Problems with this tut: Virtual Users And Domains With Postfix, Courier, MySQL And Sq

Discussion in 'HOWTO-Related Questions' started by Flasher, May 30, 2010.

  1. Flasher

    Flasher New Member

    Postfix Problem: 554 5.7.1 Relay access denied

    Hi all,

    i've got an problem with this tut:
    http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-debian-lenny

    I think the SASL authentification does not work.
    I attach the main.cf, master.cf and the output of saslfinger. I hope somebody is able to give me a hind or a solution.
    If I try to send emails with a valid account I get this message:
    554 5.7.1 Relay access denied
    Thanks

    Code:
    Main.cf
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = mydomain.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    message_size_limit = 30720000
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    
    Code:
    Master.cf
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    #submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       -       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix    -    n    n    -    2    pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    Code:
    SASLFINGER
    saslfinger - postfix Cyrus sasl configuration Tue May 18 16:55:58 UTC 2010
    version: 1.0.4
    mode: server-side SMTP AUTH
    
    -- basics --
    Postfix: 2.5.5
    System: Debian GNU/Linux 5.0 \n \l
    
    -- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d10000)
    
    -- active SMTP AUTH and TLS parameters for smtpd --
    broken_sasl_auth_clients = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_use_tls = yes
    
    
    -- listing of /usr/lib/sasl2 --
    total 788
    drwxr-xr-x  2 root root  4096 May 13 15:55 .
    drwxr-xr-x 47 root root 20480 May 13 16:01 ..
    -rw-r--r--  1 root root 13476 May 24  2009 libanonymous.a
    -rw-r--r--  1 root root   855 May 24  2009 libanonymous.la
    -rw-r--r--  1 root root 13016 May 24  2009 libanonymous.so
    -rw-r--r--  1 root root 13016 May 24  2009 libanonymous.so.2
    -rw-r--r--  1 root root 13016 May 24  2009 libanonymous.so.2.0.22
    -rw-r--r--  1 root root 15814 May 24  2009 libcrammd5.a
    -rw-r--r--  1 root root   841 May 24  2009 libcrammd5.la
    -rw-r--r--  1 root root 15352 May 24  2009 libcrammd5.so
    -rw-r--r--  1 root root 15352 May 24  2009 libcrammd5.so.2
    -rw-r--r--  1 root root 15352 May 24  2009 libcrammd5.so.2.0.22
    -rw-r--r--  1 root root 46420 May 24  2009 libdigestmd5.a
    -rw-r--r--  1 root root   864 May 24  2009 libdigestmd5.la
    -rw-r--r--  1 root root 43500 May 24  2009 libdigestmd5.so
    -rw-r--r--  1 root root 43500 May 24  2009 libdigestmd5.so.2
    -rw-r--r--  1 root root 43500 May 24  2009 libdigestmd5.so.2.0.22
    -rw-r--r--  1 root root 13650 May 24  2009 liblogin.a
    -rw-r--r--  1 root root   835 May 24  2009 liblogin.la
    -rw-r--r--  1 root root 13460 May 24  2009 liblogin.so
    -rw-r--r--  1 root root 13460 May 24  2009 liblogin.so.2
    -rw-r--r--  1 root root 13460 May 24  2009 liblogin.so.2.0.22
    -rw-r--r--  1 root root 29076 May 24  2009 libntlm.a
    -rw-r--r--  1 root root   829 May 24  2009 libntlm.la
    -rw-r--r--  1 root root 28532 May 24  2009 libntlm.so
    -rw-r--r--  1 root root 28532 May 24  2009 libntlm.so.2
    -rw-r--r--  1 root root 28532 May 24  2009 libntlm.so.2.0.22
    -rw-r--r--  1 root root 13970 May 24  2009 libplain.a
    -rw-r--r--  1 root root   835 May 24  2009 libplain.la
    -rw-r--r--  1 root root 14036 May 24  2009 libplain.so
    -rw-r--r--  1 root root 14036 May 24  2009 libplain.so.2
    -rw-r--r--  1 root root 14036 May 24  2009 libplain.so.2.0.22
    -rw-r--r--  1 root root 21710 May 24  2009 libsasldb.a
    -rw-r--r--  1 root root   866 May 24  2009 libsasldb.la
    -rw-r--r--  1 root root 18080 May 24  2009 libsasldb.so
    -rw-r--r--  1 root root 18080 May 24  2009 libsasldb.so.2
    -rw-r--r--  1 root root 18080 May 24  2009 libsasldb.so.2.0.22
    -rw-r--r--  1 root root 23804 May 24  2009 libsql.a
    -rw-r--r--  1 root root   964 May 24  2009 libsql.la
    -rw-r--r--  1 root root 23312 May 24  2009 libsql.so
    -rw-r--r--  1 root root 23312 May 24  2009 libsql.so.2
    -rw-r--r--  1 root root 23312 May 24  2009 libsql.so.2.0.22
    
