Spamsnake outgoing message relay access denied

[manish123456]

My scenario is I've qmail working mail server, I've installed ubuntu spam snake on another box in my network, everything works fine, mailscanner is detecting spams and virus mailwatch shows everything allright.

My major problem is most of my domain users are roaming users using outlook.

Earlier qmail was successfully authenticating for outgoing smtp mails from roaming users.

When I've installed spamsnake and forward port 25 on router to my spamsnake my roaming users getting 554 5.7.1 Relay access denied error

I think smtp auth is not working so my outside users can not relay mails from outlook.

Although when I'm testing mails from inside my network its working fine.
Please advice me how to solve this problem.

My main.cf file is as follows.


smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
broken_sasl_auth_clients=yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = saloni.fenoplast.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = fenoplast.com
mydestination =
relayhost =
mynetworks = 127.0.0.0/8, 192.168.0.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 10485760
local_transport = error:No local mail delivery
local_recipient_maps =
virtual_alias_maps = hash:/etc/postfix/virtual
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/relay_domains
smtpd_helo_required = yes
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit
#smtpd_sender_restrictions = permit
smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, permit
smtpd_data_restrictions = reject_unauth_pipelining
header_checks = regexp:/etc/postfix/header_checks

[Rocky]

Ok, so let me get this straight. You're relaying outgoing mails from Qmail to the spamsnake?

If so, make sure that you have the ip of your qmail box listed in the mynetworks string of main.cf.

[manish123456]

yes I'm relaying my outgoing mails from qmail box to spamsnake, as my qmail is on private ip and 192.168.0.0/24 network is already there in network section of main.cf.

My problem is for roaming users who use outlook on their laptop and on different public ip. if they use webmail they can send mails. but from outlook they get "Relay access denied" error although they use " My server requires authentication" option on their outlook

As I understand spamsnake does not support sasl Auth....it might be the problem?

Please suggest me.

Thanks.

[Rocky]

I don't know if the spamsnake is the problem. I think it has to do with your connection from outlook to qmail. They should be connecting to qmail from their outlook, which in turns sends mail out of the qmail box --> the spamsnake. Therefore I think it's an outlook/qmail issue. When you didn't have a spamsnake, were you able to send mails via outlook?

[manish123456]

yes, without spamsnake in between qmail works fine, let me give you complete picture.
Earlier port 25, 110 from forwarded to qmail box's IP, when I've put spamsnake I've change port 25 forwarded to spamsnake box to pass traffic through spamsnake. port 110 still forwarded to qmail box.

without spamsnake qmail works fine. roaming users can send mails with "My server requires authentication" options in outlook but with spamsnake it gives Relay access denied.

Thanks

[Drex56]

Hi Manish,

From what you are saying, your Outlook users were connecting to QMail on port 25 then you put SpamSnake on Port 25 and now they can't send? can they send internal mails? or is it all mail, internal and external? Is there any reason why you can put Qmail on a different port (by using NAT translation or something similar?) and change the port in Outlook? Saying that have you configurede the SpamSnake server as per Rocky's Howto (http://www.howtoforge.com/the-perfec...tu-jeos-9.10)? If so, how are you able to relay to external domains when the SpamSnake will only deliver to the domains in '/etc/postfix/relay_recipients', '/etc/postfix/relay_domains' and '/etc/postfix/transport'? (least I think this is the case, Anyone, please correct me if im wrong!)

Regards

Drex

[Rocky]

Drex is correct, roaming users won't be able to authenticate against the SpamSnake because it doesn't store your local users, qmail does. What you need to do is change qmail to use port 26, have your users update outlook to use port 26 and forward that port to your qmail box ip. They should be able to go around the SpamSnake to send emails.

Rocky

[manish123456]

Thanks Rocky and Drex...You have clered my doubt, I was wondering earlier this might be only problem as spamsnake does not authenticate external users, qmail does....thanks a lot.