John wrote:
Hi,
I'm still trying to send email from my mobile phone through my Postfix (on SuSE 10.0) server. I believe I have a TLS connection set up and working but the server does not allow me to relay mail from my phone to external recipients. Copy of log for such an attempt follows:
[snip...]
Sep 17 19:09:49 General postfix/smtpd[19573]: SSL_accept:SSLv3 flush data Sep 17 19:09:49 General postfix/smtpd[19573]: TLS connection established from host212-183-132-39.uk.access.vodafone.net[212.183.132.39]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Okay, TLS seems to work. But TLS is NOT, I repeat NOT an authentication method! TLS merely provides an encrypted channel where you can exchange data between server and client without worrying who else is listening between.
Sep 17 19:09:52 General postfix/smtpd[19573]: NOQUEUE: reject: RCPT from host212-183-132-39.uk.access.vodafone.net[212.183.132.39]: 554 <Recipient@ntlworld.com>: Relay access denied; from=<Sender@DMJ-Consultancy.co.uk> to=<Recipient@ntlworld.com> proto=ESMTP helo=<[xxx.xxx.xxx.xxx]>
This indicates that no authentication has taken place. Please check first that your server actually offers authentication and then check the client (your phone), if it actually is configured with username/password to authenticate.
I am reluctant to put the vodafone.net IP subnet address (212.183.132.0/24) in mynetworks since I fear this could then open me to being a relay for that set of addresses. (the last octet is not always 39).
Very good! Yes, that would indeed make you an open relay for that network. Don't do that. Set up smtp auth on your server and client instead.
How can I allow mail with from=<?@DMJ-Consultancy.co.uk> to pass through my server from my phone?
(Bizarrely, if I send an email to myself from my phone, it gets relayed as one of the mydestination names.)
You don't use fully qualified names. Postfix will qualify it later. Usually you reject recipients/senders with non_fqdn_names.
(Phone = Nokia 9300i configured to use StartTLS when sending email)
Set up smtp auth on server and client. For further help please send the output of "saslfinger -s" of your Postfix box to the list. Patrick's Saslfinger is a script you can easily find. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org