Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd May 2012, 05:12
CapnJoe CapnJoe is offline
Junior Member
 
Join Date: May 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix not sending to external emails

Okay bear with me. I was asked to look at a server that hadn't been updated in four years. One update of Webmin killed the postfix, something I had never touched and I've learned a lot browsing and googling all weekend. I'll be as clear as I can.

The issue is "554 5.7.1 <test@example.com>: Relay access denied" when emailing from a virtual domain. There are three domains with some 184 email accounts setup under postfix.admin.

The following contains some sanitized data. *PUBLICDOMAIN* is one of the 'virtual domains' and *HOSTDOMAIN* is the unmanaged service address:

Results of nmap smtp.*PUBLICDOMAIN*.com from my home PC:
Code:
Nmap scan report for smtp.*PUBLICDOMAIN*.com (67.225.2**.2**)
Host is up (0.034s latency).
rDNS record for 67.225.2**.2**: host.*HOSTDOMAIN.com
Not shown: 90 filtered ports
PORT     STATE  SERVICE  VERSION
22/tcp   open   ssh      OpenSSH 4.3 (protocol 2.0)
25/tcp   open   smtp     Postfix smtpd
80/tcp   open   http     Apache httpd
443/tcp  open   ssl/http Apache httpd
465/tcp  closed smtps
631/tcp  closed ipp
993/tcp  open   ssl/imap Dovecot imapd
995/tcp  open   pop3s?
8000/tcp closed http-alt
8080/tcp open   http     Apache Tomcat/Coyote JSP engine 1.1
Results of mxtoolbox smtp.*PUBLICDOMAIN*.com:
Code:
Status	Result
	OK - 67.225.2**.2** resolves to host.*HOSTDOMAIN*.com
	OK - Reverse DNS matches SMTP Banner
	OK - Supports TLS.
	0 seconds - Good on Connection time
	OK - Not an open relay.
	0.374 seconds - Good on Transaction Time

EHLO please-read-policy.mxtoolbox.com
250-mail.*HOSTDOMAIN*.com
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [47 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [47 ms]
RCPT TO: <test@example.com>
554 5.7.1 <test@example.com>: Relay access denied [78 ms]
QUIT
221 2.0.0 Bye [47 ms]
ls -la /etc/postfix
Code:
[root@HOSTNAME postfix]# ls -la
drwxr-xr-x  3 root root     4096 May 21 08:07 .
drwxr-xr-x 88 root root    12288 May 21 01:13 ..
-rw-r--r--  1 root root    17832 Apr 15 17:03 access
drwxr-xr-x  2 root root     4096 May 21 07:48 backups
-rw-r--r--  1 root root     3550 Apr 15 17:03 bounce.cf.default
-rw-r--r--  1 root root    11175 Apr 15 17:03 canonical
-rw-r--r--  1 root root     9920 Apr 15 17:03 generic
-rw-r--r--  1 root root    16838 Apr 15 17:03 header_checks
-rw-r--r--  1 root root       20 Apr 14  2008 header_checks.rpmsave
-rw-r--r--  1 root root    11942 Apr 15 17:03 LICENSE
-rw-r--r--  1 root root     1963 May 21 08:07 main.cf
-rw-r--r--  1 root root     1192 Apr 15 17:03 makedefs.out
-rw-r--r--  1 root root     1192 Jul 20  2007 makedefs.out.rpmsave
-rw-r--r--  1 root root     4137 Apr 15 17:03 master.cf
-rw-r--r--  1 root root     3965 May 20 17:12 master.cf.rpmsave
-rw-r--r--  1 root root     1579 May 20 16:04 postconf.txt
-rw-r--r--  1 root root    17639 Apr 15 17:03 postfix-files
-rwxr-xr-x  1 root root     6366 Apr 15 17:03 postfix-script
-rwxr-xr-x  1 root root    22564 Apr 15 17:03 post-install
-rw-------  1 root root     1024 May 21 18:26 prng_exch
-rw-r--r--  1 root root     6805 Apr 15 17:03 relocated
lrwxrwxrwx  1 root root        8 May 20 09:56 ssl -> /etc/ssl
-rw-r--r--  1 root root     1629 Apr 15 17:03 TLS_LICENSE
-rw-r--r--  1 root root    12081 Apr 15 17:03 transport
-rw-r--r--  1 root root    12288 Dec 22  2010 transport.db
-rw-r--r--  1 root root       39 May 13  2009 transport.rpmsave
-rw-r--r--  1 root root    11984 Apr 15 17:03 virtual
-rw-r-----  1 root postfix   126 Sep 18  2008 virtual_alias.cf
-rw-r-----  1 root postfix   174 Nov 20  2008 virtual_domains.cf
-rw-r-----  1 root postfix   174 Sep 18  2008 virtual_mailbox.cf

