Okay bear with me. I was asked to look at a server that hadn't been updated in four years. One update of Webmin killed the postfix, something I had never touched and I've learned a lot browsing and googling all weekend. I'll be as clear as I can. The issue is "554 5.7.1 <[email protected]>: Relay access denied" when emailing from a virtual domain. There are three domains with some 184 email accounts setup under postfix.admin. The following contains some sanitized data. *PUBLICDOMAIN* is one of the 'virtual domains' and *HOSTDOMAIN* is the unmanaged service address: Results of nmap smtp.*PUBLICDOMAIN*.com from my home PC: Code: Nmap scan report for smtp.*PUBLICDOMAIN*.com (67.225.2**.2**) Host is up (0.034s latency). rDNS record for 67.225.2**.2**: host.*HOSTDOMAIN.com Not shown: 90 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 25/tcp open smtp Postfix smtpd 80/tcp open http Apache httpd 443/tcp open ssl/http Apache httpd 465/tcp closed smtps 631/tcp closed ipp 993/tcp open ssl/imap Dovecot imapd 995/tcp open pop3s? 8000/tcp closed http-alt 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 Results of mxtoolbox smtp.*PUBLICDOMAIN*.com: Code: Status Result OK - 67.225.2**.2** resolves to host.*HOSTDOMAIN*.com OK - Reverse DNS matches SMTP Banner OK - Supports TLS. 0 seconds - Good on Connection time OK - Not an open relay. 0.374 seconds - Good on Transaction Time EHLO please-read-policy.mxtoolbox.com 250-mail.*HOSTDOMAIN*.com 250-PIPELINING 250-SIZE 51200000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN [47 ms] MAIL FROM: <[email protected]> 250 2.1.0 Ok [47 ms] RCPT TO: <[email protected]> 554 5.7.1 <[email protected]>: Relay access denied [78 ms] QUIT 221 2.0.0 Bye [47 ms] ls -la /etc/postfix Code: [root@HOSTNAME postfix]# ls -la drwxr-xr-x 3 root root 4096 May 21 08:07 . drwxr-xr-x 88 root root 12288 May 21 01:13 .. -rw-r--r-- 1 root root 17832 Apr 15 17:03 access drwxr-xr-x 2 root root 4096 May 21 07:48 backups -rw-r--r-- 1 root root 3550 Apr 15 17:03 bounce.cf.default -rw-r--r-- 1 root root 11175 Apr 15 17:03 canonical -rw-r--r-- 1 root root 9920 Apr 15 17:03 generic -rw-r--r-- 1 root root 16838 Apr 15 17:03 header_checks -rw-r--r-- 1 root root 20 Apr 14 2008 header_checks.rpmsave -rw-r--r-- 1 root root 11942 Apr 15 17:03 LICENSE -rw-r--r-- 1 root root 1963 May 21 08:07 main.cf -rw-r--r-- 1 root root 1192 Apr 15 17:03 makedefs.out -rw-r--r-- 1 root root 1192 Jul 20 2007 makedefs.out.rpmsave -rw-r--r-- 1 root root 4137 Apr 15 17:03 master.cf -rw-r--r-- 1 root root 3965 May 20 17:12 master.cf.rpmsave -rw-r--r-- 1 root root 1579 May 20 16:04 postconf.txt -rw-r--r-- 1 root root 17639 Apr 15 17:03 postfix-files -rwxr-xr-x 1 root root 6366 Apr 15 17:03 postfix-script -rwxr-xr-x 1 root root 22564 Apr 15 17:03 post-install -rw------- 1 root root 1024 May 21 18:26 prng_exch -rw-r--r-- 1 root root 6805 Apr 15 17:03 relocated lrwxrwxrwx 1 root root 8 May 20 09:56 ssl -> /etc/ssl -rw-r--r-- 1 root root 1629 Apr 15 17:03 TLS_LICENSE -rw-r--r-- 1 root root 12081 Apr 15 17:03 transport -rw-r--r-- 1 root root 12288 Dec 22 2010 transport.db -rw-r--r-- 1 root root 39 May 13 2009 transport.rpmsave -rw-r--r-- 1 root root 11984 Apr 15 17:03 virtual -rw-r----- 1 root postfix 126 Sep 18 2008 virtual_alias.cf -rw-r----- 1 root postfix 174 Nov 20 2008 virtual_domains.cf -rw-r----- 1 root postfix 174 Sep 18 2008 virtual_mailbox.cf ls -la /etc/postfix/backups ( where I've had different variations of main.cf archived {post breaking sadly} ) Code: -rw-r----- 1 root root 1754 Sep 30 2008 main.cf.backup -rw-r--r-- 1 root root 1963 May 21 03:54 main.cf.backup.21.5.2012 -rw-r--r-- 1 root root 17981 Apr 15 17:03 main.cf.default -rw-r--r-- 1 root root 26737 May 20 18:16 main.cf.mysqlversiondefualtinstall.cf -rw-r--r-- 1 root root 1963 May 20 09:44 main.cf.orig.backup.20-5-2012 -rw-r--r-- 1 root root 26737 May 20 17:49 main.cf.outboundworks.20-5-2012 -rw-r--r-- 1 root root 1963 May 20 16:03 main.cf.rpmsave So everything I've read seems to point to main.cf As it is right now Code: command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix setgid_group = postdrop myhostname = mail.