Hello Everyone! First off, would love to say Thanks to everyone here at HowToForge! I have been a fan for a long time now and love the tutorials that are one here! This is the first time I have ever encountered an issue that I have been unable to solve by using the Tutorials and postings in the forum. Here is my issue. I have followed a number of tutorials to get my CentOS 5.4 32-bit up and running with Postfix and Dovecot using MySQL for virtual users and domains. I have everything working flawlessly (receiving emails from outside sources to my virtual users and domains and sending emails from localhost out to outside domains) except for sending email from non-trusted (anything other than localhost is untrusted). I keep getting: Code: Apr 10 14:13:26 srv postfix/smtpd[21895]: NOQUEUE: reject: RCPT from <MYISPDomain>[<MYISP-IPAddress>]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DESKTOP-PC> I am using Postfix, Cyrus-SASL, Dovecot, Amavisd, MySQL: Code: Installed Packages: amavisd-new.i386 2.6.4-4.el5.rf installed cyrus-sasl.i386 2.1.22-5.el5_4.3 installed cyrus-sasl-devel.i386 2.1.22-5.el5_4.3 installed cyrus-sasl-gssapi.i386 2.1.22-5.el5_4.3 installed cyrus-sasl-lib.i386 2.1.22-5.el5_4.3 installed cyrus-sasl-md5.i386 2.1.22-5.el5_4.3 installed cyrus-sasl-plain.i386 2.1.22-5.el5_4.3 installed cyrus-sasl-sql.i386 2.1.22-5.el5_4.3 installed dovecot.i386 1.0.7-7.el5 installed mysql.i386 5.0.77-4.el5_5.5 installed mysql-devel.i386 5.0.77-4.el5_5.5 installed mysql-server.i386 5.0.77-4.el5_5.5 installed postfix.i386 2:2.3.3-2.1 installed Here is my postconf output: Code: [[email protected] named]# postconf -a cyrus dovecot Code: [[email protected] named]# postconf -A cyrus Code: [[email protected] named]# postconf -m btree cidr environ hash ldap mysql nis pcre proxy regexp static unix Code: [[email protected] named]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailbox_command = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = srv.local-example.com mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES receive_override_options = no_address_mappings sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = mail.local-example.com ESMTP smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_uid_maps = static:150 Here is my Dovecot config: Code: [[email protected] named]# dovecot -n # 1.0.7: /etc/dovecot.conf verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: mail.local-example.com - Ready first_valid_uid: 150 mail_location: maildir:/var/vmail/%d/%n mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: mechanisms: plain login user: vmail verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /etc/dovecot-mysql.conf userdb: driver: sql args: /etc/dovecot-mysql.conf userdb: driver: prefetch socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mail Here is what happens when you telnet to the SMTP port: Code: [[email protected] named]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.local-example.com ESMTP EHLO localhost 250-mail.local-example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. Here is the maillog output from start to finish of when sending an email from my Client Winblows Outlook client ([email protected]mple.com is my email account on the server which works when sent from a trusted network, and [email protected] is the account on an outside provider i.e. gmail.com): Code: Apr 10 14:30:17 srv dovecot: auth(default): new auth connection: pid=26561 Apr 10 14:30:18 srv dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=POP3#011secured#011lip=::ffff:<SERVER_IP_HERE>#011rip=::ffff:<CLIENT_IP_HERE>#011resp=<SERVER_RESP_KEY_HERE> Apr 10 14:30:18 srv dovecot: auth-worker(default): sql([email protected],::ffff:<CLIENT_IP_HERE>): query: SELECT username, password FROM mailbox WHERE username = '[email protected]' Apr 10 14:30:18 srv dovecot: auth(default): client out: OK#0111#[email protected]#[email protected] Apr 10 14:30:18 srv dovecot: auth(default): master in: REQUEST#01118#01124454#0111 Apr 10 14:30:18 srv dovecot: auth-worker(default): sql([email protected],::ffff:<CLIENT_IP_HERE>): SELECT '/var/vmail/local-example.com/user' as home, 'maildir:/var/vmail/local-example.com/user' as mail, 150 AS uid, 12 AS gid, concat('dirsize:storage=',quota) AS quota FROM mailbox WHERE username ='[email protected]' AND active ='1' Apr 10 14:30:18 srv dovecot: POP3([email protected]): Effective uid=150, gid=12 Apr 10 14:30:18 srv dovecot: POP3([email protected]): maildir: data=/var/vmail/local-example.com/user Apr 10 14:30:18 srv dovecot: POP3([email protected]): maildir: root=/var/vmail/local-example.com/user, index=/var/vmail/local-example.com/user, control=, inbox= Apr 10 14:30:18 srv dovecot: auth(default): master out: USER#01118#[email protected]#011home=/var/vmail/local-example.com/user#011mail=maildir:/var/vmail/local-example.com/user#011uid=150#011gid=12#011quota=dirsize:storage=0 Apr 10 14:30:18 srv dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=::ffff:<CLIENT_IP_HERE>, lip=::ffff:<SERVER_IP_HERE>, TLS Apr 10 14:30:18 srv dovecot: POP3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 10 14:30:18 srv dovecot: auth(default): new auth connection: pid=26565 Apr 10 14:30:19 srv postfix/smtpd[26565]: connect from <CLIENT_DNS_HERE>[<CLIENT_IP_HERE>] Apr 10 14:30:19 srv postfix/smtpd[26565]: setting up TLS connection from <CLIENT_DNS_HERE>[<CLIENT_IP_HERE>] Apr 10 14:30:19 srv postfix/smtpd[26565]: TLS connection established from <CLIENT_DNS_HERE>[<CLIENT_IP_HERE>]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 10 14:30:19 srv postfix/smtpd[26565]: NOQUEUE: reject: RCPT from <CLIENT_DNS_HERE>[<CLIENT_IP_HERE>]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DESKTOP> Apr 10 14:30:22 srv postfix/smtpd[26565]: disconnect from <CLIENT_DNS_HERE>[<CLIENT_IP_HERE>] Here is a listing of permissions of the postfix directory: Code: [[email protected] postfix]# pwd /var/spool/postfix [[email protected] postfix]# ls -lh total 56K drwx------ 2 postfix root 4.0K Apr 10 13:11 active drwx------ 2 