Allowing authenticated users to relay via kolab postfix

Munson, Eric emunson at mgebm.net
Thu Jun 19 04:15:25 CEST 2014


On 2014-06-18 03:13, hede wrote:
> Am Tue, 17 Jun 2014 17:59:25 -0400 schrieb "Munson, Eric" 
> <emunson at mgebm.net>:
> 
>> All,
>> 
>> I am attempting to use a postfix configuration on my local desktop to
>> relay via my Kolab 3.2 install.  I have setup my sasl authentication 
>> on
>> my desktop properly (I think) but I keep getting rejected by the kolab
>> server with the message:
>> 
>> Client host rejected: Access denied (in reply to RCPT TO command)
>> 
>> On the server I see:
>> 
>> NOQUEUE: reject: RCPT from my.external.domain.net[X.X.X.X]: 554 5.7.1
>> <my.external.domain.net[X.X.X.X]>: Client host rejected: Access 
>> denied;
>> from=<me at mydomain.net> to=<me at mydomain.net> proto=ESMTP
>> helo=<desktopname>
>> 
>> What am I doing wrong?
> 
> With "to=<me at mydomain.net>" it seems not even related to relaying.
> The error would be "Relay access denied".
> 
> Do you use Blacklists? Maybe the blacklist kicks in before accepting
> authorised connections? (see submission_sender_restrictions or
> smtpd_sender_restrictions)
> 
> Btw: Do you use the submission (587) port or smtp (25) for client
> connections? AFAIK relaying via port 25 is prohibited by default.
> 
> I would try to test if it's a client or server side configuration
> problem via telnet/openssl. But I don't know how to do this
> from Windows, in case it's a Windows client...
> 
> regards
> hede
> 
> 
> (((( Testing smtp connections via command line:
> 
> perl -MMIME::Base64 -e 'print 
> encode_base64("\000[username]\000[password]")'
> openssl s_client -starttls smtp -crlf -connect [mailserverdomain]:587
> 
> """"
> EHLO testing
> AUTH PLAIN [perl-output-here]
> MAIL FROM: [authorized_user at domain]
> RCPT TO: [someothermail]
> DATA
> From: [authorized_user at domain]
> To: [someothermail]
> Subject: testing
> 
> testing
> .
> """"
> 
> ))))
> 

I must be doing something wrong when trying to test:

250 DSN
EHLO testing
250-mail.mydomain.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN sometextoutputfromperl
235 2.7.0 Authentication successful
MAIL FROM: me at mydomain.net
250 2.1.0 Ok
RCPT TO: admin at mydomain.net
RENEGOTIATING
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN 
= AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
DATA
554 5.5.1 Error: no valid recipients

I am not sure what all that means.  I am especially confused about the 
verify error:num=19:self signed certificate in certificate chain bit as 
I have a certificate singe by a CA and I think it is all setup properly.

Eric


More information about the users mailing list