# Postfix: Relay access denied [Solved]

## Ma3oxuct

Here is my postfix set up:

```
Ma3oxuct andrey # postconf -n

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/lib/postfix

debug_peer_level = 2

home_mailbox = .maildir/

html_directory = /usr/share/doc/postfix-2.3.6/html

inet_interfaces = all

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain $mydomain

mydomain = afalko.homelinux.net

myhostname = Ma3oxuct.afalko.homelinux.net

myorigin = $mydomain

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.3.6/readme

relayhost = smtp-server.rdc-nyc.rr.com

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtpd_tls_CAfile = /etc/postfix/cacert.pem

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_key_file = /etc/postfix/newkey.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

smtpd_use_tls = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

```

When I send mail using mutt, everything happens as it is supposed to. However, when I send from Thunderbird or another client, I get the following error regardless of whether I have encryption enabled or not:

```
Feb 26 22:58:04 [postfix/smtpd] TLS connection established from cago-ma3oxuct.carl.resnet.columbia.edu[160.39.200.28]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Feb 26 22:58:04 [postfix/smtpd] NOQUEUE: reject: RCPT from cago-ma3oxuct.carl.resnet.columbia.edu[160.39.200.28]: 554 5.7.1 <asf2125@columbia.edu>: Relay access denied; from=<andrey@afalko.homelinux.net> to=<asf2125@columbia.edu> proto=ESMTP helo=<[192.168.1.100]>

Feb 26 22:58:05 [postfix/smtpd] lost connection after RCPT from cago-ma3oxuct.carl.resnet.columbia.edu[160.39.200.28]

Feb 26 22:58:05 [postfix/smtpd] disconnect from cago-ma3oxuct.carl.resnet.columbia.edu[160.39.200.28]
```

What can I do to be able to send mail from connecting clients?

Thanks in advance for any help.Last edited by Ma3oxuct on Fri Mar 02, 2007 6:29 pm; edited 1 time in total

----------

## Mr.C.

You've established a secure connection with postfix (TLS), but are not authenticated (SASL).   Postfix doesn't know you from any random spammer.  If postfix allowed anyone to relay through it, your server becomes an open relay, and you don't want that.

There are several ways you can authenticate yourself with your server: a) pop before smtp (weak), ssh tunnel/vpn (ok, but troublesome for more than a few users), or SASL (best choice).

Read up on:

http://www.postfix.org/SASL_README.html

----------

## Ma3oxuct

Thanks for the reply, Mr.C.. I have further issues however. Here are my new additions to main.cf:

```
smtpd_sasl_auth_enable = yes

#smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated

smtpd_sasl_authenticated_header = yes

smtpd_sasl_application_name = smtpd

smtpd_sasl_path = smtpd
```

I am using saslauthd, which is a part of cyrus-sasl:

```
emerge -pv cyrus-sasl

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] dev-libs/cyrus-sasl-2.1.22-r1  USE="berkdb crypt gdbm java pam postgres ssl -authdaemond -kerberos -ldap -mysql -ntlm_unsupported_patch -sample -srp -urandom" 0 kB
```

My smtpd.conf says, 

```
pwcheck_method: pam
```

but I have tried things like passwd, shadow to no avail. I always get this:

```
Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

                - Last output repeated twice -

Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication failure: no secret in database

Mar  2 01:49:03 [postfix/smtpd] warning: cago-ma3oxuct.carl.resnet.columbia.edu[160.39.200.28]: SASL CRAM-MD5 authentication failed: authentication failure

Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

                - Last output repeated twice -

Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication failure: no secret in database

Mar  2 01:49:03 [postfix/smtpd] warning: cago-ma3oxuct.carl.resnet.columbia.edu[160.39.200.28]: SASL NTLM authentication failed: authentication failure

Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

                - Last output repeated twice -

Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication problem: unknown password verifier

Mar  2 01:49:03 [postfix/smtpd] warning: SASL authentication failure: Password verification failed
```

And it do remember to restart saslauthd...

I know that I am missing some small detail, but I can't see what that detail could be.

Thank you in advance for any help.

----------

## robodeath

Here's my setup that works.  I think its a round about way, but it works.  Might not help because i'm using a mysql db, but i'll post it.

main.cf

```
smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

```

smtpd.conf

```
pwcheck_method: saslauthd

mech_list: LOGIN PLAIN

saslauthd_path:/var/run/saslauthd/mux

```

inside /etc/init.d/saslauthd

```
MECH=pam
```

/etc/pam.d/smtp

```
auth sufficient pam_mysql.so user=user passwd=password host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

account required pam_mysql.so user=user passwd=password host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

```

----------

## Ma3oxuct

I got it working!!! Thank you robodeath!

1) I made main.cf have the same settings as robodeath.

2) I made smtpd.conf the same as it is here: http://www.nervous.it/txt/Postfix-SMTP-AUTH-4-DUMMIES.html :

```
pwcheck_method: saslauthd

mech_list: PLAIN LOGIN

log_level: 5
```

3) I set MECH=pam in /etc/init.d/saslauthd 

4) I restarted saslauthd . 

Note:  In the debugging process I also recompiled cyrus-sasl with -gdbm

----------

