Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th May 2010, 12:35
Flasher Flasher is offline
Junior Member
 
Join Date: May 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Angry Postfix Problem: 554 5.7.1 Relay access denied

Hi all,

i've got an problem with this tut:
http://www.howtoforge.com/virtual-us...l-debian-lenny

I think the SASL authentification does not work.
I attach the main.cf, master.cf and the output of saslfinger. I hope somebody is able to give me a hind or a solution.
If I try to send emails with a valid account I get this message:
554 5.7.1 Relay access denied
Thanks

Code:
Main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 30720000
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
Code:
Master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
Code:
SASLFINGER
saslfinger - postfix Cyrus sasl configuration Tue May 18 16:55:58 UTC 2010
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.5
System: Debian GNU/Linux 5.0 \n \l

-- smtpd is linked to --
    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d10000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 788
drwxr-xr-x  2 root root  4096 May 13 15:55 .
drwxr-xr-x 47 root root 20480 May 13 16:01 ..
-rw-r--r--  1 root root 13476 May 24  2009 libanonymous.a
-rw-r--r--  1 root root   855 May 24  2009 libanonymous.la
-rw-r--r--  1 root root 13016 May 24  2009 libanonymous.so
-rw-r--r--  1 root root 13016 May 24  2009 libanonymous.so.2
-rw-r--r--  1 root root 13016 May 24  2009 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15814 May 24  2009 libcrammd5.a
-rw-r--r--  1 root root   841 May 24  2009 libcrammd5.la
-rw-r--r--  1 root root 15352 May 24  2009 libcrammd5.so
-rw-r--r--  1 root root 15352 May 24  2009 libcrammd5.so.2
-rw-r--r--  1 root root 15352 May 24  2009 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 46420 May 24  2009 libdigestmd5.a
-rw-r--r--  1 root root   864 May 24  2009 libdigestmd5.la
-rw-r--r--  1 root root 43500 May 24  2009 libdigestmd5.so
-rw-r--r--  1 root root 43500 May 24  2009 libdigestmd5.so.2
-rw-r--r--  1 root root 43500 May 24  2009 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13650 May 24  2009 liblogin.a
-rw-r--r--  1 root root   835 May 24  2009 liblogin.la
-rw-r--r--  1 root root 13460 May 24  2009 liblogin.so
-rw-r--r--  1 root root 13460 May 24  2009 liblogin.so.2
-rw-r--r--  1 root root 13460 May 24  2009 liblogin.so.2.0.22
-rw-r--r--  1 root root 29076 May 24  2009 libntlm.a
-rw-r--r--  1 root root   829 May 24  2009 libntlm.la
-rw-r--r--  1 root root 28532 May 24  2009 libntlm.so
-rw-r--r--  1 root root 28532 May 24  2009 libntlm.so.2
-rw-r--r--  1 root root 28532 May 24  2009 libntlm.so.2.0.22
-rw-r--r--  1 root root 13970 May 24  2009 libplain.a
-rw-r--r--  1 root root   835 May 24  2009 libplain.la
-rw-r--r--  1 root root 14036 May 24  2009 libplain.so
-rw-r--r--  1 root root 14036 May 24  2009 libplain.so.2
-rw-r--r--  1 root root 14036 May 24  2009 libplain.so.2.0.22
-rw-r--r--  1 root root 21710 May 24  2009 libsasldb.a
-rw-r--r--  1 root root   866 May 24  2009 libsasldb.la
-rw-r--r--  1 root root 18080 May 24  2009 libsasldb.so
-rw-r--r--  1 root root 18080 May 24  2009 libsasldb.so.2
-rw-r--r--  1 root root 18080 May 24  2009 libsasldb.so.2.0.22
-rw-r--r--  1 root root 23804 May 24  2009 libsql.a
-rw-r--r--  1 root root   964 May 24  2009 libsql.la
-rw-r--r--  1 root root 23312 May 24  2009 libsql.so
-rw-r--r--  1 root root 23312 May 24  2009 libsql.so.2
-rw-r--r--  1 root root 23312 May 24  2009 libsql.so.2.0.22

