postfix and dovecot sasl not relaying mail

From: Dave (no email)
Date: Thu Apr 17 2008 - 00:15:58 EDT

  • Next message: Ralf Hildebrandt: "Re: postfix and dovecot sasl not relaying mail"

    Hello,
        I've got postfix i think it's 2.3 or 2.4 installed on an fc6 vps as well
    as dovecot 1.0.4 I think. I've got dovecot working with postfix virtual
    mailbox domains, none of my users have unix accounts. Users can retrieve
    their mail, but sending doesn't work, my recipient restrictions has
    permit_sasl_authenticated first, which isn't happening. My thinking is if
    users can retrieve mail then dovecot sasl auth is working, postconf -a does
    show dovecot along with cyrus, but smtps is not. Relevant parts of postfix
    and dovecot configuration files are below. I'd appreciate any suggestions.
        Thanks.
    Dave.

    main.cf:
    mynetworks_style = host
    alias_maps = hash:/etc/postfix/aliases
    alias_database = hash:/etc/postfix/aliases
    home_mailbox = Maildir/
    virtual_mailbox_domains = /etc/postfix/vhosts
    virtual_mailbox_base = /home/vmail
    virtual_mailbox_maps = hash:/etc/postfix/vmaps
    virtual_minimum_uid = 1000
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    virtual_alias_maps = hash:/etc/postfix/virtual
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1
    strict_rfc821_envelopes = yes
    smtpd_helo_required = yes
    disable_vrfy_command = yes
    smtpd_sender_restrictions =
     permit_sasl_authenticated,
     permit_mynetworks,
     reject_non_fqdn_sender,
     reject_unknown_sender_domain,
     reject_unauth_pipelining
     reject_sender_login_mismatch
     reject_rhsbl_sender dsn.rfc-ignorant.org,
    smtpd_recipient_restrictions =
     permit_sasl_authenticated,
     permit_mynetworks,
         reject_unauth_destination,
     reject_invalid_hostname,
         reject_non_fqdn_hostname,
         reject_non_fqdn_sender,
         reject_non_fqdn_recipient,
         reject_unknown_sender_domain,
         reject_unknown_recipient_domain,
     reject_unverified_recipient
     reject_multi_recipient_bounce,
     check_helo_access pcre:/etc/postfix/helo_checks.pcre
     check_sender_mx_access cidr:/etc/postfix/bogus_mx
     reject_rhsbl_sender dsn.rfc-ignorant.org
     reject_rbl_client multi.uribl.com,
    # this next line checks all senders for validity
     #reject_unverified_sender
     # this option does selective sender address verification based on the
    contents of the map
     check_sender_access hash:/etc/postfix/common_spam_senderdomains
     #check_policy_service inet:127.0.0.1:10023
    #check_policy_service unix:private/policy
    smtpd_data_restrictions = reject_unauth_pipelining
    # Additions for SASL / TLS / Auth:
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $mydomain
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
     #TLS
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtpd_tls_auth_only = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
    smtpd_tls_CAfile = /etc/postfix/ssl/ca-cert.pem
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    smtpd_tls_loglevel = 1
    smtpd_client_restrictions =
     check_recipient_access hash:/etc/postfix/recipient_access
     #check_client_access cidr:/etc/postfix/whitelist.cf
     #check_client_access cidr:/etc/postfix/blacklist.cf
     reject_rbl_client images.rbl.msrbl.net,
     reject_rbl_client list.dsbl.org
         reject_rbl_client zen.spamhaus.org,
    smtpd_soft_error_limit = 2
    smtpd_hard_error_limit = 5
    smtpd_error_sleep_time = 10s
    # address verification and caching
    address_verify_map = btree:/var/spool/postfix/verified_senders
    # do not cache negative responses
    #address_verify_negative_cache = no
    # sets up a restriction class of what external clients may and may not use
    as their envelope sender, not my domain name and not my private ip's yet
    internal clients may do so
    smtpd_restriction_classes =
     has_our_domain_as_sender
    has_our_domain_as_sender =
     check_sender_access hash:/etc/postfix/our_domain_as_sender
     reject

    dovecot.conf:
    # 1.0.3: /etc/dovecot.conf
    base_dir: /var/run/dovecot/
    log_path: /var/log/dovecot.log
    protocols: pop3s
    listen: 74.208.64.129
    ssl_ca_file: /etc/dovecot/ca-cert.pem
    ssl_cert_file: /etc/dovecot/pop.cert
    ssl_key_file: /etc/dovecot/pop.key
    ssl_cipher_list: ALL:!LOW
    disable_plaintext_auth: yes
    login_dir: /var/run/dovecot/login
    login_executable: /usr/libexec/dovecot/pop3-login
    mail_extra_groups: mail
    mail_location: maildir:/home/vmail/%d/%n
    maildir_copy_with_hardlinks: yes
    mail_executable: /usr/libexec/dovecot/pop3
    mail_plugin_dir: /usr/lib64/dovecot/pop3
    pop3_client_workarounds: outlook-no-nuls oe-ns-eoh
    auth default:
      user: vmail
      verbose: yes
      passdb:
        driver: passwd-file
        args: /etc/dovecot/passwd
      userdb:
        driver: passwd-file
        args: /etc/dovecot/users
      socket:
        type: listen
        client:
          path: /var/spool/postfix/private/auth
          mode: 432
          user: postfix
          group: postfix
        master:
          path: /var/run/dovecot/auth-master
          mode: 384


  • Next message: Ralf Hildebrandt: "Re: postfix and dovecot sasl not relaying mail"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD