On 10/07/2011 01:40 AM, Per Jessen wrote:
Wolfgang Rosenauer wrote:
Hi,
Am 07.10.2011 01:02, schrieb David C. Rankin:
The error I get is basically:
Oct 3 16:27:27 nirvana postfix/smtpd[16604]: connect from unknown[166.205.10.236] Oct 3 16:27:28 nirvana postfix/smtpd[16604]: NOQUEUE: reject: RCPT from unknown[166.205.10.236]: 554 5.7.1 Service unavailable; Client host [166.205.10.236] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=166.205.10.236; from=<david@mydomain.com> to=<Drankin@otherdomain.com> proto=ESMTP helo=<[10.16.59.185]> Oct 3 16:27:28 nirvana postfix/smtpd[16604]: disconnect from unknown[166.205.10.236]
From TLS my server knows it's me (i.e. from=<david@mydomain.com>) and it is killing the relay. That's where I'm stuck. Anybody else got this ironed out??
Not sure if your configuration is correct so far but the spamhaus reject is configured in some other smtpd_*_restrictions. Likely in smtpd_client_restrictions what's evaluated before the recipient restrictions. Since you haven't posted the other restriction setting I can only guess that you need to add permit_sasl_authenticated before the reject_rbl_client zen.spamhaus.org.
That would work, but why even bother with an rbl check for this kind of traffic? Set up a separate smtpd on port 587.
Per, Wolfgang, All.. I'm just getting back to this issue. I am trying to get the idea of having the iphone submit on port 587 sorted out if that is what I need to do to be able to relay across my server when not connected to the LAN. Are you talking about enabling a second port with: smtp inet n - n - - smtpd 587 inet n - n - - smtpd in master.cf as referenced in: http://www.howtoforge.com/forums/archive/index.php/t-4788.html I have seen two different references. One giving the suggestion above, and the other simply uncommenting the 'submission' line in master.cf to enable submission on port 587. What I don't want to do is mess up my port 25 normal operations. That's the part I don't have sorted yet. The "what do I need to do to enable relay from the phone (on whatever port) and not mess up the normal server operations for the rest of the mail?" Why the second port anyway? Can't I just configure postfix to authenticate me from my phone and just send using port 25? There may very well be valid reason that configuring on port 587 is better and the way to go, but that's what I'm trying to figure out... I've tried adding the permit_sasl_authenticated before the rbl check, but I'm still blocked from sending from the phone. It has been a long time since I've been back through my postfix config. Currently this server functions as the mail server for its domain and as a backup mail server for my office. Current config is: [14:04 nirvana:/home/david] # postconf -n alias_database = $alias_maps alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailbox_size_limit = 102400000 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 20480000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = nirvana.3111skyline.com mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_interfaces = 66.76.63.120 queue_directory = /var/spool/postfix readme_directory = no relay_domains = rlfpllc.com, rbpllc.com, rankinfirm.com, rankinlawfirm.com, drrankin.com sample_directory = /etc/postfix/sample sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unknown_client smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes unknown_local_recipient_reject_code = 550 All the normal mail server operation work fine, so the question of the day is what do I need to do to be able to send email from my phone across my server? Any links that you have used would be appreciated. One stumbling block is there are many, many conflicting posts since 2007 on the topic, so finding good information has been a challenge. A quick go-by of changes to main.cf and master.cf would be great. I'd love to see a working configuration :) -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org