1 Topic by kiil (edited by kiil 2017-07-16 10:19:39)

  • kiil
  • kiil
  • Member
  • Offline
  • From: Leipzig Germany
  • Registered: 2011-10-11
  • Posts: 19

Topic: iRedMail as relay server for iRedAdmin-Pro server.

======== Required information ====
- iRedMail version (check /etc/iredmail-release):  iRedMail-0.9.7 and iRedAdmin-Pro     v2.9.0 (LDAP)
- Linux/BSD distribution name and version: Debian 8.8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I am in the process of migrating an iRedAdmin-Pro v2.0 (LDAP) with iRedmail-0.9.3 on a Debian 6 server.

The server is up and running and before I start migrating users accounts and mailboxes I have decided to set an iRedMail server to act as a MX-Server in front of the iRedAdmin-Pro server. That way mails won't timeout while being delivered and afterwards forward to the mailserver after the migratation is finished.

That server is also up and running and I am using Virtual Domains, Virtuals Users and a Transport Map to successfully route incoming e-mails to the new iRedAdmin-Pro server.

I've configured the iRedAdmin-Pro server as written in the document Setup relayhost: http://www.iredmail.org/docs/relayhost.html

relayhost = [mx1.example.com]
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_security_options = noanonymous

My /etc/postfix/sasl_password 

mail.example.com postmaster@[example.com]:password

and got the following iRedAdmin-Pro [mail.example.com] mail.log entry

Jul 15 19:30:52 mail postfix/smtp[13283]: Untrusted TLS connection established to mx1.example.com[000.000.000.000]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 15 19:30:52 mail postfix/smtp[13283]: D0108A21283: to=<user@example2.com>, relay=mx1.example.com[000.000.000.000]:25, delay=0.09, delays=0.01/0/0.07/0.01, dsn=5.7.1, status=bounced (host mx1.example.com[000.000.000.000] said: 554 5.7.1 <user@example2.com>: Recipient address rejected: SMTP AUTH is required, or it is a spam with forged sender domain (in reply to RCPT TO command))
Jul 15 19:30:52 mail postfix/cleanup[13422]: E5BBFA21267: message-id=<20170715173052.E5BBFA21267@mail.example.com>
Jul 15 19:30:52 mail postfix/bounce[13453]: D0108A21283: sender non-delivery notification: E5BBFA21267
Jul 15 19:30:52 mail postfix/qmgr[13279]: E5BBFA21267: from=<>, size=3617, nrcpt=1 (queue active)
Jul 15 19:30:52 mail postfix/qmgr[13279]: D0108A21283: removed

Here is the corresponding iRedmail [mx1.example.com] mail.log

Jul 15 19:30:52 mx1 postfix/smtpd[20249]: connect from mail.example.com[111.111.111.111]
Jul 15 19:30:52 mx1 postfix/smtpd[20249]: Anonymous TLS connection established from mail.example.com[111.111.111.111]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 15 19:30:52 mx1 postfix/smtpd[20249]: NOQUEUE: reject: RCPT from mail.example.com[111.111.111.111]: 554 5.7.1 <user@example2.com>: Recipient address rejected: SMTP AUTH is required, or it is a spam with forged sender domain; from=<postmaster@example.com> to=<user@example2.com> proto=ESMTP helo=<mail.example.com>
Jul 15 19:30:52 mx1 postfix/smtpd[20249]: disconnect from mail.example.com[111.111.111.111]

I then made the following changes:

relayhost = [mx1.example.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_security_options = noanonymous

My new /etc/postfix/sasl_password 

mail.example.com postmaster@[example.com]:587:password

and on the iRedmaiil added

smtp_sender_dependent_authentication = yes

with a /etc/postfix/sasl_password  in the forn of

 postmaster@example.com postmaster@example.com:password

and get this:

