Use EFA as smarthost

Questions and answers about how to do stuff
Post Reply
SPQRInc
Posts: 10
Joined: 27 Mar 2015 17:11

Use EFA as smarthost

Post by SPQRInc »

Hello,

I'm building my EFA-VM at the moment. Is it possible to collect emails from other servers (PLESK) and send them after successfully passing spam-check? I want to limit outgoing spam.

If this is possible: What do I have to do during the installation?

Thanks in advance :-)
SPQRInc
Posts: 10
Joined: 27 Mar 2015 17:11

Re: Use EFA as smarthost

Post by SPQRInc »

Hi,

I configured a test-system right now, but I'm currently having some problems.

My goal is:

Sender -> User-Server (PLESK) -> EFA -> Other Mailserver -> Receipient

Now I activated "Outbound mail relay" (network: IP of user-server) and "Outbound smarthost" (other-mailserver.example.com) and tried to send a test mail.
The last mailserver needs sasl_auth. So I edited /etc/postfix/sasl_passwd on my EFA-server and postmapped this.

Now I tried to send an email from efa via terminal
mail -s "Subject" my@personaladdress.com <<EOF
Test
EOF

The maillog shows the following error:
Mar 27 22:35:38 hostname postfix/smtp[32320]: 5112B18005F: to=<my@private-address.com>, relay=other-mailserver.example.com[123.123.232.1]:25, delay=0.32, delays=0.23/0.03/0.05/0.02, dsn=5.7.1, status=bounced (host other-mailserver@example.com[123.123.232.1] said: 554 5.7.1 <my@private-address.com>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Mar 27 22:35:38 hostname postfix/cleanup[32315]: 28859180060: message-id=<20150327213538.28859180060@hostname.example.com>
Mar 27 22:35:38 hostname postfix/qmgr[32297]: 28859180060: from=<>, size=2918, nrcpt=1 (queue active)
Mar 27 22:35:38 hostname postfix/bounce[32322]: 5112B18005F: sender non-delivery notification: 28859180060
Mar 27 22:35:38 hostname postfix/qmgr[32297]: 5112B18005F: removed
Mar 27 22:35:38 hostname postfix/smtp[32320]: 28859180060: to=<root@example.com>, relay=other-mailserver.example.com[123.123.232.1]:25, delay=0.08, delays=0/0/0.07/0, dsn=5.7.1, status=bounced (host other-mailserver@example.com[123.123.232.1] said: 554 5.7.1 <root@example.com>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Mar 27 22:35:38 hostname postfix/qmgr[32297]: 28859180060: removed

What am I doing wrong?
The usage of Sender -> User server (PLESK) -> other-mailserver (without EFA) worked before (and still does).

Thanks in advance and have a nice weekend :-)
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Use EFA as smarthost

Post by shawniverson »

It appears the sasl auth is not working as you are getting an access denied from the other mailserver.

Try this...

Code: Select all

 postconf -e smtp_sasl_mechanism_filter=digest-md5

Code: Select all

sudo service postfix restart
SPQRInc
Posts: 10
Joined: 27 Mar 2015 17:11

Re: Use EFA as smarthost

Post by SPQRInc »

Hi,

thanks for your answer!

Unfortunately this does not work.

I mentioned, that the error-message is a ted longer than I posted before:

Mar 28 10:11:32 hostname postfix/smtp[17187]: certificate verification failed for other-mailserver.example.com[123.123.232.1]:25: self-signed certificate
Mar 28 10:11:32 hostname postfix/smtp[17187]: 7503D180076: to=<my@private-address.com>, relay=other-mailserver.example.com[123.123.232.1]:25, delay=1.6, delays=1.2/0/0.45/0, dsn=5.7.1, status=bounced (host other-mailserver.example.com[123.123.232.1] said: 554 5.7.1 <my@private-address.com>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Mar 28 10:11:32 hostname postfix/cleanup[17181]: DD130180077: message-id=<20150328091132.DD130180077@hostname.example.com>
Mar 28 10:11:32 hostname postfix/bounce[17192]: 7503D180076: sender non-delivery notification: DD130180077
Mar 28 10:11:32 hostname postfix/qmgr[16868]: 7503D180076: removed
Mar 28 10:11:32 hostname postfix/qmgr[16868]: DD130180077: from=<>, size=2913, nrcpt=1 (queue active)
Mar 28 10:11:32 hostname postfix/smtp[17187]: certificate verification failed for other-mailserver.example.com[123.123.232.1]:25: self-signed certificate
Mar 28 10:11:32 hostname postfix/smtp[17187]: DD130180077: to=<root@example.com>, relay=other-mailserver.example.com[123.123.232.1]:25, delay=0.05, delays=0/0/0.04/0, dsn=5.7.1, status=bounced (host other-mailserver.example.com[123.123.232.1] said: 554 5.7.1 <root@example.com>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Mar 28 10:11:32 hostname postfix/qmgr[16868]: DD130180077: removed

On "other-mailserver" there is a sasl-configuration:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9
saslauthd_path: /var/run/saslauthd/mux
autotransition:true
Something I could do here?

Thanks in advance :-)
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Use EFA as smarthost

Post by shawniverson »

That helps,

Try this mechanism instead:

Code: Select all

sudo postconf -e smtp_sasl_mechanism_filter=plain,login

Code: Select all

sudo service postfix restart 
SPQRInc
Posts: 10
Joined: 27 Mar 2015 17:11

Re: Use EFA as smarthost

Post by SPQRInc »

Hello shawniverson :-)

Unfortunately the error is still the same :-(
[root@hostname rlossin]# tail -f /var/log/maillog
Mar 29 15:55:26 hostname MailScanner[19397]: Started SQL Logging child
Mar 29 15:55:26 hostname postfix/smtp[5375]: certificate verification failed for other-mailserver.example.com[123.123.232.1]:25: self-signed certificate
Mar 29 15:55:26 hostname postfix/smtp[5375]: 61CE618007B: to=<my@private-address.com>, relay=other-mailserver.example.com[123.123.232.1]:25, delay=1.3, delays=1.1/0.08/0.18/0.02, dsn=5.7.1, status=bounced (host other-mailserver.example.com[123.123.232.1] said: 554 5.7.1 <my@private-address.com>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Mar 29 15:55:26 hostname postfix/cleanup[5369]: 7EE4C18007C: message-id=<20150329135526.7EE4C18007C@hostname.example.com>
Mar 29 15:55:26 hostname postfix/qmgr[5361]: 7EE4C18007C: from=<>, size=2922, nrcpt=1 (queue active)
Mar 29 15:55:26 hostname postfix/bounce[5380]: 61CE618007B: sender non-delivery notification: 7EE4C18007C
Mar 29 15:55:26 hostname postfix/qmgr[5361]: 61CE618007B: removed
Mar 29 15:55:26 hostname postfix/smtp[5375]: certificate verification failed for other-mailserver.example.com[123.123.232.1]:25: self-signed certificate
Mar 29 15:55:26 hostname postfix/smtp[5375]: 7EE4C18007C: to=<root@example.com>, relay=other-mailserver.example.com[123.123.232.1]:25, delay=0.05, delays=0/0/0.05/0, dsn=5.7.1, status=bounced (host other-mailserver.example.com[123.123.232.1] said: 554 5.7.1 <root@example.com>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Mar 29 15:55:26 hostname postfix/qmgr[5361]: 7EE4C18007C: removed
Mar 29 15:55:31 hostname MailScanner[19397]: Logging message 30081180078.A8612 to SQL
Mar 29 15:55:31 hostname MailScanner[19397]: Config: calling custom end function SQLBlacklist
Mar 29 15:55:31 hostname MailScanner[5377]: 30081180078.A8612: Logged to MailWatch SQL
Mar 29 15:55:31 hostname MailScanner[19397]: Closing down by-domain spam blacklist
Mar 29 15:55:31 hostname MailScanner[19397]: Config: calling custom end function MailWatchLogging
Mar 29 15:55:31 hostname MailScanner[19397]: Config: calling custom end function SQLWhitelist
Mar 29 15:55:31 hostname MailScanner[19397]: Closing down by-domain spam whitelist
Mar 29 15:55:31 hostname MailScanner[19397]: MailScanner child dying of old age
Mar 29 15:55:31 hostname MailScanner[5395]: MailScanner E-Mail Virus Scanner version 4.84.6 starting...
Mar 29 15:55:31 hostname MailScanner[5395]: Reading configuration file /etc/MailScanner/MailScanner.conf
Mar 29 15:55:31 hostname MailScanner[5395]: Reading configuration file /etc/MailScanner/conf.d/README
Mar 29 15:55:31 hostname MailScanner[5395]: Read 1873 hostnames from the phishing whitelist
Mar 29 15:55:31 hostname MailScanner[5395]: Read 16087 hostnames from the phishing blacklists
Mar 29 15:55:31 hostname MailScanner[5395]: Config: calling custom init function SQLBlacklist
Mar 29 15:55:31 hostname MailScanner[5395]: Starting up SQL Blacklist
Mar 29 15:55:31 hostname MailScanner[5395]: Read 0 blacklist entries
Mar 29 15:55:31 hostname MailScanner[5395]: Config: calling custom init function MailWatchLogging
Mar 29 15:55:31 hostname MailScanner[5395]: Started SQL Logging child
Mar 29 15:55:31 hostname MailScanner[5395]: Config: calling custom init function SQLWhitelist
Mar 29 15:55:31 hostname MailScanner[5395]: Starting up SQL Whitelist
Mar 29 15:55:31 hostname MailScanner[5395]: Read 1 whitelist entries
Mar 29 15:55:31 hostname MailScanner[5395]: Using SpamAssassin results cache
Mar 29 15:55:31 hostname MailScanner[5395]: Connected to SpamAssassin cache database
Mar 29 15:55:31 hostname MailScanner[5395]: Enabling SpamAssassin auto-whitelist functionality...
Mar 29 15:55:38 hostname MailScanner[5395]: Using locktype = flock
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Use EFA as smarthost

Post by shawniverson »

You can PM me if you like. Please be sure to remove passwords and other revealing info.

I need to see your /etc/postfix/main.cf and the format of your sasl_passwd files.
Post Reply