Postfix SASL + acceso de retransmisión de acceso denegado

He estado en esto durante un par de horas, y al parecer me estoy perdiendo algo en las nuevas versiones postfix. Tengo el server configurado, y funciona localmente pero cuando bash enviar de una networking remota a través del puerto de la sumisión, consigo siempre "acceso de retransmisión negado". He comprobado manualmente que sasl auth y tls están funcionando correctamente.

Aquí está mi main.cf: queue_directory = / var / spool / postfix

command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix default_privs = nobody myhostname = host.mydomain.com mydomain = mydomain.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain local_recipient_maps = unix:passwd.byname $alias_maps unknown_local_recipient_reject_code = 550 mynetworks_style = class mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104 [::1]/128 relay_domains = $mydestination in_flow_delay = 1s alias_maps = hash:/etc/mail/aliases alias_database = $alias_maps mailbox_command = /usr/libexec/dovecot/dovecot-lda -d "$USER" fast_flush_domains = $relay_domains sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = postdrop inet_protocols = ipv4 ipv6 mailbox_size_limit = 0 disable_vrfy_command = yes smtpd_helo_requinetworking = yes smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_loglevel = 1 smtpd_tls_key_file = /etc/ssl/postfix/server.key smtpd_tls_cert_file = /etc/ssl/postfix/server.pem bounce_queue_lifetime = 2d smtpd_client_restrictions = permit smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain smtpd_data_restrictions = reject_unauth_pipelining mua_client_restrictions = permit_sasl_authenticated, permit mua_helo_restrictions = permit mua_sender_restrictions = permit 

Y mi master.cf:

 smtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache 

Y finalmente la salida de dovecot -n:

 auth_mechanisms = plain login hostname = mail.mydomain.com mail_location = mdbox:~/mdbox managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = failure_show_msg=yes driver = pam } plugin { quota = fs:User quota:user quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@mydomain.com protocols = imap sieve quota_full_tempfail = yes service anvil { client_limit = 1024 } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = </etc/ssl/dovecot/server.pem ssl_key = </etc/ssl/dovecot/server.key userdb { args = blocking=yes driver = passwd } verbose_proctitle = yes protocol lda { mail_plugins = sieve quota } protocol imap { mail_max_userip_connections = 10 mail_plugins = " quota imap_quota acl" } protocol sieve { mail_max_userip_connections = 10 } 

Echa un vistazo a este hilo , Recientemente me mordió por eso.

Si su versión postfix es 2.10, entonces obtendrá una nueva configuration smtpd_relay_restriction . Su valor pnetworkingeterminado es

 # postconf -d smtpd_relay_restrictions smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination 

Por lo tanto, falta permit_sasl_authenticated como su restricción preferida.

Solución: agregue esta línea a main.cf

 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated reject_unauth_destination