Re: [webmin-l] {Disarmed} Re: Can't configure my email service in webmin

[Matías M. <mat...@gm...>]

Maxwell,

The guide fix the relay error for outgoing messages only... But not for
incoming messages.

2011/10/31 Maxwell Smart <cj...@yo...>

> **
> Did the guide fix the relay error too?
>
>
> On 10/31/2011 05:52 AM, Matías Montenegro wrote:
>
> Hi everybody,
>
> Finally i have some good news. Craig was right, and gave me a clue. Then
> I've been following this guide
> http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.htmland added authentication to my smtp.
>
> The only thing was missing to my configuration was authentication for
> smtp. When I added it, it started working.
>
> So thank you very much. Now, the only, problem I'm having is incoming mail
> is being rejected with message "Client host rejected: Access denied;". So
> I'm going to see what can I do with it.
>
> I want to thank everybody, you have been very helpfully
>
>
>
> 2011/10/30 Craig White <cra...@az...>
>
>> On Sun, 2011-10-30 at 20:25 -0300, Matías Montenegro wrote:
>> > Thanks for you answer ceil, but it didn't worked out. I don't know
>> > what else can i try.
>> >
>> > 2011/10/30 Cecil Yother, Jr. <cj...@yo...>
>> >         I believe you need a relayhost entry.  I use qmail and it's
>> >         been a while since I used Postfix.  I am pretty sure this is
>> >         where you problem lie though.
>> >
>> >         relayhost=smtp.mydomain.com  or relayhost=localhost
>> >
>> >
>> >
>> >         On 10/30/2011 03:37 PM, Matías Montenegro wrote:
>> >         > Apparently I had to install libsasl2-module. Now smtp seems
>> >         > to work fine, but now I have this problem:
>> >         >
>> >         > When i send an email to any domain outside the server (like
>> >         > som...@ya...) , postfix says: "Relay access denied"
>> >         >
>> >         > my /etc/postfix/main.cf looks like this:
>> >         >
>> >         > # See /usr/share/postfix/main.cf.dist for a commented, more
>> >         > complete version
>> >         >
>> >         >
>> >         > # Debian specific:  Specifying a file name will cause the
>> >         > first
>> >         > # line of that file to be used as the name.  The Debian
>> >         > default
>> >         > # is /etc/mailname.
>> >         > #myorigin = /etc/mailname
>> >         >
>> >         > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> >         > biff = no
>> >         >
>> >         > # appending .domain is the MUA's job.
>> >         > append_dot_mydomain = no
>> >         >
>> >         > # Uncomment the next line to generate "delayed mail"
>> >         > warnings
>> >         > #delay_warning_time = 4h
>> >         >
>> >         > virtual_alias_maps = hash:/etc/postfix/virtual
>> >         > readme_directory = no
>> >         >
>> >         > # TLS parameters
>> >         > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
>> >         > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
>> >         > smtpd_use_tls=yes
>> >         > smtpd_tls_session_cache_database = btree:
>> >         > ${data_directory}/smtpd_scache
>> >         > smtp_tls_session_cache_database = btree:
>> >         > ${data_directory}/smtp_scache
>> >         >
>> >         > # See /usr/share/doc/postfix/TLS_README.gz in the
>> >         > postfix-doc package for
>> >         > # information on enabling SSL in the smtp client.
>> >         > smtpd_sasl_auth_enable = yes
>> >         > smtpd_sasl_local_domain = MYDOMAIN
>> >         > smtpd_recipient_restrictions = permit_mynetworks,
>> >         > permit_sasl_authenticated, reject_unauth_destination
>> >         >
>> >         > smtpd_sasl_security_options = noanonymous
>> >         > smtpd_sasl_authenticated_header = yes
>> >         > smtpd_sasl_application_name = smtpd
>> >         > broken_sasl_auth_clients = yes
>> >         >
>> >         > myhostname = debian
>> >         > alias_maps = hash:/etc/aliases
>> >         > alias_database = hash:/etc/aliases
>> >         > myorigin = /etc/mailname
>> >         > mydestination =  localhost
>> >         > relayhost =
>> >         > mynetworks = MailScanner warning: numerical links are often
>> >         > malicious: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>> >         > mailbox_size_limit = 0
>> >         > recipient_delimiter = +
>> >         > inet_interfaces = all
>> >         >
>> >         >
>> >         > Any ideas??
>> ----
>> Your postfix/main.cf, you have the following...
>>
>> smtpd_recipient_restrictions = permit_mynetworks, \
>>   permit_sasl_authenticated, \
>>   reject_unauth_destination
>>
>> but 'my_networks' is only:
>>  mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>>
>> so that isn't going to allow anything but localhost to relay mail so
>> that that means you either have to carefully adjust 'my_networks' or
>> configure 'sasl_authenticated' which is likely going to require:
>>
>> # cat /etc/postfix/sasl/smtpd.conf
>> pwcheck_method: saslauthd
>> mech_list: plain login
>>
>> and something like this in /etc/postfix/master.cf
>> mtps    inet  n       -       n       -       -       smtpd
>>  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
>> submission   inet    n       -       n       -       -       smtpd
>>  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
>> smtpd_etrn_restrictions=reject
>>
>> and obviously properly created ca certificate, smtp certificate & key.
>>
>> I don't use virtualmin and have no clue how much of this type of
>> configuration it handles for the administrator but it seems to me that
>> webmin is not really a substitute for learning configuration and
>> troubleshooting skills.
>>
>> Craig
>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Get your Android app more play: Bring it to the BlackBerry PlayBook
>> in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
>> for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
>> it is! http://p.sf.net/sfu/android-dev2dev
>> -
>> Forwarded by the Webmin mailing list at
>> web...@li...
>> To remove yourself from this list, go to
>> http://lists.sourceforge.net/lists/listinfo/webadmin-list
>>
>
>
>
> --
> Matias
>
>
> ------------------------------------------------------------------------------
> Get your Android app more play: Bring it to the BlackBerry PlayBook
> in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
> for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
> it is! http://p.sf.net/sfu/android-dev2dev
>
>
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go tohttp://lists.sourceforge.net/lists/listinfo/webadmin-list
>
>
> --
> Cecil Yother, Jr. "cj"
> cj's
> 2318 Clement Ave
> Alameda, CA  94501
>
> tel 510.865.2787http://yother.com
> Check out the new Volvo classified resource http://www.volvoclassified.com
>
>
>
> ------------------------------------------------------------------------------
> Get your Android app more play: Bring it to the BlackBerry PlayBook
> in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
> for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
> it is! http://p.sf.net/sfu/android-dev2dev
>
> -
> Forwarded by the Webmin mailing list at
> web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
>
>


-- 
Matias