<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
We experienced the same issue after the update and ended up
configuring the same hack to get our users able to send email.<br>
<br>
The update was from CentOS packages for kolab-16.0.1-3.3 to
kolab-16.0.1-3.4 :<br>
May 24 19:20:45 Updated: kolab-16.0.1-3.3.el7.kolab_16.x86_64<br>
Jul 06 04:33:40 Updated: kolab-16.0.1-3.4.el7.kolab_16.x86_64<br>
<br>
Related postfix config:<br>
<br>
/etc/postfix/main.cf:<br>
smtpd_sender_restrictions = permit_mynetworks, check_policy_service
unix:private/sender_policy_incoming<br>
<br>
/etc/postfix/master.cf:<br>
sender_policy_incoming unix - n n -
- spawn<br>
user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy
--verify-sender --allow-unauthenticated<br>
<br>
I'd guess we need to enable logging in kolab_smtp_access_policy to
see why something down the chain is failing, but I don't see how.<br>
<br>
Paul Ryszka wrote: <br>
<blockquote type="cite">
<pre style="white-space: pre-wrap; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;">Hi,
same here on ubuntu 14.04 with kolab winterfell, temporary workaround is
to disable sender policy:
comment line
-o smtpd_data_restrictions=$submission_data_restrictions
under submissions section in /etc/postfix/master.cf
but that allows to send any user with any email which might be a
security concern.
Best Regards
Paul
On 05/07/16 07:20, Roland Kolb (IBU) wrote:
><i>
</i>>><i> Hello,
</i>>><i>
</i>>><i> since the last update (4 Jul 2016) I can't send any mails from my
</i>>><i> Kolab-Server (Kolab 16 on Centos 7). My postfix-Version is:
</i>>><i> postfix.x86_64 2:2.10.1-6.el7
</i>>><i>
</i>>><i> When I try to send a mail from the web client I found the following
</i>>><i> message in maillog: reject: DATA from localhost[::1]: 554 5.7.1
</i>>><i> <DATA>: Data command rejected: Sender access denied;
</i>>><i>
</i>>><i> When I try to send a mail from the client (i.e. Thunderbird) I found
</i>>><i> the following message in maillog: NOQUEUE: reject: RCPT from
</i>>><i> business-176-094-009-211.static.arcor-ip.net
</i>>><i> <<a href="http://business-176-094-009-211.static.arcor-ip.net/">http://business-176-094-009-211.static.arcor-ip.net</a>>[xxx.xxx.xxx.xxx]:
</i>>><i> 554 5.7.1 <<a href="https://lists.kolab.org/mailman/listinfo/users">Roland.Kolb at xxxx.xxxx</a>>: Relay access denied;
</i>>><i> from=<<a href="https://lists.kolab.org/mailman/listinfo/users">roland.kolb at yyy.yyy</a>> to=<<a href="https://lists.kolab.org/mailman/listinfo/users">Roland.Kolb at xxxx.xxxx</a>> proto=ESMTP
</i>>><i> helo=<[192.168.2.102]>
</i>>><i>
</i>>><i> For a testing purpose to solve the problem I changed the parameters
</i>>><i> smtpd_recipient_restrictions, submission_sender_restrictions and
</i>>><i> smtpd_sender_restrictions to permit_mynetworks. No success
</i>>><i>
</i>>><i> My configuration is:
</i>>><i>
</i>>><i> smtpd_tls_auth_only = yes
</i>>><i> transport_maps = <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap/transport_maps.cf">ldap:/etc/postfix/ldap/transport_maps.cf</a>,
</i>>><i> hash:/etc/postfix/transport
</i>>><i> content_filter = smtp-amavis:[127.0.0.1]:10024
</i>>><i> recipient_delimiter = +
</i>>><i> smtpd_tls_key_file = /etc/pki/tls/private/localhost.pem
</i>>><i> smtpd_sender_login_maps = $local_recipient_maps
</i>>><i> local_recipient_maps = <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap/local_recipient_maps.cf">ldap:/etc/postfix/ldap/local_recipient_maps.cf</a>
</i>>><i> virtual_alias_maps = $alias_maps,
</i>>><i> <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap/virtual_alias_maps.cf">ldap:/etc/postfix/ldap/virtual_alias_maps.cf</a>,
</i>>><i> <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf">ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf</a>,
</i>>><i> <a class="moz-txt-link-freetext" href="ldap:/etc/postfix">ldap:/etc/postfix</a> /ldap/virtual_alias_maps_sharedfolders.cf,
</i>>><i> <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap/mailenabled_distgroups.cf">ldap:/etc/postfix/ldap/mailenabled_distgroups.cf</a>,
</i>>><i> <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf">ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf</a>
</i>>><i> submission_sender_restrictions = reject_non_fqdn_sender,
</i>>><i> check_policy_service unix:private/submission_policy,
</i>>><i> permit_sasl_authenticated, reject
</i>>><i> submission_recipient_restrictions = check_policy_service
</i>>><i> unix:private/submission_policy, permit_sasl_authenticated, reject
</i>>><i> smtpd_recipient_restrictions = permit_mynetworks,
</i>>><i> permit_sasl_authenticated, reject_unauth_pipelining,
</i>>><i> reject_rbl_client zen.spamhaus.org <<a href="http://zen.spamhaus.org/">http://zen.spamhaus.org</a>>,
</i>>><i> reject_non_fqdn_recipient, reject_invalid_helo_hostname,
</i>>><i> reject_unknown_recipient_domain, reject_unauth_destination,
</i>>><i> check_policy_service unix:private/recipient_policy_incoming, permit
</i>>><i>
</i>>><i> smtp_tls_security_level = may
</i>>><i> submission_data_restrictions = check_policy_service
</i>>><i> unix:private/submission_policy
</i>>><i> smtpd_tls_cert_file = /etc/pki/tls/private/localhost.pem
</i>>><i> smtpd_tls_security_level = may
</i>>><i> smtpd_sasl_auth_enable = yes
</i>>><i> smtpd_sender_restrictions = permit_mynetworks, check_policy_service
</i>>><i> unix:private/sender_policy_incoming
</i>>><i>
</i>>><i> Has somebody any idea?
</i>>><i>
</i>>><i> Thanks in advance
</i>>><i>
</i>>><i> Roland
</i>>><i>
</i>>><i>
</i>>><i>
</i>>><i> Roland
</i>>></pre>
</blockquote>
<br>
</body>
</html>