Jul 15 21:40:05 kiil-ms postfix/smtp[18092]: Untrusted TLS connection established to kiil-mx1.kiil.com[138.201.206.218]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 15 21:40:05 kiil-ms postfix/smtp[18092]: 5DCB4A20F70: to=<kiil@macnews.de>, relay=kiil-mx1.kiil.com[138.201.206.218]:587, delay=0.04, delays=0.01/0.01/0.02/0.01, dsn=5.7.1, status=bounced (host kiil-mx1.kiil.com[000.000.000.000] said: 554 5.7.1 <kiil-ms.kiil.com[111.111.111.1119]>: Client host rejected: Access denied (in reply to RCPT TO command))
Jul 15 21:40:05 kiil-ms postfix/cleanup[18086]: 68309A20FB5: message-id=<20170715194005.68309A20FB5@kiil-ms.kiil.com>
Jul 15 21:40:05 kiil-ms postfix/qmgr[15410]: 68309A20FB5: from=<>, size=3516, nrcpt=1 (queue active)
Jul 15 21:40:05 kiil-ms postfix/bounce[18093]: 5DCB4A20F70: sender non-delivery notification: 68309A20FB5
Jul 15 21:40:05 kiil-ms postfix/qmgr[15410]: 5DCB4A20F70: removed

corresponding iRedmail mail.log

Jul 15 21:36:52 kiil-mx1 postfix/submission/smtpd[22894]:  mail.example.com[111.111.111.111]
Jul 15 21:36:52 kiil-mx1 postfix/submission/smtpd[22894]: Anonymous TLS connection established from  mail.example.com[111.111.111.111]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 15 21:36:52 kiil-mx1 postfix/submission/smtpd[22894]: NOQUEUE: reject: RCPT from mail.example.com[111.111.111.111: 554 5.7.1 <mail.example.com[111.111.111.111.]>: Client host rejected: Access denied; from=<postmaster@example.com> to=<user@example2.com> proto=ESMTP helo=<kiil-ms.kiil.com>
Jul 15 21:36:52 kiil-mx1 postfix/submission/smtpd[22894]: disconnect from kiil-ms.kiil.com[111.111.111.111]
Jul 15 21:40:04 kiil-mx1 postfix/submission/smtpd[23005]: connect from  mail.example.com[111.111.111.111]
Jul 15 21:40:04 kiil-mx1 postfix/submission/smtpd[23005]: Anonymous TLS connection established from  mail.example.com[111.111.111.111]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 15 21:40:04 kiil-mx1 postfix/submission/smtpd[23005]: NOQUEUE: reject: RCPT from mail.example.com[111.111.111.111]: 554 5.7.1 <mail.example.com[111.111.111.111.111]>: Client host rejected: Access denied; from=<postmaster@example.com> to=<kiil@example2.com> proto=ESMTP helo=<mail.example.com>
Jul 15 21:40:04 kiil-mx1 postfix/submission/smtpd[23005]: disconnect from mail.example.com[111.111.111.111]

What am I missing? what do I need to add to the mx-server so that it relays outgoing mail from my iRedAdmin-Pro server.

Ian

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedMail as relay server for iRedAdmin-Pro server.

Disable iRedAPD plugin "reject_sender_login_mismatch" in /opt/iredapd/settings.py, restart iredapd service, then try again.

3 Reply by kiil

  • kiil
  • kiil
  • Member
  • Offline
  • From: Leipzig Germany
  • Registered: 2011-10-11
  • Posts: 19

Re: iRedMail as relay server for iRedAdmin-Pro server.

ZhangHuangbin wrote:

Disable iRedAPD plugin "reject_sender_login_mismatch" in /opt/iredapd/settings.py, restart iredapd service, then try again.


i'm sorry to report that there is no change in behaviour.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedMail as relay server for iRedAdmin-Pro server.

You made too many changes and i don't know what your current config is. Please use the default iRedMail setting, plus this relay document:
http://www.iredmail.org/docs/relayhost.html

Then try it and show us the original, full error log in Postfix log file.