Problem mit relay access denied

Chris Westerfield westerfield.chris at outlook.de
Mi Jul 15 14:22:20 CEST 2015


Hab meine Konfiguration mehrfach überprüft aber ich finde den Fehler einfach nicht.
Oder ich bin blind.

Hier erstmal die Postfix Config:

# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix

# mailq_path: The full pathname of the Postfix mailq command.  This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix

# setgid_group: The group for mail submission and queue management
# commands.  This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop

# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no

# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.10.1/samples

# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_tls_auth_only = no
transport_maps = ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport
content_filter = smtp-amavis:[127.0.0.1]:10024
recipient_delimiter = +
smtpd_tls_key_file = /etc/pki/tls/private/localhost.pem
smtpd_sender_login_maps = $local_recipient_maps
local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf
virtual_alias_maps = $alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf
submission_sender_restrictions = reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject
submission_recipient_restrictions = check_policy_service unix:private/submission_policy, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit_sasl_authenticated, permit
#check_policy_service unix:/var/spool/postfix/postgrey/socket
smtp_tls_security_level = may
submission_data_restrictions = check_policy_service unix:private/submission_policy
#smtpd_tls_cert_file = /etc/pki/tls/private/localhost.pem
smtpd_tls_cert_file = /etc/ssl/actindo/bundle.pem
smtpd_tls_key_file = /etc/ssl/actindo/server.key
smtpd_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks, check_policy_service unix:private/sender_policy_incoming, permit_sasl_authenticated
smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol         = 2

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination


Eigentlich so weit Standard, außer das postgrey vor bereitet wurde.

swaks output:
=== Connected to comm.actindo.de.
<-  220 hostBox ESMTP Postfix
-> EHLO testBox
<-  250-hostBox
<-  250-PIPELINING
<-  250-SIZE 10240000
<-  250-VRFY
<-  250-ETRN
<-  250-STARTTLS
<-  250-AUTH PLAIN LOGIN
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250 DSN
-> AUTH LOGIN
<-  334 xxxxx xxxxx xxxxx xxxxx xxxxx
-> xxxxx xxxxx xxxxx xxxxx xxxxx ==
<-  334 xxxxx xxxxx xxxxx xxxxx xxxxx xxxxx xxxxx
-> xxxxx xxxxx xxxxx xxxxx xxxxx xxxxx =
<-  235 2.7.0 Authentication successful
-> MAIL FROM:< xxxxx xxxxx xxxxx@ xxxxx xxxxx
<-  250 2.1.0 Ok
-> RCPT TO:< xxxxx xxxxx xxxxx xxxxx at gmail.com>
<** 554 5.7.1 < xxxxx xxxxx xxxxx xxxxx at gmail.com>: Relay access denied
-> QUIT
<-  221 2.0.0 Bye

Das einzige was ich in den Logs finde ist folgender Auszug (nachdem ich Postfix auf verbose gesetzt habe:


maillog:
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: sendingClient: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: 0.0.0.0: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=permit_mynetworks status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=permit_sasl_authenticated
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: permit_sasl_authenticated: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=permit_sasl_authenticated status=1
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: >>> END Recipient address RESTRICTIONS <<<
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: >>> START Recipient address RESTRICTIONS <<<
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=permit_mynetworks
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: permit_mynetworks: sendingClient 0.0.0.0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? 127.0.0.0/8
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? 127.0.0.0/8
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? 46.252.24.0/24
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? 46.252.24.0/24
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? [::1]/128
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? [::1]/128
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? [fe80::]/64
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? [fe80::]/64
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: sendingClient: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: 0.0.0.0: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=permit_mynetworks status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_unauth_pipelining
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_unauth_pipelining: RCPT
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_unauth_pipelining status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_rbl_client
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_rbl_addr: Client host 0.0.0.0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_query: 230.173.120.37.zen.spamhaus.org (A): Host not found
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: ctable_locate: install entry key 230.173.120.37.zen.spamhaus.org
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_rbl_client status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_non_fqdn_recipient
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_non_fqdn_address: receiver at gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_non_fqdn_recipient status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_invalid_helo_hostname
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_invalid_hostname: sendingClient
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_invalid_helo_hostname status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_unknown_recipient_domain
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_unknown_address: receiver at gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: ctable_locate: leave existing entry key receiver at gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_unknown_mailhost: gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: lookup gmail.com type MX flags 0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_query: gmail.com (MX): OK
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_get_answer: type MX for gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_get_answer: type MX for gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_get_answer: type MX for gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_get_answer: type MX for gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: dns_get_answer: type MX for gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_unknown_recipient_domain status=0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_unauth_destination
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: reject_unauth_destination: receiver at gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: permit_auth_destination: receiver at gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: ctable_locate: leave existing entry key receiver at gmail.com
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: NOQUEUE: reject: RCPT from sendingClient[0.0.0.0]: 554 5.7.1 <receiver at gmail.com>: Relay access denied; from=<sender at gmail.com> to=<receiver at gmail.com> proto=ESMTP helo=<sendingClient>
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: generic_checks: name=reject_unauth_destination status=2
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: >>> END Recipient address RESTRICTIONS <<<
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: report recipient to all milters (flags=0x1)
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: > sendingClient[0.0.0.0]: 554 5.7.1 <receiver at gmail.com>: Relay access denied
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: < sendingClient[0.0.0.0]: QUIT
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: > sendingClient[0.0.0.0]: 221 2.0.0 Bye
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? 127.0.0.0/8
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? 127.0.0.0/8
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? 46.252.24.0/24
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? 46.252.24.0/24
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? [::1]/128
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? [::1]/128
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostname: sendingClient ~? [fe80::]/64
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_hostaddr: 0.0.0.0 ~? [fe80::]/64
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: sendingClient: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: match_list_match: 0.0.0.0: no match
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: send attr request = disconnect
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: send attr ident = smtp:0.0.0.0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: private/anvil: wanted attribute: status
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: input attribute name: status
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: input attribute value: 0
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: private/anvil: wanted attribute: (list terminator)
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: input attribute name: (end)
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: abort all milters
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: milter8_abort: abort milter inet:127.0.0.1:8891
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: abort all milters
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: milter8_abort: abort milter inet:127.0.0.1:8891
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: disconnect event to all milters
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: milter8_disc_event: quit milter inet:127.0.0.1:8891
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: disconnect from sendingClient[0.0.0.0]
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: master_notify: status 1
Jul 15 14:18:45 HOSTNAME postfix/smtpd[11727]: connection closed
Jul 15 14:18:49 HOSTNAME postfix/smtpd[11727]: auto_clnt_close: disconnect private/tlsmgr stream
Jul 15 14:18:49 HOSTNAME postfix/smtpd[11727]: rewrite stream disconnect


Ich hoffe ihr könnt mir helfen
:)

Chris
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 842 bytes
Beschreibung: Message signed with OpenPGP using GPGMail
URL         : <http://lists.kolab.org/pipermail/users-de/attachments/20150715/1f0cdc09/attachment.sig>


Mehr Informationen über die Mailingliste users-de