver running is only part of maintaining one, and probably not even the most difficult part at that.  You're also on the hook for diagnosing and fixing it when it breaks, and knowing the signs of external intrusion and what do do about it.

Without a solid understanding of the underlying OS, you might be setting yourself up for some long and frustrating evenings of despair in the future.

I only mentioned the alternatives because they might be more practical for your situation.

On the other hand, if this is not a business/production system and you're just doing it to learn, then there's no better way to learn than by doing.

I would start with PopBSMTP since it is probably the easiest to implement even if it's not the "best" method out there.
0
 
Pete LongConsultantAuthor Commented:
No offence taken M8 :)

>>>I only mean to illustrate that getting a mailserver running is only part of maintaining one, and probably not even the most difficult part at that.  You're also on the hook for diagnosing and fixing it when it breaks, and knowing the signs of external intrusion and what do do about it.

I agree, I look after a few hundred M$ Exchange Servers :)

It took me a while to get this problem sorted, but for the benefit of anyone else who finds this Q this is how I did it..................

Configure Postfix for SASL Authentication from Dovecot

Thanks for your help - I hope I can return the favor one day in one of my stronger TAs

Pete
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now