Can't send External Mail

Discussion in 'Installation/Configuration' started by AndyF, Aug 7, 2006.

  1. AndyF

    AndyF New Member

    I think i've gone round and round in circles the last couple of days with this, so i offer it up to other peoples advice.

    Ubuntu 6.06 LTS, following Perfect install (mostly) - installed as LAMP server.

    I've managed to get everything working except for emails outbound to external addresses.

    Trying to send from [email protected] -> [email protected]

    Postfix main.cfg

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    append_dot_mydomain = no

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

    myhostname = woody.friar.info
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    #mydestination = woody.friar.info, localhost.friar.info, , localhost
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    virtual_maps = hash:/etc/postfix/virtusertable

    mydestination = /etc/postfix/local-host-names


    Mail Logs

    Aug 7 20:42:04 woody postfix/smtpd[6438]: connect from unknown[192.168.1.10]
    Aug 7 20:42:04 woody postfix/smtpd[6438]: NOQUEUE: reject: RCPT from unknown[192.168.1.10]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<p4>
    Aug 7 20:42:04 woody postfix/smtpd[6441]: connect from unknown[192.168.1.10]

    Outlook logs

    2006.08.07 20:42:01 SMTP (192.168.1.15): Connected to host
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 220 woody.friar.info ESMTP Postfix (Ubuntu)
    2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] EHLO p4
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-woody.friar.info
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-PIPELINING
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-SIZE 10240000
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-VRFY
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-ETRN
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-STARTTLS
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-AUTH LOGIN PLAIN
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250-AUTH=LOGIN PLAIN
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250 8BITMIME
    2006.08.07 20:42:01 SMTP (192.168.1.15): Authorizing to server
    2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] AUTH LOGIN
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 334 VXNlcm5hbWU6
    2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] YW5keQ==
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 334 UGFzc3dvcmQ6
    2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] *****
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 235 Authentication successful
    2006.08.07 20:42:01 SMTP (192.168.1.15): Authorized to host
    2006.08.07 20:42:01 SMTP (192.168.1.15): Connected to host
    2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] MAIL FROM: <*****>
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 250 Ok
    2006.08.07 20:42:01 SMTP (192.168.1.15): [tx] RCPT TO: <*****>
    2006.08.07 20:42:01 SMTP (192.168.1.15): <rx> 554 <*****>: Relay access denied
    2006.08.07 20:42:01 SMTP (192.168.1.15): End execution


    To me this is saying that outlook is authenticated correctly but the destination isn't allowed?

    Anyone any advice?

    Thanks

    Andy
     
    AndyF, Aug 7, 2006
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you able to retrieve emails with pop3 in outlook with the same useranme + password that you enterec for smtp authentication in outlook?

    Please check twice that you enabled "Server needs authentication" in the smtp settings in outlook.
     
    till, Aug 8, 2006
    #2
  3. AndyF

    AndyF New Member

    Yep, retrieval is fine, sending emails to other users in the same domain is fine. Just sending emails to a mail recipient external of what postfix knows about doesn't wanna work.

    Andy
     
    AndyF, Aug 8, 2006
    #3
  4. falko

    falko Super Moderator Howtoforge Staff

    falko, Aug 8, 2006
    #4
  5. AndyF

    AndyF New Member

    Yep as it's work email, it's the same which ever external email address i use.

    It's as if the line

    smtpd_recipient_restictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

    Is listening to the mynetworks as in Webmail, yet not for the sasl authenticated users.

    Given that when using Roundcube i get

    Aug 8 18:20:31 woody postfix/smtp[24794]: 7623681847D: to=<[email protected]>, relay=mail.novus.co.uk[212.248.238.50], delay=1, status=sent (250 imss-01.NNL.CO.UK: Message accepted for delivery)
    Aug 8 18:20:31 woody postfix/qmgr[23534]: 7623681847D: removed

    Does that make sense?

    Andy
     
    AndyF, Aug 8, 2006
    #5
  6. AndyF

    AndyF New Member

    I even tried outlook with SPA switch on for sending, to which i recieve.

