1

Topic: authentication errors

I noticed if i try sending a mail without authentication to a domain I have set in my iRedAdmin it will not return a error at all and does not notice the client that he has to enter a username and pw. However when I try to send it to a domain outside of the mailserver it shows that relaying has been denied.

How do I configure it so it shows a error message even when sending to internal domains?

2

Re: authentication errors

Can you paste related maillog content here? you can find them in /var/log/maillog or /var/log/mail.log.

3 (edited by veldsink 2010-04-23 16:37:58)

Re: authentication errors

log of 3 outgoing mails without autentication, the first mail shows a error that relay access is denied in Thunderbird. The other 2 mails do not show anything.

pr 23 10:24:49 mailserv postfix/smtpd[12874]: connect from unknown[192.168.10.82]
Apr 23 10:24:49 mailserv postfix/smtpd[12874]: NOQUEUE: reject: RCPT from unknown[192.168.10.82]: 554 5.7.1 <test@hotmail.com>: Relay access denied; from=<test@veldsink.nl> to=<test@hotmail.com> proto=ESMTP helo=<[192.168.10.82]>
Apr 23 10:24:59 mailserv postfix/smtpd[12874]: disconnect from unknown[192.168.10.82]
Apr 23 10:25:07 mailserv postfix/smtpd[12874]: connect from unknown[192.168.10.82]
Apr 23 10:25:07 mailserv postfix/smtpd[12874]: 672303251C7: client=unknown[192.168.10.82]
Apr 23 10:25:07 mailserv postfix/cleanup[12880]: 672303251C7: message-id=<4BD15979.1000708@veldsink.nl>
Apr 23 10:25:07 mailserv postfix/qmgr[3591]: 672303251C7: from=<test@veldsink.nl>, size=620, nrcpt=1 (queue active)
Apr 23 10:25:07 mailserv postfix/smtpd[12874]: disconnect from unknown[192.168.10.82]
Apr 23 10:25:08 mailserv postfix/smtpd[12886]: connect from mailserv.vh2.local[127.0.0.1]
Apr 23 10:25:08 mailserv postfix/smtpd[12886]: 8DEA93251E4: client=mailserv.vh2.local[127.0.0.1]
Apr 23 10:25:08 mailserv postfix/cleanup[12880]: 8DEA93251E4: message-id=<4BD15979.1000708@veldsink.nl>
Apr 23 10:25:08 mailserv postfix/smtpd[12886]: disconnect from mailserv.vh2.local[127.0.0.1]
Apr 23 10:25:08 mailserv postfix/qmgr[3591]: 8DEA93251E4: from=<test@veldsink.nl>, size=1545, nrcpt=1 (queue active)
Apr 23 10:25:08 mailserv amavis[3604]: (03604-10) Passed CLEAN, MYNETS LOCAL [192.168.10.82] [192.168.10.82] <test@veldsink.nl> -> <hveldsink@veldsink.nl>, Message-ID: <4BD15979.1000708@veldsink.nl>, mail_id: Sks28OXLDU4c, Hits: -0.469, size: 620, queued_as: 8DEA93251E4, 1156 ms
Apr 23 10:25:08 mailserv postfix/smtp[12881]: 672303251C7: to=<test2@veldsink.nl>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.2, delays=0.03/0.01/0/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03604-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8DEA93251E4)
Apr 23 10:25:08 mailserv postfix/qmgr[3591]: 672303251C7: removed
Apr 23 10:25:08 mailserv postfix/pipe[12887]: 8DEA93251E4: to=<test2@veldsink.nl>, relay=dovecot, delay=0.02, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 23 10:25:08 mailserv postfix/qmgr[3591]: 8DEA93251E4: removed
Apr 23 10:28:02 mailserv postfix/smtpd[12908]: connect from unknown[192.168.10.51]
Apr 23 10:28:02 mailserv postfix/smtpd[12908]: NOQUEUE: reject: RCPT from unknown[192.168.10.51]: 554 5.7.1 <test@gmail.com>: Relay access denied; from=<hveldsink@veldsink.nl> to=<test@gmail.com> proto=ESMTP helo=<[127.0.0.1]>
Apr 23 10:28:02 mailserv postfix/smtpd[12908]: disconnect from unknown[192.168.10.51]

4

Re: authentication errors

Can you paste output of command 'postconf -n'?

5

Re: authentication errors

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_name = iRedMail
mail_owner = postfix
mail_version = 0.5.1
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 15728640
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhost                                                                                                                               name
mydomain = vh2.local
myhostname = mailserv.vh2.local
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mailserv.vh2.local
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $myde                                                                                                                               stination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domai                                                                                                                               ns $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps                                                                                                                                $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_doma                                                                                                                               ins $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_domain.cf,                                                                                                                                proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_user.cf
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap_relay_domains.cf
relay_recipient_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_domain.cf, proxy:                                                                                                                               ldap:/etc/postfix/ldap_sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_hel                                                                                                                               o_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:7777, permit_                                                                                                                               mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap_transport_maps_user.cf, proxy:ldap                                                                                                                               :/etc/postfix/ldap_transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf, proxy:l                                                                                                                               dap:/etc/postfix/ldap_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap_sender                                                                                                                               _login_maps.cf, proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /home/vmail/vmail01
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_domains.c                                                                                                                               f
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500

6

Re: authentication errors

Why your smtpd_recipient_restrictions is different than iRedMail default setting?

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Default:

smtpd_recipient_restrictions = 
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unlisted_recipient,
        check_policy_service inet:127.0.0.1:7777,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        check_policy_service inet:127.0.0.1:10031

7

Re: authentication errors

Might have made a configuration error there when adding the iRedAPD
However, fixing that did not solve the problem.