postfix 2.71 relay access denied from external

Discussion in 'Server Operation' started by abcinc, Nov 12, 2013.

  1. abcinc

    abcinc New Member

    Emailing from the server to outside like gmail works fine. Aslo emailing from a local outlook client works fine. Emailing from external by relay to gmail gets relay access denied even though outlook has auth chosen.
    Using postfix 2.71, dovecot 1.2.9 Ubuntu 10.04, SASL

    Please help
    Thanks
    mail.log:
    resolve_clnt: `' -> `[email protected]' -> transp=`smtp' host=`gmail.com' rcpt=`[email protected]' flags= class=default
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: ctable_locate: install entry key [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: extract_addr: in: <[email protected]>, result: [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: send attr request = rewrite
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: send attr rule = local
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: send attr address = double-bounce
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: private/rewrite socket: wanted attribute: flags
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: input attribute name: flags
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: input attribute value: 0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: private/rewrite socket: wanted attribute: address
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: input attribute name: address
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: input attribute value: [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: private/rewrite socket: wanted attribute: (list terminator)
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: input attribute name: (end)
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: rewrite_clnt: local: double-bounce -> [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: >>> START Sender address RESTRICTIONS <<<
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_sasl_authenticated
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_sasl_authenticated status=0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_mynetworks
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: permit_mynetworks: unknown 68.178.19.197
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? 127.0.0.0/8
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? 127.0.0.0/8
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? [::ffff:127.0.0.0]/104
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? [::ffff:127.0.0.0]/104
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? [::1]/128
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? [::1]/128
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? 192.168.6.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? 192.168.6.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? 50.43.121.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? 50.43.121.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_list_match: unknown: no match
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_list_match: 68.178.19.197: no match
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_mynetworks status=0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=reject_unknown_sender_domain
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: reject_unknown_address: [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: ctable_locate: move existing entry key [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=reject_unknown_sender_domain status=0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=reject_unauth_pipelining
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: reject_unauth_pipelining: RCPT
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=reject_unauth_pipelining status=0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit status=1
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: >>> START Recipient address RESTRICTIONS <<<
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_mynetworks
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: permit_mynetworks: unknown 68.178.19.197
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? 127.0.0.0/8
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? 127.0.0.0/8
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? [::ffff:127.0.0.0]/104
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? [::ffff:127.0.0.0]/104
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? [::1]/128
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? [::1]/128
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? 192.168.6.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? 192.168.6.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostname: unknown ~? 50.43.121.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_hostaddr: 68.178.19.197 ~? 50.43.121.0/24
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_list_match: unknown: no match
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: match_list_match: 68.178.19.197: no match
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_mynetworks status=0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_sasl_authenticated
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=permit_sasl_authenticated status=0
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=reject_unauth_destination
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: reject_unauth_destination: [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: permit_auth_destination: [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: ctable_locate: move existing entry key [email protected]
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: NOQUEUE: reject: RCPT from unknown[68.178.19.197]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<buck>
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: generic_checks: name=reject_unauth_destination status=2
    Nov 11 19:08:24 web4 postfix/smtpd[25394]: > unknown[68.178.19.197]: 554 5.7.1 <[email protected]>: Relay access denied