    Aug 8 18:23:43 woody postfix/smtpd[24858]: connect from unknown[192.168.1.10]
    Aug 8 18:23:43 woody postfix/smtpd[24858]: setting up TLS connection from unknown[192.168.1.10]
    Aug 8 18:23:43 woody postfix/smtpd[24858]: TLS connection established from unknown[192.168.1.10]: TLSv1 with cipher RC4-MD5 (128/128 bits)
    Aug 8 18:23:43 woody postfix/smtpd[24858]: NOQUEUE: reject: RCPT from unknown[192.168.1.10]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<p4>
    Aug 8 18:23:45 woody postfix/smtpd[24858]: disconnect from unknown[192.168.1.10]
     
    AndyF, Aug 8, 2006
    #6
  7. AndyF

    AndyF New Member

    Is there anyway to debug the sasl authentication process?

    Andy
     
    AndyF, Aug 8, 2006
    #7
  8. AndyF

    AndyF New Member

    Well i'm not quite sure what i've done, but it is now working correctly.

    i did renter a couple of postconf lines and instead of before where is wasn't even checking for the sasl_authenticated.

    Code:
    >>> START Recipient address RESTRICTIONS <<<
Aug  8 20:01:09 woody postfix/smtpd[27060]: generic_checks: name=permit_mynetworks
Aug  8 20:01:09 woody postfix/smtpd[27060]: permit_mynetworks: unknown 192.168.1.10
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_hostname: unknown ~? 127.0.0.0/8
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_hostaddr: 192.168.1.10 ~? 127.0.0.0/8
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_list_match: unknown: no match
Aug  8 20:01:09 woody postfix/smtpd[27060]: match_list_match: 192.168.1.10: no match
Aug  8 20:01:09 woody postfix/smtpd[27060]: generic_checks: name=permit_mynetworks status=0
Aug  8 20:01:09 woody postfix/smtpd[27060]: generic_checks: name=reject_unauth_destination
    i then redid the line

    Code:
    postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    Restarted the service and finally received..

    Code:
    >>> START Recipient address RESTRICTIONS <<<
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_sasl_authenticated
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_sasl_authenticated status=0
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_mynetworks
Aug  8 20:20:30 woody postfix/smtpd[28068]: permit_mynetworks: unknown 192.168.1.10
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_hostname: unknown ~? 127.0.0.0/8
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_hostaddr: 192.168.1.10 ~? 127.0.0.0/8
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_list_match: unknown: no match
Aug  8 20:20:30 woody postfix/smtpd[28068]: match_list_match: 192.168.1.10: no match
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=permit_mynetworks status=0
Aug  8 20:20:30 woody postfix/smtpd[28068]: generic_checks: name=reject_unauth_destination
    Which looks miles better, so i now get.

    Code:
    Aug  8 20:36:38 woody postfix/smtpd[28346]: connect from 82-68-241-110.dsl.in-addr.zen.co.uk[82.68.241.110]
Aug  8 20:36:38 woody postfix/smtpd[28346]: D624C81838D: client=82-68-241-110.dsl.in-addr.zen.co.uk[82.68.241.110], sasl_method=LOGIN, sasl_username=andy
Aug  8 20:36:38 woody postfix/cleanup[28348]: D624C81838D: message-id=<[email protected]>
Aug  8 20:36:38 woody postfix/qmgr[27948]: D624C81838D: from=<[email protected]>, size=2210, nrcpt=1 (queue active)
Aug  8 20:36:39 woody postfix/smtp[28349]: D624C81838D: to=<[email protected]>, relay=mail.novus.co.uk[212.248.238.50], delay=1, status=sent (250 imss-01.NNL.CO.UK: Message accepted for delivery)
Aug  8 20:36:39 woody postfix/qmgr[27948]: D624C81838D: removed
    By the way for more debuging options add the following into your main.cf

    debug_peer_list = IPADDRESSYOURWANTTODEBUG
    debug_peer_level = 3

    Hope this helps anyone else.

    Andy
     
    AndyF, Aug 8, 2006
    #8

Share This Page