ls -la /etc/postfix/backups ( where I've had different variations of main.cf archived {post breaking sadly} )
Code:
-rw-r----- 1 root root  1754 Sep 30  2008 main.cf.backup
-rw-r--r-- 1 root root  1963 May 21 03:54 main.cf.backup.21.5.2012
-rw-r--r-- 1 root root 17981 Apr 15 17:03 main.cf.default
-rw-r--r-- 1 root root 26737 May 20 18:16 main.cf.mysqlversiondefualtinstall.cf
-rw-r--r-- 1 root root  1963 May 20 09:44 main.cf.orig.backup.20-5-2012
-rw-r--r-- 1 root root 26737 May 20 17:49 main.cf.outboundworks.20-5-2012
-rw-r--r-- 1 root root  1963 May 20 16:03 main.cf.rpmsave
So everything I've read seems to point to main.cf
As it is right now
Code:
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
setgid_group = postdrop

myhostname = mail.*HOSTDOMAIN*.com
myorigin = $mydomain
mydestination = localhost.$mydomain

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

transport_maps = hash:/etc/postfix/transport

##############################
# Virtual domain setup
# control what domains and users postfix will accept mail for
##############################
virtual_mailbox_domains = mysql:/etc/postfix/virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_alias.cf
virtual_mailbox_base = /home/mail
virtual_uid_maps = static:110
virtual_gid_maps = static:110

header_checks = regexp:/etc/postfix/header_checks

debug_peer_level = 2
#debug_peer_list = cableone.net
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
        echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
        >$config_directory/$process_name.$process_id.log & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix

html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth

smtpd_sender_restrictions = permit_sasl_authenticated permit_mynetworks reject_non_fqdn_sender reject_unknown_sender_domain permit

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
disable_vrfy_command = yes
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_auth_only=yes
smtpd_tls_key_file = /etc/httpd/conf/ssl/webmail_*PUBLICDOMAIN*_com.key
smtpd_tls_cert_file = /etc/httpd/conf/ssl/webmail_*PUBLICDOMAIN*_com.bundle

smtpd_tls_log_level=3

message_size_limit=51200000
This is allowing mail from *HOSTDOMAIN* to be sent out anywhere. And all incoming mail to *PUBLICDOMAIN* works, and *PUBLICDOMAIN* to *PUBLICDOMAIN* works. But *PUBLICDOMAIN* to anything else gives
Code:
554 5.7.1 <username@domain.tld>: Relay access denied
I have tried multiple variations of editing smtpd_sender_restrictions ( if there is none I read it wont work), smtpd_recipient_restrictions, disabling smtpd_use_tls. Adding $localhost, $mydomain, gmail.com, *mygoogleappurl*.net, google.com, mycollegeurl.edu to mydestination.

I dont see where $mydomain is set and "echo $mydomain" gave nothing...

Any suggestions?
Reply With Quote
Sponsored Links
  #2  
Old 22nd May 2012, 16:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Did you enable "Server requires authentication" in your email client?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Nap (30th July 2012)
  #3  
Old 22nd May 2012, 17:48
CapnJoe CapnJoe is offline
Junior Member
 
Join Date: May 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes if I do that I get.
Code:
None of the authentication methods supported by this client are supported by your server.
Reply With Quote
  #4  
Old 22nd May 2012, 18:15
CapnJoe CapnJoe is offline
Junior Member
 
Join Date: May 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Some additional thoughts, this also has Dovecot ( seems to be working just fine ) MailScanner, SpamAssassin, and Procmail (Procmail is not enabled in your Postfix configuration. The configuration file /etc/postfix/main.cf must have the mailbox_command option set to /usr/bin/procmail.) installed.
Reply With Quote
  #5  
Old 23rd May 2012, 15:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Can you type

Code:
telnet localhost 25
on your server, and then, when it waits for input,

Code:
ehlo localhost
? What's the output?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 23rd May 2012, 17:43
CapnJoe CapnJoe is offline
Junior Member
 
Join Date: May 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Code:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.*HOSTDOMAIN*.com ESMTP Postfix
ehlo localhost
250-mail.*HOSTDOMAIN*.com
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Reply With Quote
  #7  
Old 24th May 2012, 14:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
 
Default

You should have lines like
Code:
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
in the output, like on http://www.howtoforge.com/virtual-us...u-12.04-lts-p4

Which guide did you use to set up the system?

Can you try to add these lines in your main.cf?

Code:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 21:01
dovecot: lda: Fatal: Unknown user dpicella Installation/Configuration 1 22nd August 2010 03:59
ftp authentication fails fooboo Installation/Configuration 34 26th March 2010 15:04
Help configure Postfix to use alt port 465 or 587 BoloMarkIII Installation/Configuration 10 16th March 2009 18:57
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 10:40


All times are GMT +2. The time now is 19:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.