    -- listing of /etc/postfix/sasl --
    total 12
    drwxr-xr-x 2 root root 4096 May 17 17:13 .
    drwxr-xr-x 3 root root 4096 May 17 17:20 ..
    -rw-r--r-- 1 root root  248 May 13 16:21 smtpd.conf
    
    
    
    
    -- content of /etc/postfix/sasl/smtpd.conf --
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: --- replaced ---
    sql_passwd: --- replaced ---
    sql_database: mail
    sql_select: select password from users where email = '%u'
    
    -- content of /etc/postfix/sasl/smtpd.conf --
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: --- replaced ---
    sql_passwd: --- replaced ---
    sql_database: mail
    sql_select: select password from users where email = '%u'
    
    
    -- active services in /etc/postfix/master.cf --
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    smtp      inet  n       -       -       -       -       smtpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix    -    n    n    -    2    pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    -- mechanisms on localhost --
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    
    
    -- end of saslfinger output --
    
    
     
    Last edited: May 30, 2010
  2. falko

    falko Super Moderator

    Any errors in your mail log?
    Did you enable "Server requires authentication" in your email client?
     
  3. Flasher

    Flasher New Member

    Hi falko thanks for the quick reply,

    I will check the logfiles today.
    The option "Server requires authentication" in Outlook 2007 is enabled.
    I tried several configuration types but the error still occurs.
     
    Last edited: May 31, 2010
  4. Flasher

    Flasher New Member

    Hello again,

    mail.err is empty.
    This is the content of mail.log
    Code:
    May 31 15:48:57 i064 authdaemond: modules="authmysql", daemons=5
    May 31 15:48:57 i064 authdaemond: Installing libauthmysql
    May 31 15:48:57 i064 authdaemond: Installation complete: authmysql
    May 31 15:48:58 i064 postfix/master[2014]: daemon started -- version 2.5.5, configuration /etc/postfix
    May 31 15:50:30 i064 pop3d: LOGIN, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49341]
    May 31 15:50:30 i064 pop3d: LOGOUT, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49341], top=0, retr=0, rcvd=6, sent=30, time=0
    May 31 15:50:31 i064 postfix/smtpd[2164]: connect from mue-###-###-###-###.dsl.tropolys.de[###.###.###.###]
    May 31 15:50:31 i064 postfix/smtpd[2164]: NOQUEUE: reject: RCPT from mue-###-###-###-###.dsl.tropolys.de[###.###.###.###]: 554 5.7.1 <goal@domain.com>: Relay access denied; from=<sender@domain.com> to=<goal@domain.com> proto=ESMTP helo=<computer>
    May 31 15:50:34 i064 postfix/smtpd[2164]: disconnect from mue-###-###-###-###.dsl.tropolys.de[###.###.###.###]
    May 31 15:52:26 i064 pop3d: LOGIN, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49343]
    May 31 15:52:26 i064 pop3d: LOGOUT, user=sender@domain.com, ip=[::ffff:###.###.###.###], port=[49343], top=0, retr=0, rcvd=12, sent=39, time=0
    May 31 15:53:54 i064 postfix/anvil[2167]: statistics: max connection rate 1/60s for (smtp:###.###.###.###) at May 31 15:50:31
    May 31 15:53:54 i064 postfix/anvil[2167]: statistics: max connection count 1 for (smtp:###.###.###.###) at May 31 15:50:31
    May 31 15:53:54 i064 postfix/anvil[2167]: statistics: max cache size 1 at May 31 15:50:31
    
     
  5. falko

    falko Super Moderator

    Does the account goal@domain.com exist on the server, or is it an external mail account?
     
  6. Flasher

    Flasher New Member

  7. falko

    falko Super Moderator

    Do you use the domain of the sender address only for virtual users, or also for system users? Is the domain used in the hostname?
     
  8. zeljko

    zeljko New Member

    sasl authentification not working

    Hi all,

    I have setup mail server using this tutorial "Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)" but when I set SMTP server in e-mail client to use secure authentication I got "Login to server zm.gotdns.com failed." with those in /var/mail/mail.log :


    Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: SASL authentication failure: no secret in database
    Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: localhost.localdomain[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure
    Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: SASL authentication failure: no secret in database
    Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: localhost.localdomain[127.0.0.1]: SASL NTLM authentication failed: authentication failure
    Jun 4 10:44:35 zm postfix/smtpd[20951]: disconnect from localhost.localdomain[127.0.0.1]

    Please can you help me out with this ?

    Zeljko
     
  9. falko

    falko Super Moderator

    What's in /etc/postfix/sasl/smtpd.conf?
     
  10. zeljko

    zeljko New Member

    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: *********
    sql_passwd: ***********
    sql_database: mail
    sql_select: select password from users where email = '%u'
     
  11. zeljko

    zeljko New Member

    Falco ,

    Can you tell my what does it mean "Use secure authentication" in Thunderbird for example ... when I check this I am getting an error that mail server is not supporting secure authentication ?
     
  12. falko

    falko Super Moderator

    Does it work if you don't use secure authentication?
     
  13. zeljko

    zeljko New Member

    yes it works then now ...
     

Share This Page