Postfix saslauthd smtp authentication relay access denied problem

Discussion in 'Server Operation' started by rajshardel, Jul 18, 2012.

  1. rajshardel

    rajshardel New Member

    We have Centos 6 os , webmin, Linux Apache, myssql, Postfix, Dovecot, squirrelmail installed.

    We cannot receive mail in webmin from gmail when we insert saslauthd enable lines in webmin postfix config and cannot send or receive mail from outlook which hangs. But when we remove saslauthd enable from webmin postfix config file we can send mail to gmail or to internal users from webmin but we get relay access denied error from outlook to gmail.

    outlook accepts incoming outgoing server with pop setting jobseasily.com and smtp setting jobseasily.com but rejects settings mail.jobseasily.com although my hostname is mail.jobseasily.com and MX mail server DNS record is mail.jobseasily.com and A record is mail.jobseasily.com.

    My smtp port 25 is open and also pop port 110 amd IMAP 143 and IMAPS 993 and POP3S 995

    Postfix , Dovecot, saslauthd restart show OK at terminal. But Clearly there is a problem in saslauthpd configuration and relay access denied as otherwise I can send and receive mail from gmail.



    At teminal we get

    [root@jobseasily ~]# telnet server.jobseasily.com 25
    Trying 50.56.223.225...
    telnet: connect to address 50.56.223.225: Connection refused
    telnet: Unable to connect to remote host: Connection refused
    [root@jobseasily ~]# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    Connection closed by foreign host.
    [root@jobseasily ~]# /etc/init.d/postfix restart
    Shutting down postfix: [ OK ]
    Starting postfix: ^[[A [ OK ]
    [root@jobseasily ~]# /etc/init.d/dovecot restart
    Stopping Dovecot Imap: [ OK ]
    Starting Dovecot Imap: [ OK ]
    [root@jobseasily ~]# /etc/init.d/saslauthd restart
    Stopping saslauthd: [ OK ]
    Starting saslauthd: [ OK ]
    [root@jobseasily ~]#

    ________________________________

    saslauthd started with great difficulty as we did not have /etc/default/saslauthd and apt-get install libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql packages could not be found. We created /etc/default/saslauthd file and inserted the following:

    START=yes
    PWDIR="/var/spool/postfix/var/run/saslauthd"
    PARAMS="-m ${PWDIR}"
    PIDFILE="${PWDIR}/saslauthd.pid"
    MECHANISMS="pam"
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

    __________________________________________________________

    We could not adduser postfix sasl from terminal so we entered postfix user in group sasl from webmin and now saslauthd process has started

    ___________________________________________________________________

    #postfic configuration

    myhostname = mail.jobseasily.com
    mydomain = jobseasily.com
    myorigin = $mydomain
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, /etc/postfix/virtual/domains
    virtual_maps = hash:/etc/postfix/virtual/addresses
    mynetworks = 192.168.0.0/24, 127.0.0.0/8
    relay_domains =
    home_mailbox = Maildir/
    mail_owner = postfix
    daemon_directory = /usr/libexec/postfix
    command_directory = /usr/sbin
    queue_directory = /var/spool/postfix
    config_directory = /usr/etc/postfix
    smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination permit_inet_interfaces
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain = jobseasily.com
    broken_sasl_auth_clients = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    #Dovecot conf file

    base_dir = /var/run/dovecot/
    protocols = imap imaps pop3 pop3s
    protocol imap {
    listen = *
    ssl_listen = *

    }
    protocol pop3 {
    listen = *
    }
    listen = [::]
    disable_plaintext_auth = no
    ssl_disable = yes
    mail_location = maildir:~/Maildir
    protocol imap {
    }
    protocol pop3 {
    pop3_uidl_format = %08Xu%08Xv
    }
    protocol lda {
    postmaster_address = postmaster@jobseasily.com
    }
    auth default {
    mechanisms = plain login
    passdb pam {
    }
    userdb passwd {
    }
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }
    }
    }

    _______________________________________________

    Mail logs are as below:

    Jul 18 06:26:41 jobseasily postfix/qmgr[559]: 759C76A3F4: from=<rajeev@jobseasily.com>, size=592, nrcpt=1 (queue active)
    Jul 18 06:26:42 jobseasily postfix/smtp[1022]: connect to gmailcom.jobseasily.com[50.56.223.225]: Connection refused (port 25)
    Jul 18 06:26:42 jobseasily postfix/smtp[1022]: 759C76A3F4: to=<rajshardel@gmailcom.jobseasily.com>, orig_to=<rajshardel@gmailcom>, relay=none, delay=306035, delays=306034/0.02/1.1/0, dsn=4.4.1, status=deferred (connect to gmailcom.jobseasily.com[50.56.223.225]: Connection refused)
    Jul 18 07:16:41 jobseasily postfix/qmgr[559]: 8ED7E6A3A4: from=<rajeev@jobseasily.com>, size=579, nrcpt=1 (queue active)
    Jul 18 07:16:41 jobseasily postfix/smtp[1580]: connect to jobseasiy.com[50.56.223.225]: Connection refused (port 25)
    Jul 18 07:16:41 jobseasily postfix/smtp[1580]: 8ED7E6A3A4: to=<rajeev@jobseasiy.com>, relay=none, delay=320038, delays=320037/0.02/0.6/0, dsn=4.4.1, status=deferred (connect to jobseasiy.com[50.56.223.225]: Connection refused)
    Jul 18 07:33:21 jobseasily postfix/qmgr[559]: 759C76A3F4: from=<rajeev@jobseasily.com>, size=592, nrcpt=1 (queue active)
    Jul 18 07:33:22 jobseasily postfix/smtp[1784]: connect to gmailcom.jobseasily.com[50.56.223.225]: Connection refused (port 25)
    Jul 18 07:33:22 jobseasily postfix/smtp[1784]: 759C76A3F4: to=<rajshardel@gmailcom.jobseasily.com>, orig_to=<rajshardel@gmailcom>, relay=none, delay=310035, delays=310034/0.02/0.74/0, dsn=4.4.1, status=deferred (connect to gmailcom.jobseasily.com[50.56.223.225]: Connection refused)
    ________________________________________________________________

    output of netstat -tap?

    [root@jobseasily ~]# netstat -tap?
    usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
    netstat [-vnNcaeol] [<Socket> ...]
    netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]

    -r, --route display routing table
    -I, --interfaces=[<Iface>] display interface table for <Iface>
    -i, --interfaces display interface table
    -g, --groups display multicast group memberships
    -s, --statistics display networking statistics (like SNMP)
    -M, --masquerade display masqueraded connections

    -v, --verbose be verbose
    -n, --numeric don't resolve names
    --numeric-hosts don't resolve host names
    --numeric-ports don't resolve port names
    --numeric-users don't resolve user names
    -N, --symbolic resolve hardware names
    -e, --extend display other/more information
    -p, --programs display PID/Program name for sockets
    -c, --continuous continuous listing

    -l, --listening display listening server sockets
    -a, --all, --listening display all sockets (default: connected)
    -o, --timers display timers
    -F, --fib display Forwarding Information Base (default)
    -C, --cache display routing cache instead of FIB
    -T, --notrim stop trimming long addresses
    -Z, --context display SELinux security context for sockets

    <Iface>: Name of interface to monitor/list.
    <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
    <AF>=Use '-A <af>' or '--<af>'; default: inet
    List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
    x25 (CCITT X.25)
    [root@jobseasily ~]#

    _______________________________________________________________________



    Can someone help

    Rajeev
     

Share This Page