*HOSTDOMAIN*.com myorigin = $mydomain mydestination = localhost.$mydomain unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases transport_maps = hash:/etc/postfix/transport ############################## # Virtual domain setup # control what domains and users postfix will accept mail for ############################## virtual_mailbox_domains = mysql:/etc/postfix/virtual_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox.cf virtual_alias_maps = mysql:/etc/postfix/virtual_alias.cf virtual_mailbox_base = /home/mail virtual_uid_maps = static:110 virtual_gid_maps = static:110 header_checks = regexp:/etc/postfix/header_checks debug_peer_level = 2 #debug_peer_list = cableone.net debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 >$config_directory/$process_name.$process_id.log & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES smtpd_sasl_type=dovecot smtpd_sasl_path=private/auth smtpd_sender_restrictions = permit_sasl_authenticated permit_mynetworks reject_non_fqdn_sender reject_unknown_sender_domain permit smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination disable_vrfy_command = yes broken_sasl_auth_clients = yes smtpd_use_tls = yes smtpd_tls_auth_only=yes smtpd_tls_key_file = /etc/httpd/conf/ssl/webmail_*PUBLICDOMAIN*_com.key smtpd_tls_cert_file = /etc/httpd/conf/ssl/webmail_*PUBLICDOMAIN*_com.bundle smtpd_tls_log_level=3 message_size_limit=51200000 This is allowing mail from *HOSTDOMAIN* to be sent out anywhere. And all incoming mail to *PUBLICDOMAIN* works, and *PUBLICDOMAIN* to *PUBLICDOMAIN* works. But *PUBLICDOMAIN* to anything else gives Code: 554 5.7.1 <[email protected]>: Relay access denied I have tried multiple variations of editing smtpd_sender_restrictions ( if there is none I read it wont work), smtpd_recipient_restrictions, disabling smtpd_use_tls. Adding $localhost, $mydomain, gmail.com, *mygoogleappurl*.net, google.com, mycollegeurl.edu to mydestination. I dont see where $mydomain is set and "echo $mydomain" gave nothing... Any suggestions?
Yes if I do that I get. Code: None of the authentication methods supported by this client are supported by your server.
Some additional thoughts, this also has Dovecot ( seems to be working just fine ) MailScanner, SpamAssassin, and Procmail (Procmail is not enabled in your Postfix configuration. The configuration file /etc/postfix/main.cf must have the mailbox_command option set to /usr/bin/procmail.) installed.
Can you type Code: telnet localhost 25 on your server, and then, when it waits for input, Code: ehlo localhost ? What's the output?
Code: telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.*HOSTDOMAIN*.com ESMTP Postfix ehlo localhost 250-mail.*HOSTDOMAIN*.com 250-PIPELINING 250-SIZE 51200000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
You should have lines like Code: 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN in the output, like on http://www.howtoforge.com/virtual-u...er-mysql-and-squirrelmail-ubuntu-12.04-lts-p4 Which guide did you use to set up the system? Can you try to add these lines in your main.cf? Code: smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes
