Untitled

this server hosts os-velten.de, schueler.os-velten.de and extern.os-velten.de

Sending mails from a mail client to these subdomains (using an account from this server, e.g. jon.doe@extern.os-velten.de) works fine, but sending a mail from a local account to e.g. jon@doe.com doesn't "relay access denied).

 

User is successfully authenticated against SMTPd (see verbose log file link at the end of this post)

 

Funny: I have zarafa installed, and sending from the web interface to a foreign account works fine ....

 

 

 

POSTCONF

---cut---

 

[root@www etc]# postconf -n

bash: postconf: command not found

[root@www etc]# /usr/sbin/postc

postcat   postconf  

[root@www etc]# /usr/sbin/postconf -n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

disable_vrfy_command = yes

html_directory = no

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain, localhost

mydomain = os-velten.de

myhostname = www.os-velten.de

myorigin = $mydomain

newaliases_path = /usr/bin/newaliases.postfix

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

recipient_delimiter = +

relay_domains = $mydestination

sample_directory = /usr/share/doc/postfix-2.3.3/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_tls_loglevel = 1

smtp_use_tls = yes

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_sasl_auth_enable = yes

smtpd_tls_CAfile = /etc/pki/postfix/certs/CAcert.pem

smtpd_tls_cert_file = /etc/pki/postfix/certs/cert.pem

smtpd_tls_key_file = /etc/pki/postfix/private/key.pem

smtpd_tls_received_header = yes

smtpd_use_tls = yes

unknown_local_recipient_reject_code = 550

virtual_alias_maps = ldap:/etc/postfix/ldapdistlist.cf

virtual_mailbox_domains = os-velten.de, schueler.os-velten.de, extern.os-velten.de

virtual_mailbox_maps = ldap:/etc/postfix/ldapvirtual.cf

virtual_transport = lmtp:127.0.0.1:2003

[root@www etc]#

---cut---

 

 

 

MASTER.CF

---cut---

[root@www etc]# cat postfix/master.cf

#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master").

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

        -o smtpd_proxy_filter=127.0.0.1:10024

        -o content_filter=

 

127.0.0.1:10025 inet    n       -       n       -       -       smtpd

        -o content_filter=

        -o smtpd_proxy_filter=

        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

        -o smtpd_client_restrictions=

        -o smtpd_helo_restrictions=

        -o smtpd_sender_restrictions=

        -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

        -o smtpd_data_restrictions=

        -o mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24

        -o recesive_override_options=no_unknown_recipient_checks

 

pickup    fifo  n       -       n       60      1       pickup

        -o content_filter=smtp:[127.0.0.1]:10024

 

#submission inet n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

smtps     inet  n       -       n       -       -       smtpd

  -o smtpd_tls_wrappermode=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

  -o smtpd_help_required=yes

#628      inet  n       -       n       -       -       qmqpd

#pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

        -o fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

cyrus     unix  -       n       n       -       -       pipe

  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}

#

# See the Postfix UUCP_README file for configuration details.

#

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# Other external delivery methods.

#

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

 

---cut---

 

 

 

MAILLOG:

---cut---

 

Nov  6 17:22:44 www postfix/smtpd[15135]: connect from p5795B6D5.dip.t-dialin.net[87.149.182.213]

Nov  6 17:22:44 www postfix/smtpd[15135]: NOQUEUE: reject: RCPT from p5795B6D5.dip.t-dialin.net[87.149.182.213]: 554 5.7.1 <andre@dieball.net>: Relay access denied; from=<andre.dieball@extern.os-velten.de> to=<andre@dieball.net> proto=ESMTP helo=<[192.168.100.102]>

Nov  6 17:22:44 www postfix/smtpd[15135]: disconnect from p5795B6D5.dip.t-dialin.net[87.149.182.213]

---cut---

 

 

 

MAILLOG with verbose shows authentication: http://pastebin.com/W9YEMbn3