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 May 17 17:13 .
drwxr-xr-x 3 root root 4096 May 17 17:20 ..
-rw-r--r-- 1 root root  248 May 13 16:21 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN


-- end of saslfinger output --

Last edited by Flasher; 30th May 2010 at 17:38.
Reply With Quote
Sponsored Links
  #2  
Old 31st May 2010, 15:29
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Any errors in your mail log?
Did you enable "Server requires authentication" in your email client?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 31st May 2010, 15:54
Flasher Flasher is offline
Junior Member
 
Join Date: May 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi falko thanks for the quick reply,

I will check the logfiles today.
The option "Server requires authentication" in Outlook 2007 is enabled.
I tried several configuration types but the error still occurs.

Last edited by Flasher; 31st May 2010 at 16:02.
Reply With Quote
  #4  
Old 31st May 2010, 19:52
Flasher Flasher is offline
Junior Member
 
Join Date: May 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello again,

mail.err is empty.
This is the content of mail.log
Code:
May 31 15:48:57 i064 authdaemond: modules="authmysql", daemons=5
May 31 15:48:57 i064 authdaemond: Installing libauthmysql
May 31 15:48:57 i064 authdaemond: Installation complete: authmysql
May 31 15:48:58 i064 postfix/master[2014]: daemon started -- version 2.5.5, configuration /etc/postfix
May 31 15:50:30 i064 pop3d: LOGIN, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49341]
May 31 15:50:30 i064 pop3d: LOGOUT, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49341], top=0, retr=0, rcvd=6, sent=30, time=0
May 31 15:50:31 i064 postfix/smtpd[2164]: connect from mue-###-###-###-###.dsl.tropolys.de[###.###.###.###]
May 31 15:50:31 i064 postfix/smtpd[2164]: NOQUEUE: reject: RCPT from mue-###-###-###-###.dsl.tropolys.de[###.###.###.###]: 554 5.7.1 <goal@domain.com>: Relay access denied; from=<sender@domain.com> to=<goal@domain.com> proto=ESMTP helo=<computer>
May 31 15:50:34 i064 postfix/smtpd[2164]: disconnect from mue-###-###-###-###.dsl.tropolys.de[###.###.###.###]
May 31 15:52:26 i064 pop3d: LOGIN, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49343]
May 31 15:52:26 i064 pop3d: LOGOUT, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49343], top=0, retr=0, rcvd=12, sent=39, time=0
May 31 15:53:54 i064 postfix/anvil[2167]: statistics: max connection rate 1/60s for (smtp:###.###.###.###) at May 31 15:50:31
May 31 15:53:54 i064 postfix/anvil[2167]: statistics: max connection count 1 for (smtp:###.###.###.###) at May 31 15:50:31
May 31 15:53:54 i064 postfix/anvil[2167]: statistics: max cache size 1 at May 31 15:50:31
Reply With Quote
  #5  
Old 2nd June 2010, 01:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Does the account goal@domain.com exist on the server, or is it an external mail account?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 2nd June 2010, 08:18
Flasher Flasher is offline
Junior Member
 
Join Date: May 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi falko,

goal@domain.com is an external mail account.

regards
Reply With Quote
  #7  
Old 3rd June 2010, 15:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Do you use the domain of the sender address only for virtual users, or also for system users? Is the domain used in the hostname?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 4th June 2010, 12:31
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default sasl authentification not working

Hi all,

I have setup mail server using this tutorial "Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)" but when I set SMTP server in e-mail client to use secure authentication I got "Login to server zm.gotdns.com failed." with those in /var/mail/mail.log :


Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: SASL authentication failure: no secret in database
Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: localhost.localdomain[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure
Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: SASL authentication failure: no secret in database
Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: localhost.localdomain[127.0.0.1]: SASL NTLM authentication failed: authentication failure
Jun 4 10:44:35 zm postfix/smtpd[20951]: disconnect from localhost.localdomain[127.0.0.1]

Please can you help me out with this ?

Zeljko
Reply With Quote
  #9  
Old 5th June 2010, 13:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

What's in /etc/postfix/sasl/smtpd.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 5th June 2010, 16:07
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: *********
sql_passwd: ***********
sql_database: mail
sql_select: select password from users where email = '%u'
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 09:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.