HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Can't send External Mail (http://www.howtoforge.com/forums/showthread.php?t=6059)

AndyF 7th August 2006 22:01

Can't send External Mail
 
I think i've gone round and round in circles the last couple of days with this, so i offer it up to other peoples advice.

Ubuntu 6.06 LTS, following Perfect install (mostly) - installed as LAMP server.

I've managed to get everything working except for emails outbound to external addresses.

Trying to send from andy@friar.info -> andy@novus.co.uk

Postfix main.cfg

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

myhostname = woody.friar.info
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = woody.friar.info, localhost.friar.info, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names


Mail Logs

Aug 7 20:42:04 woody postfix/smtpd[6438]: connect from unknown[192.168.1.10]
Aug 7 20:42:04 woody postfix/smtpd[6438]: NOQUEUE: reject: RCPT from unknown[192.168.1.10]: 554 <andy@novus.co.uk>: Relay access denied; from=<andy@friar.info> to=<andy@novus.co.uk> proto=ESMTP helo=<p4>
Aug 7 20:42:04 woody postfix/smtpd[6441]: connect from unknown[192.168.1.10]

Outlook logs

2006.08.07 20:42:01 SMTP (192.168.1.15): Connected to host
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 220 woody.friar.info ESMTP Postfix (Ubuntu)
2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] EHLO p4
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-woody.friar.info
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-PIPELINING
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-SIZE 10240000
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-VRFY
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-ETRN
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-STARTTLS
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-AUTH LOGIN PLAIN
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-AUTH=LOGIN PLAIN
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250 8BITMIME
2006.08.07 20:42:01 SMTP (192.168.1.15): Authorizing to server
2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] AUTH LOGIN
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 334 VXNlcm5hbWU6
2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] YW5keQ==
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 334 UGFzc3dvcmQ6
2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] *****
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 235 Authentication successful
2006.08.07 20:42:01 SMTP (192.168.1.15): Authorized to host
2006.08.07 20:42:01 SMTP (192.168.1.15): Connected to host
2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] MAIL FROM: <*****>
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250 Ok
2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] RCPT TO: <*****>
2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 554 <*****>: Relay access denied
2006.08.07 20:42:01 SMTP (192.168.1.15): End execution


To me this is saying that outlook is authenticated correctly but the destination isn't allowed?

Anyone any advice?

Thanks

Andy

till 8th August 2006 09:31

Are you able to retrieve emails with pop3 in outlook with the same useranme + password that you enterec for smtp authentication in outlook?

Please check twice that you enabled "Server needs authentication" in the smtp settings in outlook.

AndyF 8th August 2006 11:37

Yep, retrieval is fine, sending emails to other users in the same domain is fine. Just sending emails to a mail recipient external of what postfix knows about doesn't wanna work.

Andy

falko 8th August 2006 18:42

Does andy@novus.co.uk exist on the remote server?

AndyF 8th August 2006 19:21

Yep as it's work email, it's the same which ever external email address i use.

It's as if the line

smtpd_recipient_restictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination

Is listening to the mynetworks as in Webmail, yet not for the sasl authenticated users.

Given that when using Roundcube i get

Aug 8 18:20:31 woody postfix/smtp[24794]: 7623681847D: to=<andy.friar@novus.co.uk>, relay=mail.novus.co.uk[212.248.238.50], delay=1, status=sent (250 imss-01.NNL.CO.UK: Message accepted for delivery)
Aug 8 18:20:31 woody postfix/qmgr[23534]: 7623681847D: removed

Does that make sense?

Andy

AndyF 8th August 2006 19:25

I even tried outlook with SPA switch on for sending, to which i recieve.

Aug 8 18:23:43 woody postfix/smtpd[24858]: connect from unknown[192.168.1.10]
Aug 8 18:23:43 woody postfix/smtpd[24858]: setting up TLS connection from unknown[192.168.1.10]
Aug 8 18:23:43 woody postfix/smtpd[24858]: TLS connection established from unknown[192.168.1.10]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Aug 8 18:23:43 woody postfix/smtpd[24858]: NOQUEUE: reject: RCPT from unknown[192.168.1.10]: 554 <andy.friar@novus.co.uk>: Relay access denied; from=<andy@friar.info> to=<andy.friar@novus.co.uk> proto=ESMTP helo=<p4>
Aug 8 18:23:45 woody postfix/smtpd[24858]: disconnect from unknown[192.168.1.10]

AndyF 8th August 2006 19:41

Is there anyway to debug the sasl authentication process?

Andy

AndyF 8th August 2006 21:53

Well i'm not quite sure what i've done, but it is now working correctly.

i did renter a couple of postconf lines and instead of before where is wasn't even checking for the sasl_authenticated.

Code:

>>> START Recipient address RESTRICTIONS <<<
Aug  8 20:01:09 woody postfix/smtpd[27060]: generic_checks: name=permit_mynetworks
Aug  8 20:01:09 woody postfix/smtpd[27060]: permit_mynetworks: unknown 192.168.1.10
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_hostname: unknown ~? 127.0.0.0/8
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_hostaddr: 192.168.1.10 ~? 127.0.0.0/8
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_list_match: unknown: no match
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_list_match: 192.168.1.10: no match
Aug  8 20:01:09 woody postfix/smtpd[27060]: generic_checks: name=permit_mynetworks status=0
Aug  8 20:01:09 woody postfix/smtpd[27060]: generic_checks: name=reject_unauth_destination

i then redid the line

Code:

postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
Restarted the service and finally received..

Code:

>>> START Recipient address RESTRICTIONS <<<
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_sasl_authenticated
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_sasl_authenticated status=0
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_mynetworks
Aug  8 20:20:30 woody postfix/smtpd[28068]: permit_mynetworks: unknown 192.168.1.10
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_hostname: unknown ~? 127.0.0.0/8
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_hostaddr: 192.168.1.10 ~? 127.0.0.0/8
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_list_match: unknown: no match
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_list_match: 192.168.1.10: no match
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_mynetworks status=0
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=reject_unauth_destination

Which looks miles better, so i now get.

Code:

Aug  8 20:36:38 woody postfix/smtpd[28346]: connect from 82-68-241-110.dsl.in-addr.zen.co.uk[82.68.241.110]
Aug  8 20:36:38 woody postfix/smtpd[28346]: D624C81838D: client=82-68-241-110.dsl.in-addr.zen.co.uk[82.68.241.110], sasl_method=LOGIN, sasl_username=andy
Aug  8 20:36:38 woody postfix/cleanup[28348]: D624C81838D: message-id=<20060808193638.D624C81838D@woody.friar.info>
Aug  8 20:36:38 woody postfix/qmgr[27948]: D624C81838D: from=<andy@friar.info>, size=2210, nrcpt=1 (queue active)
Aug  8 20:36:39 woody postfix/smtp[28349]: D624C81838D: to=<andy@novus.co.uk>, relay=mail.novus.co.uk[212.248.238.50], delay=1, status=sent (250 imss-01.NNL.CO.UK: Message accepted for delivery)
Aug  8 20:36:39 woody postfix/qmgr[27948]: D624C81838D: removed

By the way for more debuging options add the following into your main.cf

debug_peer_list = IPADDRESSYOURWANTTODEBUG
debug_peer_level = 3

Hope this helps anyone else.

Andy


All times are GMT +2. The time now is 01:38.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.