1 Topic by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Topic: Sender address rejected: not logged in

==== Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP (AD)
- Linux/BSD distribution name and version: RH6.5
- Related log if you're reporting an issue:
====
Hello.
I have strange message in log. When somebody form foreign server (hosted somewhere else) i can find in logs:

Jun 24 11:57:13 mx1 postfix/smtpd[2667]: NOQUEUE: reject: RCPT from mail.domain.pl[1.2.3.4]: 553 5.7.1 <sombody@sender-domain.com>: Sender address rejected: not logged in; from=<sombody@sender-domain.com> to=<receipent@receipentdomain.com> proto=ESMTP helo=<sender-domain.com>

This issue affects only one server

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sender address rejected: not logged in

misieq wrote:

Sender address rejected: not logged in

This user doesn't enable SMTP authentication in his/her mail client application (Outlook, Thunderbird, ...).

3 Reply by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Re: Sender address rejected: not logged in

ZhangHuangbin wrote:

This user doesn't enable SMTP authentication in his/her mail client application (Outlook, Thunderbird, ...).

But he or she authenticates (or not) on his smtp server.  My server gets a normal email from outside and than the message in log appears.
If it's a proper configuration can i add their server to some whitelist to bypass this error?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sender address rejected: not logged in

Is this sender domain hosted on your mail server? If so, you can add the IP address of sender server in Postfix parameter "mynetworks".

5 Reply by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Re: Sender address rejected: not logged in

ZhangHuangbin wrote:

Is this sender domain hosted on your mail server? If so, you can add the IP address of sender server in Postfix parameter "mynetworks".

No, it's not. It is completely different IP. And that's why this error is so strange to me

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sender address rejected: not logged in

Could you please show me output of below commands? Replace 'sender-domain.com' by the real sender domain name.

# cd /etc/postfix/
# for cf in $(ls ad_*); do echo ${cf}; postmap -q 'sender-domain.com' ldap:./${cf}; done

7 Reply by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Re: Sender address rejected: not logged in

ZhangHuangbin wrote:

Could you please show me output of below commands? Replace 'sender-domain.com' by the real sender domain name.

# cd /etc/postfix/
# for cf in $(ls ad_*); do echo ${cf}; postmap -q 'sender-domain.com' ldap:./${cf}; done

Here's an output

ad_sender_login_maps.cf
sof@sender-domain.com
ad_virtual_group_maps.cf
ad_virtual_mailbox_maps.cf
sender-domain.com/sof/Maildir/

I've checked but i have no maildir on filesystem for user sof and no domain 'sender-domain' however somehow it's in your command output.

Does it mean I should find for this account in AD ? Just to clarify my AD domain is different than 'sender-domain.com'

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sender address rejected: not logged in

The output means your server hosts this mail account.

misieq wrote:

Does it mean I should find for this account in AD ? Just to clarify my AD domain is different than 'sender-domain.com'

Yes. Please show us command output: "postconf -n".

9 Reply by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Re: Sender address rejected: not logged in

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname, 10.4.14.11/32
myhostname = mx1.mydomain.pl
mynetworks = 127.0.0.0/8, 10.4.14.11/32, 10.4.13.11/32, 10.4.13.12/32, 10.4.12.55/32, 10.7.4.140/32, 10.7.4.141/32, 10.7.4.142/32, 10.4.3.155/32
mynetworks_style = host
myorigin = mx1.mydomain.pl
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = 
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical_maps
recipient_delimiter = +
relay_domains = mydomain.pl
relay_recipient_maps = 
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = 
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_security_level = may
smtpd_banner = mx1.mydomain.pl ESMTP
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/override_spam_checks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_client_access hash:/etc/postfix/override_spam_checks, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = mydomain.pl
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ad_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/override_spam_checks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/RootCA_meritum_multidomain.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/meritum_multidomain.crt
smtpd_tls_key_file = /etc/pki/tls/private/meritum_multidomain.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = regexp:/etc/postfix/transport.regexp
unknown_local_recipient_reject_code = 550
virtual_alias_domains = 
virtual_alias_maps = proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = lmtp:inet:10.4.13.10:24
virtual_uid_maps = static:2000

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sender address rejected: not logged in

misieq wrote:

Does it mean I should find for this account in AD ? Just to clarify my AD domain is different than 'sender-domain.com'

Your Postfix setting looks fine, please try to find this account in AD.

11 Reply by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Re: Sender address rejected: not logged in

ZhangHuangbin wrote:
misieq wrote:

Does it mean I should find for this account in AD ? Just to clarify my AD domain is different than 'sender-domain.com'

Your Postfix setting looks fine, please try to find this account in AD.

Everything is clear now.
We have used mail attribute from LDAP, and this address was created as a contact in some group.
So systems treated it as own account.

Thank you for your help Zhang!