# Postfix relaying

## iloose2

I have complied postfix with SASL, everything works fine until I attempt to send a message to a different domain. The error is "relay access denied", How do I allow postfix to relay to any domain, from users that are SASL verified?

----------

## mglauche

put something like this in your main.cf

```

pwcheck_method: = saslauthd

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains

```

----------

## mglauche

put something like this in your main.cf

```

pwcheck_method: = saslauthd

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains

```

----------

## mglauche

put something like this in your main.cf

```

pwcheck_method: = saslauthd

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains

```

----------

## aardvark

 *mglauche wrote:*   

> put something like this in your main.cf
> 
> ```
> 
> pwcheck_method: = saslauthd
> ...

 

You're a smart guru, making sure your messages get read enough  :Twisted Evil: 

----------

## iloose2

It still fails, here is the log:

```
Oct 23 22:58:33 [imapd-ssl] Connection, ip=[x.x.x.x]

Oct 23 22:58:33 [imapd-ssl] LOGIN, user=username, ip=[x.x.x.x]

Oct 23 22:58:34 [imapd-ssl] Connection, ip=[x.x.x.x]

Oct 23 22:58:34 [imapd-ssl] LOGIN, user=username, ip=[x.x.x.x]

Oct 23 22:59:05 [postfix/smtpd] warning: x.x.x.x: address not listed for hostname ip-xx-cityname-xx-xx-xx-xx.ispnamehere.com

Oct 23 22:59:05 [postfix/smtpd] connect from unknown[x.x.x.x]

Oct 23 22:59:05 [postfix/smtpd] CA7F43F2A: client=unknown[x.x.x.x]

Oct 23 22:59:05 [postfix/smtpd] reject: RCPT from unknown[x.x.x.x]: 554 <usernamehere@yahoo.com>: Recipient address rejected: Relay access denied

```

----------

## mglauche

 *aardvark wrote:*   

> 
> 
> You're a smart guru, making sure your messages get read enough 

 

sorry, gentoo forum was messed up, got some weired error about not being able to send email ...

----------

## mglauche

back to original topic:

are you sure your client is authenticating ? I think there should be some sasl/login infomation in the logfile when you use authentication. Also check the other logs for sasl errors.

One thing that could be happen if u use sasl and smptd in chroot() mode that sasl can't find the sasdb or the socket file for saslauthd. In this case check the postfix chroot dir, the ../var/.. inside it, and make a hard link from the original socket/sasldb to the corresponding locations

----------

## iloose2

```

Oct 25 01:08:07 [postfix/smtpd] connect from unknown[x.x.x.x]

Oct 25 01:08:07 [PAM_pwdb] check pass; user unknown

Oct 25 01:08:08 [saslauthd] AUTHFAIL: user=user@domain.com service=smtp realm=domain.com [PAM auth error]

Oct 25 01:08:08 [postfix/smtpd] warning: unknown[x.x.x.x]: SASL LOGIN authentication failed

Oct 25 01:08:09 [postfix/smtpd] disconnect from unknown[x.x.x.x]

```

main.cf :

```

pwcheck_method: = saslauthd

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, ch$

smtpd_sasl_security_options = noanonymous

# client

smtp_sasl_auth_enable = yes

```

smtpd.conf:

```

pwcheck_method:saslauthd

```

----------

