Hallo liebe Liste,
ich habe ein Konfigurationsproblem mit dem postfix-Server. Ich kann zwar von
Clients, die sich authentifizieren (SMTPAUTH) Mails versenden, nicht aber
vom Webmail-Client, auch die mit fetchmail abgeholten Mails werden
zurückgewiesen. Fehler: "relay access denied".
Für mich sieht es so aus, als würde postfix generell keine Mails ohne
Authentifizierung akzeptieren, auch nicht von localhost. Ich weiss
allerdings nicht, was ich ändern muss.
Die Fehlermeldung des Webmail-Clients:
Your message could not be sent!
The mail server returned:
Array
(
[code] => 554
[msg] => : Relay access denied
[desc] =>
[server_chat] =>
c->s: fsockopen(localhost,25,0,,5) ; returned: Resource id #32
s->c: 220 admin.oes.gympeg.de ESMTP Postfix
c->s: EHLO schulserver.oes.gympeg.de
s->c: 250-admin.oes.gympeg.de
s->c: 250-PIPELINING
s->c: 250-SIZE 30000000
s->c: 250-VRFY
s->c: 250-ETRN
s->c: 250-XVERP
s->c: 250 8BITMIME
c->s: MAIL FROM:
s->c: 250 Ok
c->s: RCPT TO:
s->c: 554 : Relay access denied
)
Meine Postfix-Konfiguration:
sendmail_path= /usr/sbin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path= /usr/sbin/sendmail
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path= /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group= maildrop
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory= /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
#
sample_directory= /usr/share/doc/packages/postfix/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory= /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory= /var/mail
canonical_maps= hash:/etc/postfix/canonical
virtual_maps= ldap:ldapvuser,hash:/etc/postfix/virtual
relocated_maps= hash:/etc/postfix/relocated
transport_maps= hash:/etc/postfix/transport
sender_canonical_maps= hash:/etc/postfix/sender_canonical
masquerade_exceptions= root
masquerade_classes= envelope_sender, header_sender, header_recipient
myhostname= admin.oes.gympeg.de
inet_interfaces= mailserver, localhost
masquerade_domains= $mydomain
mydestination= myhostname, localhost.$mydomain, ldap:ldapvdom
defer_transports=
disable_dns_lookups= no
relayhost= ssl.its-steier.de
content_filter=
mailbox_command=
mailbox_transport= lmtp:unix:public/lmtp
smtpd_sender_restrictions= hash:/etc/postfix/access
smtpd_client_restrictions= permit_sasl_authenticated
smtpd_helo_required= no
smtpd_helo_restrictions=
strict_rfc821_envelopes= no
smtpd_recipient_restrictions= check_sender_access
ldap:ldaprestricted,permit_tls_clientcerts,permit_sasl_authenticated,reject_
unauth_destination, reject
alias_maps= hash:/etc/aliases,hash:/etc/aliases.d/slss,ldap:ldapaliases
alias_database= hash:/etc/aliases,hash:/etc/aliases.d/slss
local_destination_concurrency_limit= 10
mailbox_size_limit= 0
message_size_limit= 30000000
mynetwork= 127.0.0.0/8, 192.168.0.0/255.255.0.0
myorigin= $mydomain
recipient_delimiter= +
# relay_clientcerts= ldap:ldaprelcert
smtpd_tls_ask_ccert= yes
smtpd_tls_received_header= yes
tls_daemon_random_source= dev:/dev/urandom
tls_random_source= dev:/dev/urandom
# alias database for SuSE Linux Openschool Server
ldapaliases_server_host= ldap
ldapaliases_server_port= 389
ldapaliases_bind= no
ldapaliases_timeout= 20
ldapaliases_search_base= dc=oes,dc=gympeg,dc=de
ldapaliases_query_filter=
(|(alias=%s)(&(fn=%s)(objectclass=SuSEIMAPFolderObject)))
ldapaliases_result_attribute= uid,mailDeliveryProgram,deliverToUID
ldapaliases_scope= one
# virtual user database for SuSE Linux Openschool Server
ldapvuser_server_host= ldap
ldapvuser_server_port= 389
ldapvuser_bind= no
ldapvuser_timeout= 20
ldapvuser_search_base= dc=oes,dc=gympeg,dc=de
ldapvuser_query_filter=
(|(&(objectclass=SuSEVirtUserObject)(vaddress=%s))(&(objectclass=dNSZone)(re
lativeDomainName=@)(zoneName=%s)(MTALocaldomain=%s)))
ldapvuser_result_attribute= uid,MTALocaldomain
ldapvuser_scope= sub
# this is used for client certificate based relaying
ldaprelcert_server_host= ldap
ldaprelcert_server_port= 389
ldaprelcert_bind= no
ldaprelcert_timeout= 20
ldaprelcert_search_base= dc=oes,dc=gympeg,dc=de
ldaprelcert_query_filter= (relayClientcert=%s)
ldaprelcert_result_attribute= uid
ldaprelcert_scope= one
# this is used for mail transport maps
ldaptransport_server_host= localhost
ldaptransport_server_port= 389
ldaptransport_bind= no
ldaptransport_timeout= 20
ldaptransport_search_base= ou=MailTransports,dc=oes,dc=gympeg,dc=de
ldaptransport_query_filter=
(&(objectclass=SuSEMailTransportObject)(smtpDomain=%s))
ldaptransport_result_attribute= smtpDomainTransportNexthop
ldaptransport_scope= one
# this is used for mydestination map
ldapvdom_server_host= localhost
ldapvdom_server_port= 389
ldapvdom_bind= no
ldapvdom_timeout= 20
ldapvdom_search_base= o=DNS,dc=oes,dc=gympeg,dc=de
ldapvdom_query_filter=
(&(objectclass=dNSZone)(relativeDomainName=@)(zoneName=%s)(MTALocaldomain=tr
ue))
ldapvdom_result_attribute= zoneName
ldapvdom_scope= sub
# Restriction for Students
ldaprestricted_server_host= ldap
ldaprestricted_server_port= 389
ldaprestricted_bind= no
ldaprestricted_timeout= 20
ldaprestricted_search_base= dc=oes,dc=gympeg,dc=de
ldaprestricted_query_filter= (mail=%s)
ldaprestricted_result_attribute= mailenabled
ldaprestricted_scope= one
smtpd_restriction_classes= local_only
local_only= check_recipient_access hash:/etc/postfix/local_domains,
ldap:vdom, reject
smtp_sasl_security_options= noanonymous
# smtpd_tls_CAfile= /etc/ssl/CA/usedCA.pem
# smtpd_use_tls= yes
# smtpd_tls_cert_file= /etc/ssl/certs/cert.pem
smtp_sasl_password_maps= hash:/etc/postfix/saslpasswd
smtpd_sasl_security_options= noanonymous
# smtpd_tls_key_file= /etc/ssl/certs/skey.pem
smtp_sasl_auth_enable= yes
smtpd_sasl_auth_enable= yes
Im Voraus vielen Dank!
Viele Grüße,
Christian Steier
