I have an Ubuntu server running Virtualmin (with Postfix). It is steadfastly refusing to allow me to relay when I authenticate. However I can't make any sense of what is going on. Postfix's main.cf says: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination .. which I understand to mean that provided I authenticate I can send anywhere. The error I'm getting is: connect from [...] NOQUEUE: reject: RCPT from [...]: 550 5.1.1 <user@example.com>: Recipient address rejected: User unknown in virtual alias table; from=<user@mysite> to=<user@example.com> proto=ESMTP helo=<[...]> disconnect from [...] .. where [...] is my IP/hostname, user@example.com is the address I'm trying to relay to, <user@mysite> is the user I'm trying to authenticate as. If I disable authentication in my mail client, I get "relaying denied" which I would expect. If I change my password I get a password error, so I am definitely authenticating correctly. If I try sending an email (no authentication, plain SMTP) to invaliduser@mysite I get the same error as above, which is when I would expect to get it (trying to send to a user on my server that doesn't exist). However I'm trying to relay to a different server altogether so I can make sense of the error message in that context at all? Mark -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER
On Thursday 05 January 2012 16:18:01 Mark Rogers wrote:
I have an Ubuntu server running Virtualmin (with Postfix).
It is steadfastly refusing to allow me to relay when I authenticate. However I can't make any sense of what is going on.
Postfix's main.cf says: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination .. which I understand to mean that provided I authenticate I can send anywhere.
The error I'm getting is: connect from [...] NOQUEUE: reject: RCPT from [...]: 550 5.1.1 <user@example.com>: Recipient address rejected: User unknown in virtual alias table; from=<user@mysite> to=<user@example.com> proto=ESMTP helo=<[...]> disconnect from [...]
.. where [...] is my IP/hostname, user@example.com is the address I'm trying to relay to, <user@mysite> is the user I'm trying to authenticate as.
If I disable authentication in my mail client, I get "relaying denied" which I would expect. If I change my password I get a password error, so I am definitely authenticating correctly. If I try sending an email (no authentication, plain SMTP) to invaliduser@mysite I get the same error as above, which is when I would expect to get it (trying to send to a user on my server that doesn't exist). However I'm trying to relay to a different server altogether so I can make sense of the error message in that context at all?
Mark
Hi Mark, Have you configured saslauthd? I followed the example in http://www.postfix.org/SASL_README.html - only I'm authenticating against LDAP and that works fine (OpenSUSE 11.2). Stuart Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~~~~~~~~~~~~~~~~~~~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~~~~~~~~~~~~~~~~~~~~~ http://www.linusoft.co.uk __________ Information from ESET Mail Security, version of virus signature database 6770 (20120105) __________ The message was checked by ESET Mail Security. http://www.eset.com
On 05/01/2012 16:18, Mark Rogers wrote:
I have an Ubuntu server running Virtualmin (with Postfix).
It is steadfastly refusing to allow me to relay when I authenticate. However I can't make any sense of what is going on.
Postfix's main.cf says: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination .. which I understand to mean that provided I authenticate I can send anywhere.
The error I'm getting is: connect from [...] NOQUEUE: reject: RCPT from [...]: 550 5.1.1 <user@example.com>: Recipient address rejected: User unknown in virtual alias table; from=<user@mysite> to=<user@example.com> proto=ESMTP helo=<[...]> disconnect from [...]
.. where [...] is my IP/hostname, user@example.com is the address I'm trying to relay to, <user@mysite> is the user I'm trying to authenticate as.
If I disable authentication in my mail client, I get "relaying denied" which I would expect. If I change my password I get a password error, so I am definitely authenticating correctly. If I try sending an email (no authentication, plain SMTP) to invaliduser@mysite I get the same error as above, which is when I would expect to get it (trying to send to a user on my server that doesn't exist). However I'm trying to relay to a different server altogether so I can make sense of the error message in that context at all?
Mark
I agree with Stuart, it sounds as if you haven't started tls/sasl properly. smtp_use_tls = yes smtpd_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes and so on. You'll need certificates, and lots of info on that can be found in: http://www.eclectica.ca/howto/ssl-cert-howto.php Note too, that SASL can't deal with encrypted passwords, so plain one is required. We use virtual users/accresses in a mysql db, with encrypted passwords, but can either use the existing database by using the encrypted one from the database as plain text, or set up a special use for relaying access with a plain password. All that said, this error looks like something different: "NOQUEUE: reject: RCPT from [...]: 550 5.1.1 <user@example.com>: Recipient address rejected: User unknown in virtual alias table;" It looks as if you may need a "relay_domains = mydomain.com" statement in main.cf If you need specific help, I can help as I do this stuff a lot. Cheers, Laurie. -- --------------------------------------------------------------------- Laurie Brown laurie@brownowl.com ---------------------------------------------------------------------
On Thu, 05 Jan 2012 16:18:01 +0000 Mark Rogers <mark@quarella.co.uk> allegedly wrote:
I have an Ubuntu server running Virtualmin (with Postfix).
It is steadfastly refusing to allow me to relay when I authenticate. However I can't make any sense of what is going on.
Postfix's main.cf says: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination .. which I understand to mean that provided I authenticate I can send anywhere.
The error I'm getting is: connect from [...] NOQUEUE: reject: RCPT from [...]: 550 5.1.1 <user@example.com>: Recipient address rejected: User unknown in virtual alias table; from=<user@mysite> to=<user@example.com> proto=ESMTP helo=<[...]> disconnect from [...]
Mark Try adding: smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain What you have specified restricts the recipient, but not the sender. (I can't recall the default restriction if you omit permit_sasl_authenticated for the sender, but it will probably deny you.) Mick --------------------------------------------------------------------- The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this? Douglas E Comer - Internetworking with TCP/IP Volume 1 http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------
Apologies for breaking threading, for some reason I haven't received any replies, even though I can see them in the archive (where I can't reply to them!) [*] Mick (mbm@rlogin.net) writes:
Try adding:
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain
Sounds plausible, but just tried it to no avail. Stuart Bailey (stuart@linusoft.co.uk) writes:
Have you configured saslauthd? I followed the example inhttp://www.postfix.org/SASL_README.html - only I'm authenticating against LDAP and that works fine (OpenSUSE 11.2).
No I haven't, although I believe that VirtualMin has done this for me. Given that I can access the account via IMAP with STARTTLS, and that I seem to be authenticating with SMTP (on the basis I get very different results if I try with an incorrect user or pass), I've sort of assumed that SASL is set up correctly. Although it seems odd that mail.log makes no reference to it? Laurie Brown (laurie@brownowl.com) writes:
I agree with Stuart, it sounds as if you haven't started tls/sasl properly.
smtp_use_tls = yes smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes
and so on.
Of those settings, only smtp_use_tls = yes smtpd_sasl2_auth_enable = yes .. were missing, and adding them hasn't made any difference.
All that said, this error looks like something different:
"NOQUEUE: reject: RCPT from [...]: 550 5.1.1<user at example.com <http://lists.alug.org.uk/mailman/listinfo/main>>: Recipient address rejected: User unknown in virtual alias table;"
Agreed, the error doesn't seem to stack up with what is going on. Postfix seems to be trying to deliver the email locally not relay it. [*] Any suggestions why I'm not seeing replies? I receive the list normally. My email address routes to a Google Apps account. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER
On 06/01/12 14:30, Mark Rogers wrote:
Agreed, the error doesn't seem to stack up with what is going on. Postfix seems to be trying to deliver the email locally not relay it.
And therein lies the clue. And proof that I'm an idiot! The test I was performing was from a test account (test domain) to my real email addresses (real company domain). However when I set up VirtualMin it would appear that I added my company's domain to the configuration (which would have made sense at the time). So the test was failing precisely because Postfix believed the email needed to be delivered locally (but I hadn't set up any users for that domain, hence the error), and wasn't trying to relay at all. When I change the test to go to another email address that isn't configured in any way on the server it works fine, with or without the settings for smtpd_sender_restrictions, smtp_use_tls or smtpd_sasl2_auth_enable. Thanks for your help, it pointed me in the direction of the answer. Would still love to know why I can't receive replies though. Mark -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER
participants (4)
-
Laurie Brown -
Mark Rogers -
mick -
Stuart Bailey