    dovecot -n
    # 1.2.9: /etc/dovecot/dovecot.conf
    # OS: Linux 2.6.32-52-generic-pae i686 Ubuntu 10.04.1 LTS ext4
    log_path: /var/log/dovecot.log
    log_timestamp: %Y-%m-%d %H:%M:%S
    protocols: imap pop3 imaps pop3s managesieve
    ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
    ssl_key_file: /etc/ssl/private/ssl-mail.key
    ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
    disable_plaintext_auth: no
    login_dir: /var/run/dovecot/login
    login_executable(default): /usr/lib/dovecot/imap-login
    login_executable(imap): /usr/lib/dovecot/imap-login
    login_executable(pop3): /usr/lib/dovecot/pop3-login
    login_executable(managesieve): /usr/lib/dovecot/managesieve-login
    mail_privileged_group: mail
    mail_uid: 5000
    mail_gid: 5000
    mail_location: /var/mail/%d/%n
    mbox_write_locks: fcntl dotlock
    mail_executable(default): /usr/lib/dovecot/imap
    mail_executable(imap): /usr/lib/dovecot/imap
    mail_executable(pop3): /usr/lib/dovecot/pop3
    mail_executable(managesieve): /usr/lib/dovecot/managesieve
    mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
    mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
    mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
    mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
    imap_client_workarounds(default): outlook-idle delay-newmail
    imap_client_workarounds(imap): outlook-idle delay-newmail
    imap_client_workarounds(pop3):
    imap_client_workarounds(managesieve):
    pop3_client_workarounds(default):
    pop3_client_workarounds(imap):
    pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
    pop3_client_workarounds(managesieve):
    lda:
    postmaster_address: [email protected]
    auth_socket_path: /var/run/dovecot/auth-master
    postmaster_address: postmaster
    mail_plugins: sieve
    quota_full_tempfail: yes
    deliver_log_format: msgid=%m: %$
    rejection_reason: Your message to <%t> was automatically rejected:%n%r
    auth default:
    passdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
    userdb:
    driver: static
    args: uid=5000 gid=5000 home=/var/mail/%d/%n allow_all_users=yes
    socket:
    type: listen
    client:
    path: /var/spool/postfix/private/dovecot-auth
    mode: 438
    user: postfix
    group: postfix
    master:
    path: /var/run/dovecot/auth-master
    mode: 438
    user: vmail
    group: vmail
    plugin:
    sieve: ~/.dovecot.sieve
    sieve_dir: ~/sieve

    postfix main.cf
    queue_directory = /var/spool/postfix

    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = no
    relay_recipient_maps = mysql:/etc/postfix/relay_recipient_maps.mysql.conf
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
    smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
    smtpd_use_tls = yes
    smtpd_delay_reject = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_tls_auth_only = no
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    #Enabling SMTP for authenticated users, and handing off authentication to Dovecot
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    # smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd.db
    smtpd_sasl_type = dovecot
    # smtpd_sasl_path = smtpd
    smtpd_sasl_path = private/dovecot-auth
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options =
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = yes
    smtp_tls_security_level = may
    smtpd_tls_security_level = may
    smtp_tls_note_starttls_offer = yes
    # smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    smtpd_sasl_authenticated_header = yes
    smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_unauth_pipelining, permit
    smtp_use_tls = yes
    smtpd_tls_mandatory_protocols = SSLv3, TLSv1
    smtpd_tls_mandatory_ciphers = medium

    myhostname = mailin.mydomain.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    # mydestination = mailin.mydomain.com, web4, localhost.localdomain, localhost
    mydestination = localhost, web4.mydomain.com
    virtual_transport = dovecot
    virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
    virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
    dovecot_destination_recipient_limit = 1
    relayhost =
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.6.0/24 50.43.121.0/24
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    home_mailbox = /var/mail
    # mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -n -m "${EXTENSION}"
    # virtual_mailbox_domains = /etc/postfix/vhosts
    virtual_mailbox_base = /var/mail
    # virtual_mailbox_maps = hash:/etc/postfix/vmaps
    virtual_minimum_uid = 1000
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000

    Postfix master.cf
    smtp inet n - n - - smtpd -v
    submission inet n - - - - smtpd -v
    # -o smtpd_tls_security_level=encrypt
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    smtps inet n - - - - smtpd -v
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
    #628 inet n - - - - qmqpd
    pickup fifo n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - - 300 1 oqmgr
    tlsmgr unix - - - 1000 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    # smtp unix - - - - - smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay unix - - - - - smtp
    -o smtp_fallback_relay=
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    dovecot unix - n n - - pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    # mailbox_transport = lmtp:inet:localhost
    # virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    # cyrus unix - n n - - pipe
    # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix - n n - - pipe
    # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}
     
    abcinc, Nov 12, 2013
    #1

Share This Page