# [SOLVED] Postfix SASL Realyhost

## Midyr2

Hi,

I want to configure my postfix this way, that I access my server via internet and my server forward these mails to my provider.

Incoming mailing works

I tried many hints from many forums, but nothing works.

I get this error:

nuada postfix/smtp[23303]: BB09E25C03: to=<yy@yyy.com>, relay=PROVIDER.de[xxx]:587, delay=0.16, delays=0/0/0.11/0.05, dsn=5.7.1, status=bounced (host PROVIDER.de[xxx] said: 554 5.7.1 <DSL-ip.de[xxxx]>: Client host rejected: Access denied (in reply to RCPT TO command))

postconf -n

```

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

home_mailbox = .maildir/

html_directory = no

inet_protocols = ipv4

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

meta_directory = /etc/postfix

mydestination = localhost.$mydomain, localhost, $myhostname

mydomain = MYDOMAIN.de

myhostname = HOST.MYDOMAIN.de

mynetworks = 192.xxx.x.x/16, 127.0.0.0/8

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = no

relayhost = [PROVIDER.de]:587

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

shlib_directory = /usr/lib64/postfix/${mail_version}

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl_password

smtp_sasl_security_options = noplaintext,noanonymous

smtp_sasl_tls_security_options = noanonymous

smtp_use_tls = no

smtpd_recipient_restrictions = permit_mynetworks

smtpd_relay_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_local_domain = MYDOMAIN.de

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_tls_cert_file = fullchain.pem

smtpd_tls_key_file = privkey.pem

smtpd_tls_security_level = may

unknown_local_recipient_reject_code = 550
```

```

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (no)    (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

          -o receive_override_options=no_address_mappings

          -o content_filter=amavis:[127.0.0.1]:10024

smtps     inet  n       -       n       -       -       smtpd

          -o smtpd_tls_wrappermode=yes

            -o receive_override_options=no_address_mapping

            -o content_filter=amavis:[127.0.0.1]:10024

pickup    unix  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      unix  n       -       n       300     1       qmgr

#qmgr     unix  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

proxywrite unix -       -       n       -       1       proxymap

smtp      unix  -       -       n       -       -       smtp 

relay     unix  -       -       n       -       -       smtp

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

amavis     unix    -       -       n       -       2       smtp

    -o smtp_data_done_timeout=1200s

    -o smtp_never_send_ehlo=yes

    -o disable_dns_lookups=yes

localhost:10025 inet    n       -       n       -       -       smtpd

  -o smtp_dns_support_level=enabled

  -o content_filter=

  -o myhostname=HOST.MYDOMAIN.de

  -o local_recipient_maps=

  -o relay_recipient_maps=

  -o smtpd_restriction_classes=

  #-o smtpd_client_restrictions=permit_sasl_authenticated,reject

  -o smtpd_client_restrictions=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o strict_rfc821_envelopes=yes

  -o smtpd_error_sleep_time=0

  -o smtpd_soft_error_limit=1001

  -o smtpd_hard_error_limit=1000

  -o smtpd_client_connection_count_limit=0

  -o smtpd_client_connection_rate_limit=0

  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

```

cat sasl_password

```

[PROVIDER]:587 LOGIN:PASSWORD
```

Any hint?

Midyr

EDIT

If I change the relayhost to

relayhost = [PROVIDER.de]

an change also the entry in sasl_password

I get this error:

 nuada postfix/smtp[27026]: 9326425C03: to=<xxxr@xxx>, relay=PROVIDER.de[ddd]:25, delay=0.19, delays=0.01/0.02/0.11/0.05, dsn=5.7.1, status=bounced (host PROVIDER.de[ssss] said: 554 5.7.1 <xxxxr@xxxx>: Relay access denied (in reply to RCPT TO command))Last edited by Midyr2 on Wed Jan 10, 2018 2:27 pm; edited 2 times in total

----------

## khayyam

 *Midyr2 wrote:*   

> 
> 
> ```
> smtp_use_tls = no
> ```
> ...

 

Midyr2 ... I think this is the source of your problem. I have a similar relay (only with 'relayhost_maps' as I have various relays) and the following is set:

```
smtp_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtp_tls_CApath = /etc/ssl/certs
```

HTH & best ... khay

----------

## Midyr2

 *khayyam wrote:*   

>  *Midyr2 wrote:*   
> 
> ```
> smtp_use_tls = no
> ```
> ...

 

Hi,

yes, you are right. I forgott to enable smtp_use_tls

Thanks

Midyr

----------

