0

we are using Postfix 2.11.3 on Ubuntu 15.10

Here is configuration file:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)  
biff = no  
append_dot_mydomain = no  
readme_directory = no  
smtpd_use_tls=yes  
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache  
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache  
myhostname = server.ip-5.ru  
alias_maps = hash:/etc/aliases  
alias_database = hash:/etc/aliases  
virtual_alias_domains = 
virtual_alias_maps = hash:/etc/postfix/virtual  
myorigin = /etc/mailname  
mydestination = $mydomain  
mynetworks = 0.0.0.0  
mailbox_command =   
mailbox_size_limit = 0  
recipient_delimiter = +  
inet_interfaces = all  
inet_protocols = ipv4  
home_mailbox = Maildir/  
soft_bounce = yes  
header_checks = regexp:/etc/postfix/header_checks  
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination,permit  
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,permit  

Now, I send mail to local user from local user inside our domain "ip-5.ru"
The send and delivery is successful.
name@ip-5.ru -> other@ip-5.ru

If I send mail to local alias connected to remote mailbox, it is also succeessful.
name@ip-5.ru -> other@ip-5.ru -> name@gmail.com

The problem come, when I send mail from local user to remote mail box in gmail.com.
name@ip-5.ru -> name@gmail.com

I get:

NOQUEUE: reject: RCPT from unknown[xx.xx.xx.xx]: 454 4.7.1 <name@gmail.com>: Relay access denied; from=<name@ip-5.ru> to=<name@gmail.com> proto=ESMTP helo=<[yy.yy.yy.yy]>

I read that we need use SSL for get relay privileges...
So why I can relay via local alias?
The problem that SSL is very hard for configuration now... I tried to configure it and get much errors...

I want put your attention, that user names and passwords are provided for SMTP authentication, so my server isn't target for spam and unlimited relay, I just want find some way around SSL!

Is it possible to send from local mailbox directly to remote without making alias and without SSL?

1 Answers1

1

I guess you mean SASL. The problem is, if your mail server doesn't use some sort of restriction/control (to allow client to send mails to other domains), then it becomes an open relay. That means anyone can use your email server to send spam emails. This is of course not expected. And this is why you need to use some sort of restriction as to who is allowed to relay mail using the server. Read more below:

http://www.postfix.org/SMTPD_ACCESS_README.html#relay

Relay control, junk mail control, and per-user policies

In a distant past, the Internet was a friendly environment. Mail servers happily forwarded mail on behalf of anyone towards any destination. On today's Internet, spammers abuse servers that forward mail from arbitrary systems, and abused systems end up on anti-spammer blacklists. See, for example, the information on http://www.mail-abuse.org/ and other websites.

By default, Postfix has a moderately restrictive approach to mail relaying. Postfix forwards mail only from clients in trusted networks, from clients that have authenticated with SASL, or to domains that are configured as authorized relay destinations. For a description of the default mail relay policy, see the smtpd_relay_restrictions parameter in the postconf(5) manual page, and the information that is referenced from there.

As mentioned above,an alternative for clients coming from a certain LAN, is to use the mynetworks option provided in postfix. Here you can define a network and allow users from that network to relay without authentication.

Your configuration need to be adjusted to allow SASL authentication. Add the below options to enable sasl authetication.

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous

And then adjust relay restriction:

smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit 
Diamond
  • 8,791
  • 3
  • 22
  • 37