Mailinglist Archive: opensuse (714 mails)

< Previous Next >
Re: [opensuse] Postfix/dovecot - allow relay from phone - How??
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Tue, 25 Oct 2011 08:01:22 +0200
  • Message-id: <j85jbh$pp9$1@saturn.local.net>
David C. Rankin wrote:

Alright, that explains the port 587 need. Done (master.cf):

submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

Additionally I have:

-o smtpd_sasl_security_options=noanonymous
-o smtpd_etrn_restrictions=reject

When you're using TLS, plaintext auth is fine. I'm not sure exactly
what smtpd_etrn_restrictions=reject does, I think I picked that up in
the postfix documentation.

There are other ways to do the authentication bit. I've used
pop-before-smtp in the past, which is a bit clunky, but it works.

OK, I've looked at popbsmpt on sourceforge. I guess that is the way to
go.

No real reason to - the setup above should work just fine.

What I don't get is I can relay just fine from one computer to the
next using my domains:

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_client_access
hash:/etc/postfix/client_access, reject_unauth_destination
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

So, I was hoping to do something similar with the phone.

Your computers are presumably inside "mynetworks", whereas your phone is
presumably not. With an external entity outside your control, I know
of no better way than sasl+tls.

I've dorked with this for a while and I'm still stumbling along. When
sending over 3G with Wifi turned off on the phone, I get errors
similar to:


Oct 24 14:37:34 nirvana postfix/smtpd[17198]: warning: 166.137.9.141:
hostname mobile-166-137-009-141.mycingular.net verification failed:
Name or service not known

Not a real problem. It is due "mobile-166-137-009-141.mycingular.net"
not being mapped to "166.137.9.141". Poor DNS setup on your providers
side.

Oct 24 14:37:34 nirvana postfix/smtpd[17198]: connect from
unknown[166.137.9.141] Oct 24 14:37:35 nirvana postfix/smtpd[17198]:
NOQUEUE: reject: RCPT from unknown[166.137.9.141]: 554 5.7.1 Service
unavailable; Client host [166.137.9.141] blocked using
zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=166.137.9.141;
from=<david@xxxxxxxxxxxx> to=<david@xxxxxxxxxxxxxxxxx> proto=ESMTP
helo=<[10.62.20.220]> Oct 24 14:37:35 nirvana postfix/smtpd[17198]:
disconnect from unknown[166.137.9.141]

So your rbl restriction kicked in instead of the
permit_sasl_authenticated - I don't see any evidence of authentication
having happened?

spamhaus killed this message so I nuked the rbl check:

#smtpd_client_restrictions = permit_sasl_authenticated,
#reject_rbl_client
zen.spamhaus.org, reject_unknown_client
smtpd_client_restrictions = permit_sasl_authenticated,
reject_unknown_client

then the error became:

Oct 24 15:06:34 nirvana postfix/smtpd[17830]: NOQUEUE: reject: RCPT
from unknown[166.137.9.141]: 450 4.7.1 Client host rejected: cannot
find your hostname, [166.137.9.141]; from=<david@xxxxxxxxxxxx>
to=<david@xxxxxxxxxxxxxxxxx> proto=ESMTP helo=<[10.62.20.220]>

This is due to 'reject_unknown_client'.

So I decided to go back to the drawing board and read a bit more...
Surely there is a good howto on this somewhere....

There is plenty out there - the plain postfix documentation and HOWTOs
are all pretty good, and there is also http://www.postfix-book.com/

Thanks again and if you have any other thoughts, let me know.

I suspect a problem in authentication. If you were to turn on debugging
you'd see exactly what is happening.


--
Per Jessen, Zürich (7.9°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >