Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Auth/relaying issues with 2.10.0
24 views
Skip to first unread message
Jan Kohnert
Jun 4, 2013, 7:08:09 PM6/4/13
to
Hi folks,
I have recently upgraded to 2.10.0 (gentoo) and now having some issues
with relaying authenticated users. I'm using dovecot sasl and according
to the logs auth works fine, but however postfix thinks I do not want to
relay stuff from authenticated users anymore...
Here's the log entry in debug mode:
----
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-mail.the-pojs.de
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-PIPELINING
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-SIZE 15728600
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-VRFY
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-ETRN
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-STARTTLS
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]:
250-ENHANCEDSTATUSCODES
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-8BITMIME
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250 DSN
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: STARTTLS
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 220 2.0.0 Ready to
start TLS
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: send attr request
= seed
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: send attr size =
32
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: private/tlsmgr:
wanted attribute: status
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
name: status
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: private/tlsmgr:
wanted attribute: seed
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
name: seed
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
value: pIK6HA04uWxAB+svbuTDcRA7kYsqxBKzn+7D798fAzI=
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: private/tlsmgr:
wanted attribute: (list terminator)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: Anonymous TLS
connection established from
178-24-196-94-dynip.superkabel.de[178.24.196.94]: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: name_mask:
noanonymous
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: Connecting
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: VERSION?1?1
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: name_mask:
plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: name_mask:
plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: SPID?30043
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: CUID?2
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply:
COOKIE?d513800ca06dd779c5f87b04e2a572cd
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: DONE
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: ehlo mail.the-pojs.de
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: match_list_match:
178-24-196-94-dynip.superkabel.de: no match
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: match_list_match:
178.24.196.94: no match
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-mail.the-pojs.de
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-PIPELINING
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-SIZE 15728600
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-VRFY
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-ETRN
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-AUTH PLAIN LOGIN
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]:
250-ENHANCEDSTATUSCODES
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-8BITMIME
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250 DSN
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: auth plain SECRET
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_first: sasl_method plain, init_response SECRET
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_handle_reply: auth reply: OK?1?user=jan
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 235 2.7.0
Authentication successful
Jun 5 00:16:07 b079 dovecot: imap-login: Aborted login (no auth
attempts in 0 secs): user=<>, rip=62.141.42.79, lip=62.141.42.79,
secured, session=<JYl9bVveJwA+jSpP>
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: mail from:
j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: extract_addr:
input: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: smtpd_check_addr:
addr=j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: connect to
subsystem private/rewrite
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr request
= rewrite
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr rule =
local
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr address
= j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: address
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: address
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: rewrite_clnt:
local: j...@the-pojs.de -> j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr request
= resolve
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr sender
=
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr address
= j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: transport
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: transport
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: dovecot
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: nexthop
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: nexthop
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: recipient
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: recipient
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: 1024
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: resolve_clnt: `'
-> `j...@the-pojs.de' -> transp=`dovecot' host=`the-pojs.de'
rcpt=`j...@the-pojs.de' flags= class=virtual
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: ctable_locate:
install entry key j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: extract_addr: in:
j...@the-pojs.de, result: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr request
= rewrite
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr rule =
local
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr address
= double-bounce
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: address
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
name: address
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
value: double...@jankoh.mooo.com
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: rewrite_clnt:
local: double-bounce -> double...@jankoh.mooo.com
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]:
smtpd_check_rewrite: trying: permit_inet_interfaces
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]:
permit_inet_interfaces: 178-24-196-94-dynip.superkabel.de 178.24.196.94
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: fsspace: .: block
size 4096, blocks free 2153140
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]:
smtpd_check_queue: blocks 4096 avail 2153140 min_free 0 msg_size_limit
15728600
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250 2.1.0 Ok
Jun 5 00:16:34 b079 dovecot: imap-login: Aborted login (no auth
attempts in 0 secs): user=<>, rip=62.141.42.79, lip=62.141.42.79, TLS,
session=<1nEZb1veegA+jSpP>
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: rcpt to:
fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: extract_addr:
input: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: smtpd_check_addr:
addr=fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr request
= rewrite
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr rule =
local
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr address
= fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: address
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: address
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: rewrite_clnt:
local: fran...@web.de -> fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr request
= resolve
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr sender
=
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr address
= fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: transport
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: transport
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: smtp
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: nexthop
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: nexthop
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: recipient
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: recipient
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: 4096
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: resolve_clnt: `'
-> `fran...@web.de' -> transp=`smtp' host=`web.de'
rcpt=`fran...@web.de' flags= class=default
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: ctable_locate:
install entry key fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: extract_addr: in:
fran...@web.de, result: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: >>> START
Recipient address RESTRICTIONS <<<
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=permit_mynetworks
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]:
permit_mynetworks: 178-24-196-94-dynip.superkabel.de 178.24.196.94
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostname:
178-24-196-94-dynip.superkabel.de ~? 127.0.0.0/8
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostaddr:
178.24.196.94 ~? 127.0.0.0/8
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostname:
178-24-196-94-dynip.superkabel.de ~? [::1]/128
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostaddr:
178.24.196.94 ~? [::1]/128
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_list_match:
178-24-196-94-dynip.superkabel.de: no match
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_list_match:
178.24.196.94: no match
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=permit_mynetworks status=0
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=reject_unauth_destination
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]:
reject_unauth_destination: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]:
permit_auth_destination: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: ctable_locate:
leave existing entry key fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: NOQUEUE: reject:
RCPT from 178-24-196-94-dynip.superkabel.de[178.24.196.94]: 454 4.7.1
<fran...@web.de>: Relay access denied; from=<j...@the-pojs.de>
to=<fran...@web.de> proto=ESMTP helo=<mail.the-pojs.de>
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=reject_unauth_destination status=2
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: >>> END Recipient
address RESTRICTIONS <<<
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 454 4.7.1
<fran...@web.de>: Relay access denied
----
Here's the master.cf for submission:
----
submission inet n - n - - smtpd -v
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
----
And finally postconf -n
----
alias_maps = hash:/etc/postfix/aliases,
hash:/var/lib/mailman/data/aliases
allow_min_user = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_protocols = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 15728600
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = localhost.$mydomain, $mydomain, kohni.$mydomain,
claudi.$mydomain, kohni-mobil.$mydomain
mydomain = jankoh.mooo.com
myhostname = mail.the-pojs.de
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_helo_name = the-pojs.de
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_multi_recipient_bounce,
permit_mynetworks, permit_sasl_authenticated, reject_unlisted_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_unknown_sender_domain, reject_rbl_client
zen.spamhaus.org, check_policy_service inet:127.0.0.1:10030
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/sasl_sender
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/cert.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:500
virtual_mailbox_base = /home/virtualmail
virtual_mailbox_domains = the-pojs.dyndns.org, the-pojs.de
virtual_mailbox_maps = ldap:/etc/postfix/virtual.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:102
postconf: warning: /etc/postfix/main.cf: unused parameter:
dovecot_destination_recipient_limit=1
----
Any hint what I am missing? At the moment I can only send through
localhost…
Thanks a lot!
Regards Jan
I have recently upgraded to 2.10.0 (gentoo) and now having some issues
with relaying authenticated users. I'm using dovecot sasl and according
to the logs auth works fine, but however postfix thinks I do not want to
relay stuff from authenticated users anymore...
