David C. Rankin wrote:
Alright, that explains the port 587 need. Done (master.cf):
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Additionally I have: -o smtpd_sasl_security_options=noanonymous -o smtpd_etrn_restrictions=reject When you're using TLS, plaintext auth is fine. I'm not sure exactly what smtpd_etrn_restrictions=reject does, I think I picked that up in the postfix documentation.
There are other ways to do the authentication bit. I've used pop-before-smtp in the past, which is a bit clunky, but it works.
OK, I've looked at popbsmpt on sourceforge. I guess that is the way to go.
No real reason to - the setup above should work just fine.
What I don't get is I can relay just fine from one computer to the next using my domains:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_unauth_destination ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
So, I was hoping to do something similar with the phone.
Your computers are presumably inside "mynetworks", whereas your phone is presumably not. With an external entity outside your control, I know of no better way than sasl+tls.
I've dorked with this for a while and I'm still stumbling along. When sending over 3G with Wifi turned off on the phone, I get errors similar to:
Oct 24 14:37:34 nirvana postfix/smtpd[17198]: warning: 166.137.9.141: hostname mobile-166-137-009-141.mycingular.net verification failed: Name or service not known
Not a real problem. It is due "mobile-166-137-009-141.mycingular.net" not being mapped to "166.137.9.141". Poor DNS setup on your providers side.
Oct 24 14:37:34 nirvana postfix/smtpd[17198]: connect from unknown[166.137.9.141] Oct 24 14:37:35 nirvana postfix/smtpd[17198]: NOQUEUE: reject: RCPT from unknown[166.137.9.141]: 554 5.7.1 Service unavailable; Client host [166.137.9.141] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=166.137.9.141; from=<david@mydomain.com> to=<david@myotherdomain.com> proto=ESMTP helo=<[10.62.20.220]> Oct 24 14:37:35 nirvana postfix/smtpd[17198]: disconnect from unknown[166.137.9.141]
So your rbl restriction kicked in instead of the permit_sasl_authenticated - I don't see any evidence of authentication having happened?
spamhaus killed this message so I nuked the rbl check:
#smtpd_client_restrictions = permit_sasl_authenticated, #reject_rbl_client zen.spamhaus.org, reject_unknown_client smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_client
then the error became:
Oct 24 15:06:34 nirvana postfix/smtpd[17830]: NOQUEUE: reject: RCPT from unknown[166.137.9.141]: 450 4.7.1 Client host rejected: cannot find your hostname, [166.137.9.141]; from=<david@mydomain.com> to=<david@myotherdomain.com> proto=ESMTP helo=<[10.62.20.220]>
This is due to 'reject_unknown_client'.
So I decided to go back to the drawing board and read a bit more... Surely there is a good howto on this somewhere....
There is plenty out there - the plain postfix documentation and HOWTOs are all pretty good, and there is also http://www.postfix-book.com/
Thanks again and if you have any other thoughts, let me know.
I suspect a problem in authentication. If you were to turn on debugging you'd see exactly what is happening. -- Per Jessen, Zürich (7.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org