allowing outside users access to mailman lists
in [Postfix]
|
From: Jeff Weinberger on 27 Jan 2010 01:35 --- In postfix-users(a)yahoogroups.com, Wietse Venema <wietse@...> wrote: > > Jeff Weinberger: > [ Charset UTF-8 unsupported, converting... ] > > --- In postfix-users(a)yahoogroups.com, mouss <mouss@> wrote: > > > > > > Jeff Weinberger a ?crit : > > > > I am hoping that this is something fairly simple that I am missing.... > > > > > > > > I have a few lists on a mailman server that I run. Until recently, only > > > > authenticated users (those who have actual accounts on my IMAP/Virtual > > > > mailboxes server and can authenticate via SASL). Now I want to allow > > > > certain users who are not authenticated (i. e. they are outside my > > > > server and domains) to send mail to those lists. > > > > > > > > as far as I can tell, mailman would allow this (I've made them list > > > > owners). But when they try, I'm getting this in my mail log: > > > > > > > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > > > > ns1.siteground235.com <http://ns1.siteground235.com/>[75.125.60.15]: 554 > > > > 5.7.1 <mylist@ > > > > <mailto:mylist@>>: Relay access denied; > > You have not listed the domain in relay_domains, virtual_alias_domains, > virtual_mailbox_domains or mydestination. > > Convince yourself and examine the output from: > > # postconf relay_domains > # postconf virtual_alias_domains > # postconf mailbox_domains > # postconf mydestination > > Wietse > I did this test prior to posting. You'll see in my postconf -n output that: relay_domains = $mydestination, mysql:/etc/postfix/ mysql_relay_domain_maps.cf I then checked with `postmap -q "maillist(a)lists.mylistserver.com" mysql:/etc/postfix/mysql_relay_domain_maps.cf` and it showed up fine. There is a possibility that the MySQL query is returning a result that is not what postfix needs. I have perused the documentation on this repeatedly and found no specification as to what that query should return for postfix to accept the domain. I have tried it where postfix returns the domain ("lists.mylistserver.com" without the quotes) and where it returns the value "OK" (again, without the quotes) and neither one works. If you can offer specifics on what that query should return, I will make it do so and test again. Otherwise, if the proper return value is one of those noted, I'd appreciate other suggestions on why this might not be working. Thanks!
From: /dev/rob0 on 27 Jan 2010 02:39 On Tue, Jan 26, 2010 at 10:35:23PM -0800, Jeff Weinberger wrote: > > Wietse: > > > > > 5.7.1 <mylist@ > > > > > <mailto:mylist@>>: Relay access denied; > > > > You have not listed the domain in relay_domains, > > virtual_alias_domains, virtual_mailbox_domains or mydestination. > > > > Convince yourself and examine the output from: > > > > # postconf relay_domains > I did this test prior to posting. You'll see in my postconf -n > output that: > > relay_domains = $mydestination, mysql:/etc/postfix/ > mysql_relay_domain_maps.cf This looks strange. Maybe it's a matter of your MUA doing a bad job of line wrapping, or maybe there is a space in there? If you have "mysql:/etc/postfix/ mysql_relay_domain_maps.cf" instead of "mysql:/etc/postfix/mysql_relay_domain_maps.cf", that could surely explain this. You don't need $mydestination in there, take that out. Then show us postconf relay_domains postmap -q <your-munged-domain> mysql:/etc/postfix/mysql_relay_domain_maps.cf ; echo $? > I then checked with `postmap -q "maillist(a)lists.mylistserver.com" > mysql:/etc/postfix/mysql_relay_domain_maps.cf` and it showed up > fine. Wrong query, relay_domains is a list of domains. > There is a possibility that the MySQL query is returning a result > that is not what postfix needs. I have perused the documentation on > this repeatedly and found no specification as to what that query > should return for postfix to accept the domain. The documentation says that if you use a lookup table for this, the lookup result is ignored. All that matters is that a result is returned. > I have tried it where postfix returns the domain > ("lists.mylistserver.com" without the quotes) "Returns"? The domain name would be the lookup key, not necessarily the result, which per above, is ignored. > and where it returns the value "OK" (again, without the > quotes) and neither one works. > > If you can offer specifics on what that query should return, I will > make it do so and test again. > > Otherwise, if the proper return value is one of those noted, I'd > appreciate other suggestions on why this might not be working. You munged the domain name. That's a bad idea in troubleshooting email routing issues. If you typoed your log mung or your postmap query, we are not seeing it, you are on your own. Your logs tell us that the domain is not an authorized destination handled by your Postfix. We will choose to believe your logs. How many domains are there in this relay_domains lookup? SQL maps make sense for large datasets which change frequently. They do not make sense for small, relatively static lists. It also creates a certain risk of mail loss, because class definitions are very important to Postfix. (Mail loss such as you are seeing, for that matter.) So the first suggestion is to use the real domain name, direct copy and paste from logs and command line to your list post. And the second suggestion is to take mysql out of this, just put your list of relay_domains directly into the main.cf file. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