Here's the log entry in debug mode:
----
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-mail.the-pojs.de
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-PIPELINING
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-SIZE 15728600
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-VRFY
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-ETRN
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-STARTTLS
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]:
250-ENHANCEDSTATUSCODES
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-8BITMIME
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250 DSN
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: STARTTLS
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 220 2.0.0 Ready to
start TLS
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: send attr request
= seed
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: send attr size =
32
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: private/tlsmgr:
wanted attribute: status
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
name: status
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: private/tlsmgr:
wanted attribute: seed
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
name: seed
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
value: pIK6HA04uWxAB+svbuTDcRA7kYsqxBKzn+7D798fAzI=
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: private/tlsmgr:
wanted attribute: (list terminator)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: Anonymous TLS
connection established from
178-24-196-94-dynip.superkabel.de[178.24.196.94]: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: name_mask:
noanonymous
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: Connecting
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: VERSION?1?1
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: name_mask:
plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]: name_mask:
plaintext
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: SPID?30043
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: CUID?2
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply:
COOKIE?d513800ca06dd779c5f87b04e2a572cd
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_connect: auth reply: DONE
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Jun 5 00:15:48 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: ehlo mail.the-pojs.de
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: match_list_match:
178-24-196-94-dynip.superkabel.de: no match
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: match_list_match:
178.24.196.94: no match
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-mail.the-pojs.de
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-PIPELINING
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-SIZE 15728600
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-VRFY
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-ETRN
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-AUTH PLAIN LOGIN
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]:
250-ENHANCEDSTATUSCODES
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250-8BITMIME
Jun 5 00:15:55 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250 DSN
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: auth plain SECRET
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_server_first: sasl_method plain, init_response SECRET
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]:
xsasl_dovecot_handle_reply: auth reply: OK?1?user=jan
Jun 5 00:16:07 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 235 2.7.0
Authentication successful
Jun 5 00:16:07 b079 dovecot: imap-login: Aborted login (no auth
attempts in 0 secs): user=<>, rip=62.141.42.79, lip=62.141.42.79,
secured, session=<JYl9bVveJwA+jSpP>
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: mail from:
j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: extract_addr:
input: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: smtpd_check_addr:
addr=j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: connect to
subsystem private/rewrite
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr request
= rewrite
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr rule =
local
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr address
= j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: address
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: address
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: rewrite_clnt:
local: j...@the-pojs.de -> j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr request
= resolve
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr sender
=
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr address
= j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: transport
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: transport
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: dovecot
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: nexthop
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: nexthop
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: recipient
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: recipient
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
value: 1024
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: resolve_clnt: `'
-> `j...@the-pojs.de' -> transp=`dovecot' host=`the-pojs.de'
rcpt=`j...@the-pojs.de' flags= class=virtual
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: ctable_locate:
install entry key j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: extract_addr: in:
j...@the-pojs.de, result: j...@the-pojs.de
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr request
= rewrite
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr rule =
local
Jun 5 00:16:23 b079 postfix/submission/smtpd[30353]: send attr address
= double-bounce
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: address
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
name: address
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
value: double...@jankoh.mooo.com
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: rewrite_clnt:
local: double-bounce -> double...@jankoh.mooo.com
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]:
smtpd_check_rewrite: trying: permit_inet_interfaces
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]:
permit_inet_interfaces: 178-24-196-94-dynip.superkabel.de 178.24.196.94
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: fsspace: .: block
size 4096, blocks free 2153140
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]:
smtpd_check_queue: blocks 4096 avail 2153140 min_free 0 msg_size_limit
15728600
Jun 5 00:16:24 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 250 2.1.0 Ok
Jun 5 00:16:34 b079 dovecot: imap-login: Aborted login (no auth
attempts in 0 secs): user=<>, rip=62.141.42.79, lip=62.141.42.79, TLS,
session=<1nEZb1veegA+jSpP>
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: <
178-24-196-94-dynip.superkabel.de[178.24.196.94]: rcpt to:
fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: extract_addr:
input: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: smtpd_check_addr:
addr=fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr request
= rewrite
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr rule =
local
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr address
= fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: address
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: address
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: rewrite_clnt:
local: fran...@web.de -> fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr request
= resolve
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr sender
=
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: send attr address
= fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: 0
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: transport
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: transport
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: smtp
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: nexthop
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: nexthop
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: recipient
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: recipient
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: flags
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
value: 4096
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: private/rewrite
socket: wanted attribute: (list terminator)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: input attribute
name: (end)
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: resolve_clnt: `'
-> `fran...@web.de' -> transp=`smtp' host=`web.de'
rcpt=`fran...@web.de' flags= class=default
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: ctable_locate:
install entry key fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: extract_addr: in:
fran...@web.de, result: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: >>> START
Recipient address RESTRICTIONS <<<
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=permit_mynetworks
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]:
permit_mynetworks: 178-24-196-94-dynip.superkabel.de 178.24.196.94
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostname:
178-24-196-94-dynip.superkabel.de ~? 127.0.0.0/8
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostaddr:
178.24.196.94 ~? 127.0.0.0/8
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostname:
178-24-196-94-dynip.superkabel.de ~? [::1]/128
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_hostaddr:
178.24.196.94 ~? [::1]/128
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_list_match:
178-24-196-94-dynip.superkabel.de: no match
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: match_list_match:
178.24.196.94: no match
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=permit_mynetworks status=0
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=reject_unauth_destination
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]:
reject_unauth_destination: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]:
permit_auth_destination: fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: ctable_locate:
leave existing entry key fran...@web.de
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: NOQUEUE: reject:
RCPT from 178-24-196-94-dynip.superkabel.de[178.24.196.94]: 454 4.7.1
<fran...@web.de>: Relay access denied; from=<j...@the-pojs.de>
to=<fran...@web.de> proto=ESMTP helo=<mail.the-pojs.de>
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: generic_checks:
name=reject_unauth_destination status=2
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: >>> END Recipient
address RESTRICTIONS <<<
Jun 5 00:16:35 b079 postfix/submission/smtpd[30353]: >
178-24-196-94-dynip.superkabel.de[178.24.196.94]: 454 4.7.1
<fran...@web.de>: Relay access denied
----
Here's the master.cf for submission:
----
submission inet n - n - - smtpd -v
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
----
And finally postconf -n
----
alias_maps = hash:/etc/postfix/aliases,
hash:/var/lib/mailman/data/aliases
allow_min_user = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_protocols = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 15728600
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = localhost.$mydomain, $mydomain, kohni.$mydomain,
claudi.$mydomain, kohni-mobil.$mydomain
mydomain = jankoh.mooo.com
myhostname = mail.the-pojs.de
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_helo_name = the-pojs.de
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_multi_recipient_bounce,
permit_mynetworks, permit_sasl_authenticated, reject_unlisted_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_unknown_sender_domain, reject_rbl_client
zen.spamhaus.org, check_policy_service inet:127.0.0.1:10030
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/sasl_sender
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/cert.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:500
virtual_mailbox_base = /home/virtualmail
virtual_mailbox_domains = the-pojs.dyndns.org, the-pojs.de
virtual_mailbox_maps = ldap:/etc/postfix/virtual.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:102
postconf: warning: /etc/postfix/main.cf: unused parameter:
dovecot_destination_recipient_limit=1
----
Any hint what I am missing? At the moment I can only send through
localhost…
Thanks a lot!
Regards Jan
/dev/rob0
Jun 4, 2013, 7:24:23 PM6/4/13
to
On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote:
> I have recently upgraded to 2.10.0 (gentoo) and now having some
> issues with relaying authenticated users. I'm using dovecot sasl
> and according to the logs auth works fine, but however postfix
> thinks I do not want to relay stuff from authenticated users
> anymore...
Yes. You probably missed the 2.10 release notes.
> I have recently upgraded to 2.10.0 (gentoo) and now having some
> issues with relaying authenticated users. I'm using dovecot sasl
> and according to the logs auth works fine, but however postfix
> thinks I do not want to relay stuff from authenticated users
> anymore...
http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Jan Kohnert
Jun 4, 2013, 7:27:24 PM6/4/13
to
Hi there again,
Am Mittwoch, 5. Juni 2013, 01:08:09 schrieb Jan Kohnert:
> I have recently upgraded to 2.10.0 (gentoo) and now having some issues
> with relaying authenticated users. I'm using dovecot sasl and according
> to the logs auth works fine, but however postfix thinks I do not want to
> relay stuff from authenticated users anymore...
just downgraded to 2.9.5 (identical config) and it works like a charm:
----
Jun 5 01:19:02 b079 postfix/smtpd[15165]: Anonymous TLS connection
dynip.superkabel.de[178.24.196.94], sasl_method=plain, sasl_username=jan
----
The last line is never showing up in 2.10.0 (see log in OP).
postconf -n
----
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
allow_min_user = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
----
master for submission:
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
-o milter_macro_daemon_name=ORIGINATING
----
So either I made a config error, or I found a bug, or the gentoo folks are
doing something weird.
Any idea? For now I'll stay in 2.9.5…
--
MfG Jan
Am Mittwoch, 5. Juni 2013, 01:08:09 schrieb Jan Kohnert:
> I have recently upgraded to 2.10.0 (gentoo) and now having some issues
> with relaying authenticated users. I'm using dovecot sasl and according
> to the logs auth works fine, but however postfix thinks I do not want to
> relay stuff from authenticated users anymore...
----
Jun 5 01:19:02 b079 postfix/smtpd[15165]: Anonymous TLS connection
established from 178-24-196-94-dynip.superkabel.de[178.24.196.94]: TLSv1.2
with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jun 5 01:19:53 b079 postfix/smtpd[15165]: E6AA4CB9E1: client=178-24-196-94-
with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
dynip.superkabel.de[178.24.196.94], sasl_method=plain, sasl_username=jan
----
The last line is never showing up in 2.10.0 (see log in OP).
postconf -n
----
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
allow_min_user = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
master for submission:
----
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
-o milter_macro_daemon_name=ORIGINATING
----
So either I made a config error, or I found a bug, or the gentoo folks are
doing something weird.
