I am fairly new to Postfix, and am trying to set up an SMTP server to
allow users to connect to from their ISP's (so could come from any
address), and send mail to ANY address, internal and external.

My SASL authentication seems to be working fine, and if I send mail
from a computer on the local network it will go to ANY address, however
When I send emails from a computer not on the network, I get the RELAY
ACCESS DENIED message for any address that isn't on the local network.

Please me!

Here is the current content of my main.cf file:
================================================== ======
myhostname = linux.mydomain.com
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
program_directory = /usr/lib/postfix
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost = rws03ex.rws.com
mailbox_command =
mailbox_transport =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
mydomain = mydomain.com

# FOR SASL AUTHENTICATION
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_local_domain =
broken_sasl_auth_clients = yes
#smtpd_sasl_password_maps = hash:/etc/sasldb2
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject _unauth_destination

# TLS Encryption
smtpd_use_tls = no
smtp_use_tls = no
================================================== ==

Thanks!

Ben

ben.agnoli@rws.com wrote:
> I am fairly new to Postfix, and am trying to set up an SMTP server to
> allow users to connect to from their ISP's (so could come from any
> address), and send mail to ANY address, internal and external.
>
> My SASL authentication seems to be working fine, and if I send mail
> from a computer on the local network it will go to ANY address, however
> When I send emails from a computer not on the network, I get the RELAY
> ACCESS DENIED message for any address that isn't on the local network.
>
> Please me!
>
> Here is the current content of my main.cf file:
> ================================================== ======
> myhostname = linux.mydomain.com
> unknown_local_recipient_reject_code = 550
> debug_peer_level = 2
> debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail
> newaliases_path = /usr/bin/newaliases
> mailq_path = /usr/bin/mailq
> setgid_group = maildrop
> html_directory = /usr/share/doc/packages/postfix/html
> manpage_directory = /usr/share/man
> sample_directory = /usr/share/doc/packages/postfix/samples
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> mail_spool_directory = /var/mail
> canonical_maps = hash:/etc/postfix/canonical
> virtual_maps = hash:/etc/postfix/virtual
> relocated_maps = hash:/etc/postfix/relocated
> transport_maps = hash:/etc/postfix/transport
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> masquerade_exceptions = root
> masquerade_classes = envelope_sender, header_sender, header_recipient
> program_directory = /usr/lib/postfix
> masquerade_domains =
> mydestination = $myhostname, localhost.$mydomain
> defer_transports =
> disable_dns_lookups = no
> relayhost = rws03ex.rws.com
> mailbox_command =
> mailbox_transport =
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_client_restrictions =
> smtpd_helo_required = no
> smtpd_helo_restrictions =
> strict_rfc821_envelopes = no
> alias_maps = hash:/etc/aliases
> mailbox_size_limit = 0
> message_size_limit = 10240000
> smtp_sasl_security_options =
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> mydomain = mydomain.com
>
> # FOR SASL AUTHENTICATION
> smtp_sasl_auth_enable = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_local_domain =
> broken_sasl_auth_clients = yes
> #smtpd_sasl_password_maps = hash:/etc/sasldb2
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,reject _unauth_destination
>
> # TLS Encryption
> smtpd_use_tls = no
> smtp_use_tls = no
> ================================================== ==
>
> Thanks!
>
> Ben


Hi Ben, offhand your config looks like it should work.

Are you absolutely sure that the remote user was authenticated at the time they
tried to send an email? Their authentication would be logged in
/var/log/maillog or equivalent, and look something like this:

May 18 07:04:40 mysite postfix/smtpd[27015]: 145942A4629:
client=remote.isp.net[123.4.5.6], sasl_method=CRAM-MD5, sasl_username=ben


Also, are you absolutely sure that the smtpd_client_restrictions parameter is indeed blank
and not set somewhere else later in main.cf?

You can check with the command: postconf smtpd_client_restrictions

--
Greg

Hi Greg,

Thanks for the speedy response. I have pasted the log entry below:

May 18 15:47:07 linux postfix/smtpd[16351]: connect from
123-4-5-6..remote.isp.com[123.4.5.6]
May 18 15:47:08 linux postfix/smtpd[16351]: NOQUEUE: reject: RCPT from
123-4-5-6.remote.isp.com[123.4.5.6]: 554 <email@address.com>: Relay
access denied; from=<joe.bloggs@world.com> to=<email@address.com>
proto=SMTP helo=<laptop>
May 18 15:47:11 linux postfix/smtpd[16351]: disconnect from
123-4-5-6.remote.isp.com[123.4.5.6]

--------------------------------------------------------

> postconf smtpd_client_restrictions

I ran the above command and can verify that the parameter is blank.

Ben.

ben.agnoli@rws.com wrote:
> Hi Greg,
>
> Thanks for the speedy response. I have pasted the log entry below:
>
> May 18 15:47:07 linux postfix/smtpd[16351]: connect from
> 123-4-5-6..remote.isp.com[123.4.5.6]
> May 18 15:47:08 linux postfix/smtpd[16351]: NOQUEUE: reject: RCPT from
> 123-4-5-6.remote.isp.com[123.4.5.6]: 554 <email@address.com>: Relay
> access denied; from=<joe.bloggs@world.com> to=<email@address.com>
> proto=SMTP helo=<laptop>
> May 18 15:47:11 linux postfix/smtpd[16351]: disconnect from
> 123-4-5-6.remote.isp.com[123.4.5.6]
>
> --------------------------------------------------------
>
>
>>postconf smtpd_client_restrictions
>
>
> I ran the above command and can verify that the parameter is blank.
>
> Ben.

According to the logs, they didn't connect up with SMTP AUTH (logname and password). They
just initiated an ordinary SMTP session. They were correctly blocked, because
they weren't authenticated.

--
Greg