Re: [webmin-l] {Disarmed} Re: Can't configure my email service in webmin

[Matías M. <mat...@gm...>]

Hi everybody,

Finally i have some good news. Craig was right, and gave me a clue. Then
I've been following this guide
http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.htmland
added authentication to my smtp.

The only thing was missing to my configuration was authentication for smtp.
When I added it, it started working.

So thank you very much. Now, the only, problem I'm having is incoming mail
is being rejected with message "Client host rejected: Access denied;". So
I'm going to see what can I do with it.

I want to thank everybody, you have been very helpfully



2011/10/30 Craig White <cra...@az...>

> On Sun, 2011-10-30 at 20:25 -0300, Matías Montenegro wrote:
> > Thanks for you answer ceil, but it didn't worked out. I don't know
> > what else can i try.
> >
> > 2011/10/30 Cecil Yother, Jr. <cj...@yo...>
> >         I believe you need a relayhost entry.  I use qmail and it's
> >         been a while since I used Postfix.  I am pretty sure this is
> >         where you problem lie though.
> >
> >         relayhost=smtp.mydomain.com  or relayhost=localhost
> >
> >
> >
> >         On 10/30/2011 03:37 PM, Matías Montenegro wrote:
> >         > Apparently I had to install libsasl2-module. Now smtp seems
> >         > to work fine, but now I have this problem:
> >         >
> >         > When i send an email to any domain outside the server (like
> >         > som...@ya...) , postfix says: "Relay access denied"
> >         >
> >         > my /etc/postfix/main.cf looks like this:
> >         >
> >         > # See /usr/share/postfix/main.cf.dist for a commented, more
> >         > complete version
> >         >
> >         >
> >         > # Debian specific:  Specifying a file name will cause the
> >         > first
> >         > # line of that file to be used as the name.  The Debian
> >         > default
> >         > # is /etc/mailname.
> >         > #myorigin = /etc/mailname
> >         >
> >         > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> >         > biff = no
> >         >
> >         > # appending .domain is the MUA's job.
> >         > append_dot_mydomain = no
> >         >
> >         > # Uncomment the next line to generate "delayed mail"
> >         > warnings
> >         > #delay_warning_time = 4h
> >         >
> >         > virtual_alias_maps = hash:/etc/postfix/virtual
> >         > readme_directory = no
> >         >
> >         > # TLS parameters
> >         > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> >         > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> >         > smtpd_use_tls=yes
> >         > smtpd_tls_session_cache_database = btree:
> >         > ${data_directory}/smtpd_scache
> >         > smtp_tls_session_cache_database = btree:
> >         > ${data_directory}/smtp_scache
> >         >
> >         > # See /usr/share/doc/postfix/TLS_README.gz in the
> >         > postfix-doc package for
> >         > # information on enabling SSL in the smtp client.
> >         > smtpd_sasl_auth_enable = yes
> >         > smtpd_sasl_local_domain = MYDOMAIN
> >         > smtpd_recipient_restrictions = permit_mynetworks,
> >         > permit_sasl_authenticated, reject_unauth_destination
> >         >
> >         > smtpd_sasl_security_options = noanonymous
> >         > smtpd_sasl_authenticated_header = yes
> >         > smtpd_sasl_application_name = smtpd
> >         > broken_sasl_auth_clients = yes
> >         >
> >         > myhostname = debian
> >         > alias_maps = hash:/etc/aliases
> >         > alias_database = hash:/etc/aliases
> >         > myorigin = /etc/mailname
> >         > mydestination =  localhost
> >         > relayhost =
> >         > mynetworks = MailScanner warning: numerical links are often
> >         > malicious: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> >         > mailbox_size_limit = 0
> >         > recipient_delimiter = +
> >         > inet_interfaces = all
> >         >
> >         >
> >         > Any ideas??
> ----
> Your postfix/main.cf, you have the following...
>
> smtpd_recipient_restrictions = permit_mynetworks, \
>   permit_sasl_authenticated, \
>   reject_unauth_destination
>
> but 'my_networks' is only:
>  mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>
> so that isn't going to allow anything but localhost to relay mail so
> that that means you either have to carefully adjust 'my_networks' or
> configure 'sasl_authenticated' which is likely going to require:
>
> # cat /etc/postfix/sasl/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
>
> and something like this in /etc/postfix/master.cf
> mtps    inet  n       -       n       -       -       smtpd
>  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> submission   inet    n       -       n       -       -       smtpd
>  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
> smtpd_etrn_restrictions=reject
>
> and obviously properly created ca certificate, smtp certificate & key.
>
> I don't use virtualmin and have no clue how much of this type of
> configuration it handles for the administrator but it seems to me that
> webmin is not really a substitute for learning configuration and
> troubleshooting skills.
>
> Craig
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> ------------------------------------------------------------------------------
> Get your Android app more play: Bring it to the BlackBerry PlayBook
> in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
> for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
> it is! http://p.sf.net/sfu/android-dev2dev
> -
> Forwarded by the Webmin mailing list at
> web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
>



-- 
Matias