From: Trevor Antczak (no email)
Date: Thu Mar 01 2007 - 19:38:47 EST
OK, this makes sense. A grep of main.cf shows check_sender_access
twice:
smtpd_sender_restrictions = check_sender_access ldap:ldapcheckexternal
smtpd_recipient_restrictions =
check_sender_access ldap:ldap_restrictions,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
In both cases it references ldap maps. I need to figure out how to
access those maps and see what they have in them to fix this I guess.
This is an OpenXchange server, so I didn't do a lot of the original
configuration stuff. I'm having to work out what was done automagically
by the installer to fix problems that the GUI isn't built to handle.
Thanks for the help
Trevor
On Mar 01, 2007 05:55 PM, Noel Jones wrote:
>At 04:09 PM 3/1/2007, Trevor Antczak wrote:
>>I run a mailserver for my company here (lite3d.com). We¹re a high tech
>>type
>>place, and most of our users have laptops and high speed networks at
>>home.
>>They¹d like to be able to do work from home, but the problem is that
>>most of
>>them (us really) have Cox highspeed internet, which will not allow you
>>to
>>hook up to remote mailservers through its network. You have to send
>>all of
>>your mail through smtp.east.cox.net or it doesn¹t leave their network
>>(I
>>suppose one could set up a mailserver that listens on a non-standard
>>port
>>and bypass this, but it¹s probably not worth the effort).
>
>There is a standard alternate port called the submission port,
>587. Virtually all mail clients support sending mail to the
>submission port, and it's very rare to see this port blocked.
>
>There's probably a commented-out submission entry in your master.cf
>you can use as a starting point.
>
>The submission port is usually used along with TLS encryption and
>SASL authentication to prevent abuse and to insure privacy.
>
>If you enable the submission port with TLS and SASL for both internal
>and external use, your users' laptops will be able to send mail
>wherever they are without needing to select an alternate
>config. You'll also want to use TLS for your POP3/IMAP server so
>your users can read mail securely.
>
>>Our mailserver is setup to reject mail that appears to be from
>>lite3d.com
>>but is not coming from a lite3d.com server. This is a perfectly normal
>>and
>>common setting, and I ordinarily support it, but it¹s causing problems
>>right
>
>You did this by adding a check_sender_access map to your
>configuration that has an entry similar to
>lite3d.com REJECT
>You can either delete this entry or create a whitelist for the cox
>mail servers just prior to that check. Post your "postconf -n"
>output for detailed instructions.
>But if you enable the submission port you won't need to change this
>policy.
>
>
>--
>Noel Jones
>
|
|
|