1

I'm trying to set up SASL to a relayhost to send external email. I've read a hell of a lot and done everything I'm supposed to have done. However our provider won't accept me relaying emails with (we are not on their network, but they say this is ok as long as we auth with SASL):

host mailhost.zen.co.uk[212.23.3.98] said: 550-This is not an open relay. To send through this server you must either be 550 on a Zen Internet IP address or be authenticated over TLS. (in reply to MAIL FROM command)

We agree that I'm not sending the username and password other wise it would either send, or say my username password is incorrect.

The question is, why isn't postfix sending it:

Heres the parts of my main.conf that I think are relevent:

    smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

    smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

    smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, permit

    smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

    relayhost = mailhost.zen.co.uk
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtpd_sasl_type = cyrus
    smtpd_sasl_authenticated_header = no
    broken_sasl_auth_clients = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain =

of couse I've set the password in sasl_passwd and postmapped it. Here's some of the resources I've been using are:

Would be great is anyone has any other suggestions :)

Mr Shoubs
  • 363
  • 2
  • 9
  • 32

1 Answers1

2

If you want the SMTP connection from your MTA to mailhost.zen.co.uk to be SASL auth'd, you want the smtp_sasl_* parameters, not the smtpd_sasl_* parameters. The latter is for when you're the receiving MTA, while the former are for when you're connecting to another MTA, as you appear to want to do here.

womble
  • 95,029
  • 29
  • 173
  • 228
  • Thanks. But it didn't work. I added the following to main.cs: smtp_sasl_auth_enabled = yes smtp_sasl_password_maps = hash:/etx/postfix/sasl_passwd smtp_sasl_type = cyrus smtp_sasl_authenticated_header = no smtp_sasl_security_options = noanonymous smtp_sasl_local_domain = but nothing seems to have changed. – Mr Shoubs Nov 13 '09 at 08:52
  • I did restart postfix – Mr Shoubs Nov 13 '09 at 08:54
  • I get the following in my mail log: Nov 16 12:17:36 db3 postfix/smtpd[11576]: warning: SASL authentication failure: realm changed: authentication aborted Nov 16 12:17:36 db3 postfix/smtpd[11576]: warning: 82-69-111-139.dsl.in-addr.zen.co.uk[82.69.111.139]: SASL DIGEST-MD5 authentication failed: authentication failure Nov 16 12:17:37 db3 postfix/smtpd[11576]: NOQUEUE: reject_warning: RCPT from 82-69-111-139.dsl.in-addr.zen.co.uk[82.69.111.139]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo= – Mr Shoubs Nov 16 '09 at 12:29