0
I'm really stuck with a problem on my postfix installation for a few days ago. I know there is a lot of stuff about this on the net, but none of what I tried worked.
Here is my problem: I can send and receive (and read) emails to/from outside using my terminal on the server, thought SSH. I mean, when logged in my server. But I can't send email with a SMTP client through my server (outside my server network).
My server is Debian 9. I enabled SASL authentication with Cyrus SASL following the Debian wiki: https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL.
When I do telnet mail.myserver.com 25 and run EHLO I get:
250-mail.myserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
I can also authenticate with base64 from telnet:
AUTH PLAIN <base64_string>
235 2.7.0 Authentication successful
On my /etc/postfix/main.cf I have:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
And the problem is as follow:
I connected my server email address (myserveruser@myserver.com) to my personal Gmail address thought Settings > Accounts and import > "Send mail as" on my Gmail web client. I set my smtp server, user and user password. I used port 587 and TLS. It authenticated successfully and I completed the verification process.
However, when I use Gmail to send a email with "Send as myserveruser@myserver.com", it bounces on my server. From /var/log/mail.log I can read:
postfix/smtpd[1968]: connect from mail-ed1-f47.google.com[209.85.208.47]
postfix/smtpd[1968]: Anonymous TLS connection established from mail-ed1-f47.google.com[209.85.208.47]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
postfix/smtpd[1968]: NOQUEUE: reject: RCPT from mail-ed1-f47.google.com[209.85.208.47]: 554 5.7.1 <destination@notmydomain.com>: Relay access denied; from=<myserveruser@myserver.com> to=<destination@notmydomain.com> proto=ESMTP helo=<mail-ed1-f47.google.com>
postfix/smtpd[1968]: disconnect from mail-ed1-f47.google.com[209.85.208.47] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=6/8
As I said, sending a email to destination@notmydomain.com from my server terminal just works fine, with SPF, DKIM and DMARC pass.
I don't know what to do. I really appreciate if someone can help me with this.
Aitor Alonso
Posted 2019-01-17T19:37:59.017
Reputation: 1
2Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports. – user1686 – 2019-01-17T19:47:04.397