postfix root 4.0K Apr 10 04:46 bounce drwx------ 2 postfix root 4.0K Mar 27 15:03 corrupt drwx------ 5 postfix root 4.0K Apr 7 14:49 defer drwx------ 5 postfix root 4.0K Apr 7 14:49 deferred drwx------ 2 postfix root 4.0K Mar 27 15:03 flush drwx------ 2 postfix root 4.0K Mar 27 15:03 hold drwx------ 2 postfix root 4.0K Apr 10 13:11 incoming drwx-wx--- 2 postfix postdrop 4.0K Apr 9 15:53 maildrop drwxr-xr-x 2 root root 4.0K Apr 9 16:27 pid drwx------ 2 postfix root 4.0K Apr 10 14:06 private drwx--x--- 2 postfix postdrop 4.0K Apr 10 10:47 public drwx------ 2 postfix root 4.0K Mar 27 15:03 saved drwx------ 2 postfix root 4.0K Mar 27 15:03 trace [[email protected] postfix]# cd private/ [[email protected] private]# pwd /var/spool/postfix/private [[email protected] private]# ls -lh total 0 srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 amavis srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 anvil srw-rw---- 1 postfix mail 0 Apr 10 14:06 auth srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 bounce srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 bsmtp srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 cyrus srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 defer srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 discard srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 error srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 ifmail srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 lmtp srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 local srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 maildrop srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 old-cyrus srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 proxymap srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 relay srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 rewrite srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 scache srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 smtp srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 tlsmgr srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 trace srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 uucp srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 verify srw-rw-rw- 1 postfix postfix 0 Apr 10 10:47 virtual As stated previously, everything works except for the SMTP AUTH from a host from an untrusted network. No errors show up anywhere that I have found. If anybody can help, it would be greatly appreciated. I have a feeling I missed a small config setting for SASL in /etc/postfix/main.cf, but, for the life in my I haven't found it. Thanks.
Also, I just wanted to point out, if I add my client IP address to the trusted networks I have no problem and can send/receive email without any issues so the problem must have to do with postfix doing the SASL to Dovecot.
Ahh, this has really got me boggled. When I telnet in, I can authenticate using AUTH PLAIN, but, still get the relay access denied error.... Code: [[email protected] named]# telnet mail.local-example.com 25 Connected to mail.local-example.com (xxx.xxx.xxx.xxx). Escape character is '^]'. 220 mail.local-example.com ESMTP EHLO remote-client-example.com 250-mail.local-example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN <CREDENTIALS_HERE_IN_BASE64> 235 2.0.0 Authentication successful mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] 554 5.7.1 <[email protected]>: Relay access denied quit 221 2.0.0 Bye Connection closed by foreign host. With the following result in the maillog: Code: Apr 10 17:26:44 srv postfix/smtpd[17984]: connect from <CLIENT_DNS_ADDRESS>[<CLIENT_IP_ADDRESS>] Apr 10 17:26:51 srv dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=smtp#011resp=<CREDENTIALS_IN_BASE64> Apr 10 17:26:51 srv dovecot: auth-worker(default): sql([email protected]): query: SELECT username, password FROM mailbox WHERE username = '[email protected]' Apr 10 17:26:51 srv dovecot: auth(default): client out: OK#0111#[email protected]#[email protected] Apr 10 17:27:03 srv postfix/smtpd[17984]: NOQUEUE: reject: RCPT from <CLIENT_DNS_ADDRESS>[<CLIENT_IP_ADDRESS>]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto ESMTP helo=<client.client-example.com> Apr 10 17:27:04 srv postfix/smtpd[17984]: disconnect from <CLIENT_DNS_ADDRESS>[<CLIENT_IP_ADDRESS>]
!!resolved!! Ahhhh, well after a few days of troubleshooting I have FINALLY found the problem!!! When I copied/pasted from Falko's excellent tutorial I must have made an error when inserting as I inserted: Code: smtpd_recipient_restriction = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination and misspelled smtpd_recipient_restrictions leaving out the "S" as indicated above. I changed it to the following and everything worked as expected: Code: smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination The tutorials with excellent, however, I got hit with a violent case of "PEBKAC" !!! Funny thing is, no errors were presented stating an incorrect setting. I ran: Code: postfix check which also reported nothing.
If you use an SSH client such as PuTTY, you can copy & paste from the tutorial. This helps avoiding typos.
Thanks. Actually I did use PuTTy. However, I was copying & pasting from several different tutorials (from CentOS, to Debian, to Ubuntu, etc) to get my setup up and running that somewhere along the line that particular line got edited and input incorrectly. Hmm, maybe I should submit a tutorial on this this particular setup as they are hard to come by these days. I noticed Falko that you used to use Dovecot previously but switched to Courier. Any particular reason for this? Is there features Courier provides that Dovecot does not? or is it because you found Courier easier to integrate into ISPConfig? (which is a great product by the way, I use it for a couple of my other virtual servers that I host end-user stuff on).
Courier integrates better with ISPConfig. If you use Dovecot, there will be no mail traffic statistics. (But apart from that, both Courier and Dovecot work great!)
