Kolab 16: Problems after Update

Jason Spangler jason.spangler at descendentstudios.com
Thu Jul 7 00:13:11 CEST 2016 

We experienced the same issue after the update and ended up configuring 
the same hack to get our users able to send email.

The update was from CentOS packages for kolab-16.0.1-3.3 to 
kolab-16.0.1-3.4 :
May 24 19:20:45 Updated: kolab-16.0.1-3.3.el7.kolab_16.x86_64
Jul 06 04:33:40 Updated: kolab-16.0.1-3.4.el7.kolab_16.x86_64

Related postfix config:

/etc/postfix/main.cf:
smtpd_sender_restrictions = permit_mynetworks, check_policy_service 
unix:private/sender_policy_incoming

/etc/postfix/master.cf:
sender_policy_incoming unix     -       n       n       - -       spawn
     user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy 
--verify-sender --allow-unauthenticated

I'd guess we need to enable logging in kolab_smtp_access_policy to see 
why something down the chain is failing, but I don't see how.

Paul Ryszka wrote:
> Hi,
>
> same here on ubuntu 14.04 with kolab winterfell, temporary workaround is
> to disable sender policy:
> comment line
>    -o smtpd_data_restrictions=$submission_data_restrictions
>
> under submissions section in /etc/postfix/master.cf
> but that allows to send any user with any email which might be a
> security concern.
>
> Best Regards
> Paul
>
> On 05/07/16 07:20, Roland Kolb (IBU) wrote:
> >//>>/Hello, />>//>>/since the last update (4 Jul 2016) I can't send any mails from my />>/Kolab-Server (Kolab 16 on Centos 7). My postfix-Version is: />>/postfix.x86_64 2:2.10.1-6.el7 />>//>>/When I try to send a mail from the web client I found the following />>/message in maillog: reject: DATA from localhost[::1]: 554 5.7.1 />>/<DATA>: Data command rejected: Sender access denied; />>//>>/When I try to send a mail from the client (i.e. Thunderbird) I found />>/the following message in maillog: NOQUEUE: reject: RCPT from />>/business-176-094-009-211.static.arcor-ip.net />>/<http://business-176-094-009-211.static.arcor-ip.net 
> <http://business-176-094-009-211.static.arcor-ip.net/>>[xxx.xxx.xxx.xxx]: 
> />>/554 5.7.1 <Roland.Kolb at xxxx.xxxx 
> <https://lists.kolab.org/mailman/listinfo/users>>: Relay access denied; />>/from=<roland.kolb at yyy.yyy 
> <https://lists.kolab.org/mailman/listinfo/users>> to=<Roland.Kolb at 
> xxxx.xxxx <https://lists.kolab.org/mailman/listinfo/users>> proto=ESMTP />>/helo=<[192.168.2.102]> />>//>>/For a testing purpose to solve the problem I changed the parameters />>/smtpd_recipient_restrictions, submission_sender_restrictions and />>/smtpd_sender_restrictions to permit_mynetworks. No success />>//>>/My configuration is: />>//>>/smtpd_tls_auth_only = yes />>/transport_maps = ldap:/etc/postfix/ldap/transport_maps.cf, />>/hash:/etc/postfix/transport />>/content_filter = smtp-amavis:[127.0.0.1]:10024 />>/recipient_delimiter = + />>/smtpd_tls_key_file = /etc/pki/tls/private/localhost.pem />>/smtpd_sender_login_maps = $local_recipient_maps />>/local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf />>/virtual_alias_maps = $alias_maps, />>/ldap:/etc/postfix/ldap/virtual_alias_maps.cf, />>/ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, />>/ldap:/etc/postfix /ldap/virtual_alias_maps_sharedfolders.cf, />>/ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, />>/ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf />>/submission_sender_restrictions = reject_non_fqdn_sender, />>/check_policy_service unix:private/submission_policy, />>/permit_sasl_authenticated, reject />>/submission_recipient_restrictions = check_policy_service />>/unix:private/submission_policy, permit_sasl_authenticated, reject />>/smtpd_recipient_restrictions = permit_mynetworks, />>/permit_sasl_authenticated, reject_unauth_pipelining, />>/reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org 
> <http://zen.spamhaus.org/>>, />>/reject_non_fqdn_recipient, reject_invalid_helo_hostname, />>/reject_unknown_recipient_domain, reject_unauth_destination, />>/check_policy_service unix:private/recipient_policy_incoming, permit />>//>>/smtp_tls_security_level = may />>/submission_data_restrictions = check_policy_service />>/unix:private/submission_policy />>/smtpd_tls_cert_file = /etc/pki/tls/private/localhost.pem />>/smtpd_tls_security_level = may />>/smtpd_sasl_auth_enable = yes />>/smtpd_sender_restrictions = permit_mynetworks, check_policy_service />>/unix:private/sender_policy_incoming />>//>>/Has somebody any idea? />>//>>/Thanks in advance />>//>>/Roland />>//>>//>>//>>/Roland />>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20160706/c4db730f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3877 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20160706/c4db730f/attachment.p7s>

More information about the users mailing list