From: Wietse Venema on 27 Jan 2010 08:30 Jeff Weinberger: > > > > Jeff Weinberger: > > [ Charset UTF-8 unsupported, converting... ] > > > --- In postfix-users(a)yahoogroups.com, mouss <mouss@> wrote: > > > > > > > > Jeff Weinberger a ?crit : > > > > > I am hoping that this is something fairly simple that I am > missing.... > > > > > > > > > > I have a few lists on a mailman server that I run. Until recently, > only > > > > > authenticated users (those who have actual accounts on my > IMAP/Virtual > > > > > mailboxes server and can authenticate via SASL). Now I want to allow > > > > > certain users who are not authenticated (i. e. they are outside my > > > > > server and domains) to send mail to those lists. > > > > > > > > > > as far as I can tell, mailman would allow this (I've made them list > > > > > owners). But when they try, I'm getting this in my mail log: > > > > > > > > > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > > > > > ns1.siteground235.com <http://ns1.siteground235.com/>[75.125.60.15]: > 554 > > > > > 5.7.1 <mylist@ > > > > > <mailto:mylist@>>: Relay access denied; > > > > You have not listed the domain in relay_domains, virtual_alias_domains, > > virtual_mailbox_domains or mydestination. > > > > Convince yourself and examine the output from: > > > > # postconf relay_domains > > # postconf virtual_alias_domains > > # postconf mailbox_domains > > # postconf mydestination > > > > Wietse > > > > I did this test prior to posting. You'll see in my postconf -n output that: > > relay_domains = $mydestination, mysql:/etc/postfix/ > mysql_relay_domain_maps.cf > > I then checked with `postmap -q "maillist(a)lists.mylistserver.com" > mysql:/etc/postfix/mysql_relay_domain_maps.cf` and it showed up fine. Sorry, that is incorrect. As documented, Postfix searches relay_domains for the DOMAIN NAME not the email address. http://www.postfix.org/postconf.5.html#relay_domains Also, as documented, relay_domains lookup ignores the result value, it only cares about existence. http://www.postfix.org/postconf.5.html#relay_domains Finally, as documented, don't use MySQL databases BEFORE you have things working with simple main.cf lists or hash tables. http://www.postfix.org/DATABASE_README.html Wietse
From: Jeff Weinberger on 27 Jan 2010 12:23 --- In postfix-users(a)yahoogroups.com, Wietse Venema <wietse@...> wrote: > > Jeff Weinberger: > > > > > > Jeff Weinberger: > > > [ Charset UTF-8 unsupported, converting... ] > > > > --- In postfix-users(a)yahoogroups.com, mouss <mouss@> wrote: > > > > > > > > > > Jeff Weinberger a ?crit : > > > > > > I am hoping that this is something fairly simple that I am > > missing.... > > > > > > > > > > > > I have a few lists on a mailman server that I run. Until recently, > > only > > > > > > authenticated users (those who have actual accounts on my > > IMAP/Virtual > > > > > > mailboxes server and can authenticate via SASL). Now I want to allow > > > > > > certain users who are not authenticated (i. e. they are outside my > > > > > > server and domains) to send mail to those lists. > > > > > > > > > > > > as far as I can tell, mailman would allow this (I've made them list > > > > > > owners). But when they try, I'm getting this in my mail log: > > > > > > > > > > > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > > > > > > ns1.siteground235.com <http://ns1.siteground235.com/>[75.125.60.15]: > > 554 > > > > > > 5.7.1 <mylist@ > > > > > > <mailto:mylist@>>: Relay access denied; > > > > > > You have not listed the domain in relay_domains, virtual_alias_domains, > > > virtual_mailbox_domains or mydestination. > > > > > > Convince yourself and examine the output from: > > > > > > # postconf relay_domains > > > # postconf virtual_alias_domains > > > # postconf mailbox_domains > > > # postconf mydestination > > > > > > Wietse > > > > > > > I did this test prior to posting. You'll see in my postconf -n output that: > > > > relay_domains = $mydestination, mysql:/etc/postfix/ > > mysql_relay_domain_maps.cf > > > > I then checked with `postmap -q "maillist@..." > > mysql:/etc/postfix/mysql_relay_domain_maps.cf` and it showed up fine. > > Sorry, that is incorrect. > > As documented, Postfix searches relay_domains for the DOMAIN NAME > not the email address. > http://www.postfix.org/postconf.5.html#relay_domains > > Also, as documented, relay_domains lookup ignores the result value, > it only cares about existence. > http://www.postfix.org/postconf.5.html#relay_domains > > Finally, as documented, don't use MySQL databases BEFORE you have things > working with simple main.cf lists or hash tables. > http://www.postfix.org/DATABASE_README.html > > Wietse > OK, point taken. I have now, based on your suggestion tested the following: `postmap -q "maillist(a)lists.mylistserver.com" mysql:/etc/postfix/ mysql_relay_domain_maps.cf` and `postmap -q "lists.mylistserver.com" mysql:/etc/postfix/ mysql_relay_domain_maps.cf` Both returned successful results. I tested this extensively with the domains typed in to mail.cf before I moved to mysql queries, but at your suggestion, I tested this also. I changed main.cf so the only "relay_domains" entry is: relay_domains=lists.mylistserver.com I executed `sudo postfix reload` and the confirmed the setting with `postconf -n` The result did not change. I received the same NOQUEUE message in my logs (it is identical in every character to the one I posted previously, with the exception of the timestamp). I suspect you may have other suggestions as to how to address the relay domain issue, and I would appreciate them, and will do my best to try them. However, I am coming to believe that the issue is not in the relay domains, but rather in a sender or recipient restriction. I believe this because whenever I send to any address within lists.mylistserver.com from a user who is SASL-authenticated on my server, the message goes successfully. When I send to any address within lists.mylistserver.com from any user (address) outside my server (not authenticated on my server, simply sending to it), this error occurs. I think in my attempts to ensure tight security on the server, I've disallowed external senders to lists, but I can't see how exactly. Any help on the question on how I might be disallowing external senders to *@lists.mylistserver.com would be much appreciated. Thank you.
From: Wietse Venema on 27 Jan 2010 12:30 Jeff Weinberger: > I changed main.cf so the only "relay_domains" entry is: > > relay_domains=lists.mylistserver.com You need to verify this with the command postconf -n It's no good posting unverified cut-and-paste to the mailing list. Wietse
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: multiple IPs in and out Next: QUESTION about 'reject_sender_login_mismatch' |