Hi everybody,

Finally i have some good news. Craig was right, and gave me a clue. Then I've been following this guide http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.html and added authentication to my smtp.

The only thing was missing to my configuration was authentication for smtp. When I added it, it started working.

So thank you very much. Now, the only, problem I'm having is incoming mail is being rejected with message "Client host rejected: Access denied;". So I'm going to see what can I do with it.

I want to thank everybody, you have been very helpfully



2011/10/30 Craig White <craigwhite@azapple.com>
On Sun, 2011-10-30 at 20:25 -0300, Matías Montenegro wrote:
> Thanks for you answer ceil, but it didn't worked out. I don't know
> what else can i try.
>
> 2011/10/30 Cecil Yother, Jr. <cj@yother.com>
>         I believe you need a relayhost entry.  I use qmail and it's
>         been a while since I used Postfix.  I am pretty sure this is
>         where you problem lie though.
>
>         relayhost=smtp.mydomain.com  or relayhost=localhost
>
>
>
>         On 10/30/2011 03:37 PM, Matías Montenegro wrote:
>         > Apparently I had to install libsasl2-module. Now smtp seems
>         > to work fine, but now I have this problem:
>         >
>         > When i send an email to any domain outside the server (like
>         > something@yahoo.com) , postfix says: "Relay access denied"
>         >
>         > my /etc/postfix/main.cf looks like this:
>         >
>         > # See /usr/share/postfix/main.cf.dist for a commented, more
>         > complete version
>         >
>         >
>         > # Debian specific:  Specifying a file name will cause the
>         > first
>         > # line of that file to be used as the name.  The Debian
>         > default
>         > # is /etc/mailname.
>         > #myorigin = /etc/mailname
>         >
>         > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>         > biff = no
>         >
>         > # appending .domain is the MUA's job.
>         > append_dot_mydomain = no
>         >
>         > # Uncomment the next line to generate "delayed mail"
>         > warnings
>         > #delay_warning_time = 4h
>         >
>         > virtual_alias_maps = hash:/etc/postfix/virtual
>         > readme_directory = no
>         >
>         > # TLS parameters
>         > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
>         > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
>         > smtpd_use_tls=yes
>         > smtpd_tls_session_cache_database = btree:
>         > ${data_directory}/smtpd_scache
>         > smtp_tls_session_cache_database = btree:
>         > ${data_directory}/smtp_scache
>         >
>         > # See /usr/share/doc/postfix/TLS_README.gz in the
>         > postfix-doc package for
>         > # information on enabling SSL in the smtp client.
>         > smtpd_sasl_auth_enable = yes
>         > smtpd_sasl_local_domain = MYDOMAIN
>         > smtpd_recipient_restrictions = permit_mynetworks,
>         > permit_sasl_authenticated, reject_unauth_destination
>         >
>         > smtpd_sasl_security_options = noanonymous
>         > smtpd_sasl_authenticated_header = yes
>         > smtpd_sasl_application_name = smtpd
>         > broken_sasl_auth_clients = yes
>         >
>         > myhostname = debian
>         > alias_maps = hash:/etc/aliases
>         > alias_database = hash:/etc/aliases
>         > myorigin = /etc/mailname
>         > mydestination =  localhost
>         > relayhost =
>         > mynetworks = MailScanner warning: numerical links are often
>         > malicious: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>         > mailbox_size_limit = 0
>         > recipient_delimiter = +
>         > inet_interfaces = all
>         >
>         >
>         > Any ideas??
----
Your postfix/main.cf, you have the following...

smtpd_recipient_restrictions = permit_mynetworks, \
  permit_sasl_authenticated, \
  reject_unauth_destination

but 'my_networks' is only:
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

so that isn't going to allow anything but localhost to relay mail so
that that means you either have to carefully adjust 'my_networks' or
configure 'sasl_authenticated' which is likely going to require:

# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

and something like this in /etc/postfix/master.cf
mtps    inet  n       -       n       -       -       smtpd
 -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission   inet    n       -       n       -       -       smtpd
 -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrictions=reject

and obviously properly created ca certificate, smtp certificate & key.

I don't use virtualmin and have no clue how much of this type of
configuration it handles for the administrator but it seems to me that
webmin is not really a substitute for learning configuration and
troubleshooting skills.

Craig



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------------------------------------------------------------------------------
Get your Android app more play: Bring it to the BlackBerry PlayBook
in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
it is! http://p.sf.net/sfu/android-dev2dev
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list



--
Matias