Allowing SASL-Authenticated Users to Relay
Brian d'Eon
brian at deonweb.com
Thu Jan 7 19:56:05 CET 2010
Hello,
I'm having an issue allowing outside (my network) users to relay through
my Kolab server when authenticated with SASL. I have scoured the web
and not found anything unfortunately, so I'm turning to the experts :)
Internally, SASL authentication works fine, and e-mail is delivered:
Jan 07 12:32:27 mogul <info> postfix/smtpd[7162]: connect from
kramer.domain.com[192.168.2.20]
Jan 07 12:32:27 mogul <info> postfix/smtpd[7162]: setting up TLS
connection from kramer.domain.com[192.168.2.20]
Jan 07 12:32:27 mogul <info> postfix/smtpd[7162]: TLS connection
established from kramer.domain.com[192.168.2.20]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Jan 07 12:32:27 mogul <warning> postfix/cleanup[7163]: warning: database
/kolab/etc/postfix/canonical.db is older than source file
/kolab/etc/postfix/canonical
Jan 07 12:32:27 mogul <info> postfix/smtpd[7162]: 4617E1982:
client=kramer.domain.com[192.168.2.20], sasl_method=PLAIN,
sasl_username=brian at domain.com
Jan 07 12:32:27 mogul <info> postfix/cleanup[7163]: 4617E1982:
message-id=<4B461AAB.2040503 at domain.com>
Jan 07 12:32:27 mogul <info> postfix/qmgr[3845]: 4617E1982:
from=<brian at domain.com>, size=583, nrcpt=1 (queue active)
Jan 07 12:32:27 mogul <info> postfix/smtpd[7162]: disconnect from
kramer.domain.com[192.168.2.20]
When connecting from an outside network, this is the unfortunate log
entry that's driving me crazy:
Jan 07 00:05:06 mogul <info> postfix/smtpd[4348]: connect from
unknown[7.19.148.80]
Jan 07 00:05:06 mogul <info> postfix/smtpd[4348]: setting up TLS
connection from unknown[7.19.148.80]
Jan 07 00:05:08 mogul <info> postfix/smtpd[4348]: TLS connection
established from unknown[7.19.148.80]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Jan 07 00:05:09 mogul <warning> postfix/trivial-rewrite[4355]: warning:
database /kolab/etc/postfix/relocated.db is older than source file
/kolab/etc/postfix/relocated
Jan 07 00:05:09 mogul <info> postfix/smtpd[4348]: NOQUEUE: reject: RCPT
from unknown[7.19.148.80]: 554 5.7.1 <user at gmail.com>: Relay access
denied; from=<brian at domain.com> to=<user at gmail.com> proto=ESMTP
helo=<localhost>
Jan 07 00:05:39 mogul <info> postfix/smtpd[4348]: lost connection after
RCPT from unknown[7.19.148.80]
Jan 07 00:05:39 mogul <info> postfix/smtpd[4348]: disconnect from
unknown[7.19.148.80]
The appropriate section of "postconf -n" is as follows:
smtpd_client_restrictions = permit_mynetworks,
reject_unauth_destination, reject_non_fqdn_sender,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_pipelining, reject_unknown_client,
check_sender_access hash:/kolab/etc/postfix/sender_access,
check_helo_access hash:/kolab/etc/postfix/helo_access,
reject_rbl_client zen.spamhaus.org, reject_rbl_client
bl.spamcop.net, reject_rbl_client dnsbl.njabl.org,
check_client_access hash:/kolab/etc/postfix/client_access,
check_policy_service unix:private/kolabpolicy
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
reject_unlisted_recipient, reject_unknown_sender_domain,
check_policy_service unix:private/kolabpolicy
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unknown_sender_domain,
reject_unauth_pipelining, check_policy_service
unix:private/kolabpolicy
It seems as though it's not trying to authenticate with SASL when I
connect from remote. Please let me know if there's any further
information I can provide. Any insight into this would be very much
appreciated!
Thanks for your help,
Brian
More information about the users
mailing list