Mailinglist Archive: opensuse (714 mails)

< Previous Next >
Re: [opensuse] Postfix/dovecot - allow relay from phone - How??
On 10/07/2011 01:40 AM, Per Jessen wrote:
Wolfgang Rosenauer wrote:

Hi,

Am 07.10.2011 01:02, schrieb David C. Rankin:
The error I get is basically:

Oct 3 16:27:27 nirvana postfix/smtpd[16604]: connect from
unknown[166.205.10.236]
Oct 3 16:27:28 nirvana postfix/smtpd[16604]: NOQUEUE: reject: RCPT
from unknown[166.205.10.236]: 554 5.7.1 Service unavailable; Client
host
[166.205.10.236] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=166.205.10.236;
from=<david@xxxxxxxxxxxx> to=<Drankin@xxxxxxxxxxxxxxx> proto=ESMTP
helo=<[10.16.59.185]>
Oct 3 16:27:28 nirvana postfix/smtpd[16604]: disconnect from
unknown[166.205.10.236]

From TLS my server knows it's me (i.e. from=<david@xxxxxxxxxxxx>)
and
it is killing the relay. That's where I'm stuck. Anybody else got
this ironed out??

Not sure if your configuration is correct so far but the spamhaus
reject is configured in some other smtpd_*_restrictions. Likely in
smtpd_client_restrictions what's evaluated before the recipient
restrictions.
Since you haven't posted the other restriction setting I can only
guess that you need to add permit_sasl_authenticated before the
reject_rbl_client zen.spamhaus.org.

That would work, but why even bother with an rbl check for this kind of
traffic? Set up a separate smtpd on port 587.



Per, Wolfgang, All..

I'm just getting back to this issue. I am trying to get the idea of having the iphone submit on port 587 sorted out if that is what I need to do to be able to relay across my server when not connected to the LAN. Are you talking about enabling a second port with:

smtp inet n - n - - smtpd
587 inet n - n - - smtpd

in master.cf as referenced in:

http://www.howtoforge.com/forums/archive/index.php/t-4788.html

I have seen two different references. One giving the suggestion above, and the other simply uncommenting the 'submission' line in master.cf to enable submission on port 587.

What I don't want to do is mess up my port 25 normal operations. That's the part I don't have sorted yet. The "what do I need to do to enable relay from the phone (on whatever port) and not mess up the normal server operations for the rest of the mail?"

Why the second port anyway? Can't I just configure postfix to authenticate me from my phone and just send using port 25? There may very well be valid reason that configuring on port 587 is better and the way to go, but that's what I'm trying to figure out...

I've tried adding the permit_sasl_authenticated before the rbl check, but I'm still blocked from sending from the phone. It has been a long time since I've been back through my postfix config. Currently this server functions as the mail server for its domain and as a backup mail server for my office. Current config is:

[14:04 nirvana:/home/david] # postconf -n
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 102400000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 20480000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = nirvana.3111skyline.com
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
proxy_interfaces = 66.76.63.120
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = rlfpllc.com, rbpllc.com, rankinfirm.com, rankinlawfirm.com, drrankin.com
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
unknown_local_recipient_reject_code = 550

All the normal mail server operation work fine, so the question of the day is what do I need to do to be able to send email from my phone across my server? Any links that you have used would be appreciated. One stumbling block is there are many, many conflicting posts since 2007 on the topic, so finding good information has been a challenge.

A quick go-by of changes to main.cf and master.cf would be great. I'd love to see a working configuration :)


--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >