Mailinglist Archive: opensuse (714 mails)

< Previous Next >
Re: [opensuse] Postfix/dovecot - allow relay from phone - How??
On 10/24/2011 02:46 PM, Lew Wolfgang wrote:
Hi David,

A couple of factors are at play here. (I hope I get this right)

First, you have to authenticate yourself to your mail server if you
want to relay mail. If you allow anonymous connections, spammers
will have their way with your server. But, sending usernames and
passwords in the clear over port 25 is also a risk, so you need to
wrap your authentication dialog with SSL/TLS.

Alright, that explains the port 587 need. Done (master.cf):

submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING


Two ports? The issue here is that many ISP's block outgoing port
25 to force you to use their own SMTP servers. Outgoing port 587
is usually open, allowing you to connect to your server via an
encrypted connection. Port 25 remains open allowing your server
to continue to accept mail for local accounts as usual.

All good on port 25 - I have all services through my ISP open (it's a business account ... and they stick it to you for it :)


There are other ways to do the authentication bit. I've used
pop-before-smtp in the past, which is a bit clunky, but it works.

OK, I've looked at popbsmpt on sourceforge. I guess that is the way to go. What I don't get is I can relay just fine from one computer to the next using my domains:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_client_access hash:/etc/postfix/client_access, reject_unauth_destination
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

So, I was hoping to do something similar with the phone.

This method blocks SMTP relaying until a successful authentication
dialog is negotiated via pop or imap. The sending IP address is
then opened for relaying for a defined period of time. This assumes
that people will check their incoming mail before trying to send.

Regards,
Lew

I've dorked with this for a while and I'm still stumbling along. When sending over 3G with Wifi turned off on the phone, I get errors similar to:


Oct 24 14:37:34 nirvana postfix/smtpd[17198]: warning: 166.137.9.141: hostname mobile-166-137-009-141.mycingular.net verification failed: Name or service not known
Oct 24 14:37:34 nirvana postfix/smtpd[17198]: connect from
unknown[166.137.9.141]
Oct 24 14:37:35 nirvana postfix/smtpd[17198]: NOQUEUE: reject: RCPT from unknown[166.137.9.141]: 554 5.7.1 Service unavailable; Client host [166.137.9.141] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=166.137.9.141; from=<david@xxxxxxxxxxxx> to=<david@xxxxxxxxxxxxxxxxx> proto=ESMTP helo=<[10.62.20.220]>
Oct 24 14:37:35 nirvana postfix/smtpd[17198]: disconnect from unknown[166.137.9.141]

spamhaus killed this message so I nuked the rbl check:

#smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unknown_client
smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_client

then the error became:

Oct 24 15:06:34 nirvana postfix/smtpd[17830]: NOQUEUE: reject: RCPT from unknown[166.137.9.141]: 450 4.7.1 Client host rejected: cannot find your hostname, [166.137.9.141]; from=<david@xxxxxxxxxxxx> to=<david@xxxxxxxxxxxxxxxxx> proto=ESMTP helo=<[10.62.20.220]>

then I just kicked postfix really hard and broke it!

Oct 24 15:13:17 nirvana postfix/smtpd[18332]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

So I decided to go back to the drawing board and read a bit more... Surely there is a good howto on this somewhere.... Thanks again and if you have any other thoughts, let me know.


--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >