Menu
▾
▴
Re: [webmin-l] {Disarmed} Re: Can't configure my email service in webmin
|
From: Maxwell S. <cj...@yo...> - 2011-10-31 14:34:46
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Did the guide fix the relay error too?<br>
<br>
On 10/31/2011 05:52 AM, Matías Montenegro wrote:
<blockquote
cite="mid:CAK6vHTCywRzxnKL59cdw_+A6gxTA_Q1tQFD=uJj...@ma..."
type="cite">Hi everybody,<br>
<br>
Finally i have some good news. Craig was right, and gave me a
clue. Then I've been following this guide <a
moz-do-not-send="true"
href="http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.html">http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.html</a>
and added authentication to my smtp.<br>
<br>
The only thing was missing to my configuration was authentication
for smtp. When I added it, it started working.<br>
<br>
So thank you very much. Now, the only, problem I'm having is
incoming mail is being rejected with message "Client host
rejected: Access denied;". So I'm going to see what can I do with
it.<br>
<br>
I want to thank everybody, you have been very helpfully<br>
<br>
<br>
<br>
<div class="gmail_quote">2011/10/30 Craig White <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:cra...@az...">cra...@az...</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">On Sun, 2011-10-30 at 20:25 -0300, Matías
Montenegro wrote:<br>
> Thanks for you answer ceil, but it didn't worked out. I
don't know<br>
> what else can i try.<br>
><br>
> 2011/10/30 Cecil Yother, Jr. <<a
moz-do-not-send="true" href="mailto:cj...@yo...">cj...@yo...</a>><br>
> I believe you need a relayhost entry. I use
qmail and it's<br>
> been a while since I used Postfix. I am pretty
sure this is<br>
> where you problem lie though.<br>
><br>
> relayhost=<a moz-do-not-send="true"
href="http://smtp.mydomain.com" target="_blank">smtp.mydomain.com</a>
or relayhost=localhost<br>
><br>
><br>
><br>
> On 10/30/2011 03:37 PM, Matías Montenegro wrote:<br>
> > Apparently I had to install libsasl2-module.
Now smtp seems<br>
> > to work fine, but now I have this problem:<br>
> ><br>
> > When i send an email to any domain outside
the server (like<br>
> > <a moz-do-not-send="true"
href="mailto:som...@ya...">som...@ya...</a>) ,
postfix says: "Relay access denied"<br>
> ><br>
> > my /etc/postfix/<a moz-do-not-send="true"
href="http://main.cf" target="_blank">main.cf</a> looks like
this:<br>
> ><br>
> > # See /usr/share/postfix/main.cf.dist for a
commented, more<br>
> > complete version<br>
> ><br>
> ><br>
> > # Debian specific: Specifying a file name
will cause the<br>
> > first<br>
> > # line of that file to be used as the name.
The Debian<br>
> > default<br>
> > # is /etc/mailname.<br>
> > #myorigin = /etc/mailname<br>
> ><br>
> > smtpd_banner = $myhostname ESMTP $mail_name
(Debian/GNU)<br>
> > biff = no<br>
> ><br>
> > # appending .domain is the MUA's job.<br>
> > append_dot_mydomain = no<br>
> ><br>
> > # Uncomment the next line to generate
"delayed mail"<br>
> > warnings<br>
> > #delay_warning_time = 4h<br>
> ><br>
> > virtual_alias_maps =
hash:/etc/postfix/virtual<br>
> > readme_directory = no<br>
> ><br>
> > # TLS parameters<br>
> >
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem<br>
> >
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key<br>
> > smtpd_use_tls=yes<br>
> > smtpd_tls_session_cache_database = btree:<br>
> > ${data_directory}/smtpd_scache<br>
> > smtp_tls_session_cache_database = btree:<br>
> > ${data_directory}/smtp_scache<br>
> ><br>
> > # See /usr/share/doc/postfix/TLS_README.gz
in the<br>
> > postfix-doc package for<br>
> > # information on enabling SSL in the smtp
client.<br>
> > smtpd_sasl_auth_enable = yes<br>
> > smtpd_sasl_local_domain = MYDOMAIN<br>
> > smtpd_recipient_restrictions =
permit_mynetworks,<br>
> > permit_sasl_authenticated,
reject_unauth_destination<br>
> ><br>
> > smtpd_sasl_security_options = noanonymous<br>
> > smtpd_sasl_authenticated_header = yes<br>
> > smtpd_sasl_application_name = smtpd<br>
> > broken_sasl_auth_clients = yes<br>
> ><br>
> > myhostname = debian<br>
> > alias_maps = hash:/etc/aliases<br>
> > alias_database = hash:/etc/aliases<br>
> > myorigin = /etc/mailname<br>
> > mydestination = localhost<br>
> > relayhost =<br>
> > mynetworks = MailScanner warning: numerical
links are often<br>
> > malicious: <a moz-do-not-send="true"
href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>
[::ffff:127.0.0.0]/104 [::1]/128<br>
> > mailbox_size_limit = 0<br>
> > recipient_delimiter = +<br>
> > inet_interfaces = all<br>
> ><br>
> ><br>
> > Any ideas??<br>
----<br>
Your postfix/<a moz-do-not-send="true" href="http://main.cf"
target="_blank">main.cf</a>, you have the following...<br>
<br>
smtpd_recipient_restrictions = permit_mynetworks, \<br>
permit_sasl_authenticated, \<br>
reject_unauth_destination<br>
<br>
but 'my_networks' is only:<br>
mynetworks = <a moz-do-not-send="true"
href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>
[::ffff:127.0.0.0]/104 [::1]/128<br>
<br>
so that isn't going to allow anything but localhost to relay
mail so<br>
that that means you either have to carefully adjust
'my_networks' or<br>
configure 'sasl_authenticated' which is likely going to
require:<br>
<br>
# cat /etc/postfix/sasl/smtpd.conf<br>
pwcheck_method: saslauthd<br>
mech_list: plain login<br>
<br>
and something like this in /etc/postfix/<a
moz-do-not-send="true" href="http://master.cf"
target="_blank">master.cf</a><br>
mtps inet n - n - - smtpd<br>
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes<br>
submission inet n - n - -
smtpd<br>
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o<br>
smtpd_etrn_restrictions=reject<br>
<br>
and obviously properly created ca certificate, smtp
certificate & key.<br>
<br>
I don't use virtualmin and have no clue how much of this type
of<br>
configuration it handles for the administrator but it seems to
me that<br>
webmin is not really a substitute for learning configuration
and<br>
troubleshooting skills.<br>
<br>
Craig<br>
<br>
<br>
<br>
--<br>
This message has been scanned for viruses and<br>
dangerous content by MailScanner, and is<br>
believed to be clean.<br>
<br>
<br>
------------------------------------------------------------------------------<br>
Get your Android app more play: Bring it to the BlackBerry
PlayBook<br>
in minutes. BlackBerry App World&#153; now supports
Android&#153; Apps<br>
for the BlackBerry&reg; PlayBook&#153;. Discover just
how easy and simple<br>
it is! <a moz-do-not-send="true"
href="http://p.sf.net/sfu/android-dev2dev" target="_blank">http://p.sf.net/sfu/android-dev2dev</a><br>
-<br>
Forwarded by the Webmin mailing list at <a
moz-do-not-send="true"
href="mailto:web...@li...">web...@li...</a><br>
To remove yourself from this list, go to<br>
<a moz-do-not-send="true"
href="http://lists.sourceforge.net/lists/listinfo/webadmin-list"
target="_blank">http://lists.sourceforge.net/lists/listinfo/webadmin-list</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Matias<br>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
------------------------------------------------------------------------------
Get your Android app more play: Bring it to the BlackBerry PlayBook
in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
it is! <a class="moz-txt-link-freetext" href="http://p.sf.net/sfu/android-dev2dev">http://p.sf.net/sfu/android-dev2dev</a>
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
-
Forwarded by the Webmin mailing list at <a class="moz-txt-link-abbreviated" href="mailto:web...@li...">web...@li...</a>
To remove yourself from this list, go to
<a class="moz-txt-link-freetext" href="http://lists.sourceforge.net/lists/listinfo/webadmin-list">http://lists.sourceforge.net/lists/listinfo/webadmin-list</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
<a class="moz-txt-link-freetext" href="http://yother.com">http://yother.com</a>
Check out the new Volvo classified resource <a class="moz-txt-link-freetext" href="http://www.volvoclassified.com">http://www.volvoclassified.com</a></pre>
</body>
</html>
|
