I just finished a fresh install of a server using the "The Perfect Server - Ubuntu 10.04 [ISPConfig 3]" article. With the exception that I installed VMware tools + installed ISPConfig 3.0.2.2 instead of 3.0.2.1 Everything seems to work ok I hooked up 1 of my domains to this box website works, setup a email box. The mailbox appears to work I can receive mail to the box from external sources (via imap). As well as I can send email out via webmail. However when attempting to send emails via smtp (using Thunderbird) I'm getting a "An error occurred while sending mail. The mail server responded: 5.7.1 <[email protected]>: Relay access denied. Please check the message recipient [email protected] and try again." I've googled around and I found a couple references to tweaks of /etc/postfix/main.cf but those appeared to be relevant for ISPConfig 2 and not 3. Server setup Ubuntu 10.04 with normal updates ISPConfig 3.0.2.2 Inside of DMZ then connected to WAN via NAT Relavant bit of /ver/log/mail.log Sep 14 18:51:20 roslin postfix/smtpd[29921]: connect from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx] Sep 14 18:51:20 roslin postfix/smtpd[29921]: NOQUEUE: reject: RCPT from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<me-macbook.local> Sep 14 18:53:10 roslin postfix/smtpd[29921]: lost connection after RCPT from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx] Sep 14 18:53:10 roslin postfix/smtpd[29921]: disconnect from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx] output of postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_size_limit = 0 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = roslin.123.com, localhost, localhost.localdomain myhostname = roslin.123.com mynetworks = 127.0.0.0/8 [::1]/128 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = maildrop virtual_uid_maps = static:5000 For reference 123.com is not currently hosted on this box and is external. abc.com is hosted on this box. I've played around with the mynetworks value and hardcoded my IP and it appears not to work. I do intend to use this email for potentially several customers so I need it WAN accessible. Any help would be much appreciated
I do have smtp authentication enabled. Actually I did make some progress I did change the mynetworks value to include my external IP address and it allowed me to send emails. However, this isn't quite the behavior I'm looking for since I have users whom would be connecting through iphones, and who knows what kind of network connection. So the question is how to I open up mynetworks to be internet facing without being a completely open relay.
So after much more reading I think my problem is that the postfix-sasl authentication is not working properly. I've opened up mynetworks to the world 0.0.0.0/256 however that just made an open relay to the world.
Post the exact sasl error messages that you get in the mail log file. You should undo that as soon as possible!
Yea I backed out the mynetwork config pretty quick once I figured out what that was doing. See thats the thing I don't see any SASL errors in the mail.log file. I'm not seeing a SASL error but that's the only thing I can assume is wrong. I do have Thunderbird setup to use authentication. But it appears based on the log if it does it's not working. Sep 15 15:03:21 roslin postfix/smtpd[27210]: warning: 50.9.xxx.xx: hostname 50-9-xxx-xx.txr.clearwire-wmx.net verification failed: Name or service not known Sep 15 15:03:21 roslin postfix/smtpd[27210]: connect from unknown[50.9.xxx.xx] Sep 15 15:03:23 roslin postfix/smtpd[27210]: NOQUEUE: reject: RCPT from unknown[50.9.xxx.xx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<50-9-xxx-xx.txr.clearwire-wmx.net> Sep 15 15:03:26 roslin postfix/smtpd[27210]: disconnect from unknown[50.9.xxx.xx] Also a manual connection to the server remotely doesn't respond to ehlo command. $ telnet 67.210.xxx.xx 25 Trying 67.210.xxx.xx... Connected to 67.210.xxx.xx. Escape character is '^]'. 220 roslin.abc.com ESMTP Postfix (Ubuntu) ehlo 502 5.5.2 Error: command not recognized ehlo abc.com 502 5.5.2 Error: command not recognized ehlo localhost 502 5.5.2 Error: command not recognized