Any idea? For now I'll stay in 2.9.5…
--
MfG Jan
Jan Kohnert
Jun 4, 2013, 7:34:13 PM6/4/13
to
Hi,
Am Dienstag, 4. Juni 2013, 18:24:23 schrieb /dev/rob0:
> On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote:
(it's half past one here, now), since a downgrade helped me making a hotfix…
Thanks!
--
MfG Jan
Am Dienstag, 4. Juni 2013, 18:24:23 schrieb /dev/rob0:
> On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote:
> > I have recently upgraded to 2.10.0 (gentoo) and now having some
> > issues with relaying authenticated users. I'm using dovecot sasl
> > and according to the logs auth works fine, but however postfix
> > thinks I do not want to relay stuff from authenticated users
> > anymore...
>
> > issues with relaying authenticated users. I'm using dovecot sasl
> > and according to the logs auth works fine, but however postfix
> > thinks I do not want to relay stuff from authenticated users
> > anymore...
>
> Yes. You probably missed the 2.10 release notes.
>
> http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
>
> smtpd_relay_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination
That might cause the problem, I really missed that. I'll check that tomorrow
>
> http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
>
> smtpd_relay_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination
(it's half past one here, now), since a downgrade helped me making a hotfix…
Thanks!
--
MfG Jan
Jan Kohnert
Jun 4, 2013, 7:47:55 PM6/4/13
to
Hi again,
couldn't wait, who needs sleep… :)
Things got fixes using your hint. Thanks a lot again!
Hint to myself:
I should read release notes more carefully.
--
MfG Jan
Things got fixes using your hint. Thanks a lot again!
Hint to myself:
I should read release notes more carefully.
--
MfG Jan
Wietse Venema
Jun 4, 2013, 8:51:09 PM6/4/13
to
Please file a bug report with your distribution.
Postfix 2.10 as distributed by me will add a backwards-compatibility
setting to main.cf, thusly:
# postfix upgrade-configuration
COMPATIBILITY: editing /etc/postfix/main.cf, overriding
smtpd_relay_restrictions to prevent inbound mail from unexpectedly
bouncing. Specify an empty smtpd_relay_restrictions value to
keep using smtpd_recipient_restrictions as before.
And the backwards compatible setting is:
# postconf smtpd_relay_restrictions
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
If your distributor has removed this backwards-compatibility safety
net, then please tell them that they are doing their users a disservice.
Wietse
Postfix 2.10 as distributed by me will add a backwards-compatibility
setting to main.cf, thusly:
# postfix upgrade-configuration
COMPATIBILITY: editing /etc/postfix/main.cf, overriding
smtpd_relay_restrictions to prevent inbound mail from unexpectedly
bouncing. Specify an empty smtpd_relay_restrictions value to
keep using smtpd_recipient_restrictions as before.
And the backwards compatible setting is:
# postconf smtpd_relay_restrictions
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
If your distributor has removed this backwards-compatibility safety
net, then please tell them that they are doing their users a disservice.
Wietse
Benny Pedersen
Jun 5, 2013, 2:26:37 PM6/5/13
to
/dev/rob0 skrev den 2013-06-05 01:24:
> http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
>
> smtpd_relay_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination
lets hope 2.11 have permit_sasl_authenticated in default config, so
> http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
>
> smtpd_relay_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination
many users here cant figure out the problems in 2.10 :)
--
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it
Benny Pedersen
Jun 5, 2013, 2:27:51 PM6/5/13
to
Jan Kohnert skrev den 2013-06-05 01:34:
> That might cause the problem, I really missed that. I'll check that
> tomorrow
> (it's half past one here, now), since a downgrade helped me making a
> hotfix…
such gentoo users :)
> That might cause the problem, I really missed that. I'll check that
> tomorrow
> (it's half past one here, now), since a downgrade helped me making a
> hotfix…
Benny Pedersen
Jun 5, 2013, 2:31:25 PM6/5/13
to
Jan Kohnert skrev den 2013-06-05 01:47:
> I should read release notes more carefully.
same could go to maintainers of ebuilds or precompiled packages
> I should read release notes more carefully.
0 new messages