allowing outside users access to mailman lists
in [Postfix]
|
From: Jeff Weinberger on 26 Jan 2010 16:16 I am hoping that this is something fairly simple that I am missing.... I have a few lists on a mailman server that I run. Until recently, only authenticated users (those who have actual accounts on my IMAP/Virtual mailboxes server and can authenticate via SASL). Now I want to allow certain users who are not authenticated (i. e. they are outside my server and domains) to send mail to those lists. as far as I can tell, mailman would allow this (I've made them list owners). But when they try, I'm getting this in my mail log: Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from ns1.siteground235.com[75.125.60.15]: 554 5.7.1 < mylist(a)lists.mylistserver.com>: Relay access denied; from=< otheruser(a)otherdomain.com> to=<mylist(a)lists.mylistserver.com> proto=ESMTP helo=<serv01.siteground235.com> (names changed to protect the innocent, no data changes of relevance) I've tried a few changes (I'd log them here, if I had documented them, sorry) that I thought would have taken away the authentication requirement, to no avail. this might also me an issue of the HELO domain and the FROM domain being different (which is OK, in this case, but not sure how I have prohibited it, so don't know what to change. The goal is to allow outside users without opening up the mailserver (or the mailman server) to spam, etc... FYI: the transport for everything to lists.mylistserver.com is mailman: and lists.mylistserver.com is in $relay_domains Here are snips from my master.cf that show the path of the message (in smtp, into amavisd content filter, out of amavisd on 10026 and to mailman) smtp inet n - n - - smtpd -o recipient_bcc_maps=mysql:/etc/postfix/mysql_recipient_bcc_maps.cf -o receive_override_options=no_address_mappings -o content_filter=amavisfeedl:[127.0.0.1]:10027 amavisfeedl unix - - n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 localhost:10026 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_auth_destinations,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_delay_reject=no -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= mailman unix - n n - 10 pipe flags=FR user=_mailman argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user} and my `postconf -n` output is below. I'm running Postfix 2.6.5 on Mac OS/X (client) 10.5.8 Any help is appreciated and I will do my best to answer any questions. Thank you! --Jeff -----`postconf -n` output---- alias_database = mysql:/etc/postfix/mysql_alias_maps.cf alias_maps = mysql:/etc/postfix/mysql_alias_maps.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_verp_delimiters = += disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks.pcre html_directory = /etc/postfix/html inet_interfaces = all local_recipient_maps = luser_relay = other(a)jeffweinberger.com mail_owner = _postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 0 mydestination = mysql:/etc/postfix/mysql_mydestination_maps.cf mydomain = jweinberger.homeip.net myhostname = jweinberger.homeip.net mynetworks = 127.0.0.0/8, !10.0.1.1, !10.0.1.210, 10.0.1.0/28 newaliases_path = /usr/bin/newaliases queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = $mydestination, mysql:/etc/postfix/ mysql_relay_domain_maps.cf relay_recipient_maps = relayhost = outbound.mailhop.org sample_directory = /usr/share/doc/postfix/examples sender_canonical_maps = mysql:/etc/postfix/mysql_sender_canonical_maps.cf sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_tls_CAfile = /etc/postfix/certs/demoCA/cacert.pem smtp_tls_cert_file = /etc/postfix/certs/postfix-cert.pem smtp_tls_key_file = /etc/postfix/certs/postfix-key.pem smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtp_use_tls = yes smtpd_data_restrictions = reject_unauth_pipelining smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_helo_required = yes smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/ mysql_check_recipient_access_maps.cf, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service inet: 127.0.0.1:2501, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_sender_login_maps = mysql:/etc/postfix/ mysql_smtpd_sender_login_maps.cf smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/smtpd_sender_restrictions.pcre smtpd_tls_CAfile = /etc/postfix/certs/demoCA/cacert.pem smtpd_tls_cert_file = /etc/postfix/certs/postfix-cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = mysql:/etc/postfix/mysql_peraddress_transport_maps.cf, mysql:/etc/postfix/mysql_virtual_transport_maps.cf unknown_local_recipient_reject_code = 550 verp_delimiter_filter = -=+ virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:102 virtual_mailbox_base = /usr/local/virtual/ virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 0 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 102 virtual_uid_maps = static:102
From: mouss on 26 Jan 2010 18:30 Jeff Weinberger a �crit : > I am hoping that this is something fairly simple that I am missing.... > > I have a few lists on a mailman server that I run. Until recently, only > authenticated users (those who have actual accounts on my IMAP/Virtual > mailboxes server and can authenticate via SASL). Now I want to allow > certain users who are not authenticated (i. e. they are outside my > server and domains) to send mail to those lists. > > as far as I can tell, mailman would allow this (I've made them list > owners). But when they try, I'm getting this in my mail log: > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > ns1.siteground235.com <http://ns1.siteground235.com/>[75.125.60.15]: 554 > 5.7.1 <mylist(a)lists.mylistserver.com > <mailto:mylist(a)lists.mylistserver.com>>: Relay access denied; > from=<otheruser(a)otherdomain.com <mailto:otheruser(a)otherdomain.com>> > to=<mylist(a)lists.mylistserver.com > <mailto:mylist(a)lists.mylistserver.com>> proto=ESMTP > helo=<serv01.siteground235.com <http://serv01.siteground235.com/>> > you need to add lists.mylistserver.com to one (and only one) of mydestination, relay_domains or virtual_maibox_domains. > [snip]
From: Jeff Weinberger on 26 Jan 2010 20:15 --- In postfix-users(a)yahoogroups.com, mouss <mouss@...> wrote: > > Jeff Weinberger a �crit : > > I am hoping that this is something fairly simple that I am missing.... > > > > I have a few lists on a mailman server that I run. Until recently, only > > authenticated users (those who have actual accounts on my IMAP/Virtual > > mailboxes server and can authenticate via SASL). Now I want to allow > > certain users who are not authenticated (i. e. they are outside my > > server and domains) to send mail to those lists. > > > > as far as I can tell, mailman would allow this (I've made them list > > owners). But when they try, I'm getting this in my mail log: > > > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > > ns1.siteground235.com <http://ns1.siteground235.com/>[75.125.60.15]: 554 > > 5.7.1 <mylist@... > > <mailto:mylist@...>>: Relay access denied; > > from=<otheruser@... <mailto:otheruser@...>> > > to=<mylist@... > > <mailto:mylist@...>> proto=ESMTP > > helo=<serv01.siteground235.com <http://serv01.siteground235.com/>> > > > > you need to add lists.mylistserver.com to one (and only one) of > mydestination, relay_domains or virtual_maibox_domains. From my original post: FYI: the transport for everything to lists.mylistserver.com is mailman: and lists.mylistserver.com is in $relay_domains which means that it is not working as you suggest it should.... Any suggestions on where else to look? > > > [snip] >
From: Noel Jones on 26 Jan 2010 20:23 On 1/26/2010 7:15 PM, Jeff Weinberger wrote: > --- In postfix-users(a)yahoogroups.com > <mailto:postfix-users(a)yahoogroups.com>, mouss <mouss@...> wrote: > > > > Jeff Weinberger a �crit : > > > I am hoping that this is something fairly simple that I am missing.... > > > > > > I have a few lists on a mailman server that I run. Until recently, only > > > authenticated users (those who have actual accounts on my IMAP/Virtual > > > mailboxes server and can authenticate via SASL). Now I want to allow > > > certain users who are not authenticated (i. e. they are outside my > > > server and domains) to send mail to those lists. > > > > > > as far as I can tell, mailman would allow this (I've made them list > > > owners). But when they try, I'm getting this in my mail log: > > > > > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > > > ns1.siteground235.com <http://ns1.siteground235.com> > <http://ns1.siteground235.com/>[75.125.60.15]: 554 > > > 5.7.1 <mylist@... > > > <mailto:mylist@ <mailto:mylist@>...>>: Relay access denied; > > > from=<otheruser@... <mailto:otheruser@ <mailto:otheruser@>...>> > > > to=<mylist@... > > > <mailto:mylist@ <mailto:mylist@>...>> proto=ESMTP > > > helo=<serv01.siteground235.com <http://serv01.siteground235.com> > <http://serv01.siteground235.com/>> > > > > > > > you need to add lists.mylistserver.com > <http://lists.mylistserver.com> to one (and only one) of > > mydestination, relay_domains or virtual_maibox_domains. > > From my original post: > > FYI: the transport for everything to lists.mylistserver.com > <http://lists.mylistserver.com/> is mailman: and lists.mylistserver.com > <http://lists.mylistserver.com/> is in $relay_domains > > which means that it is not working as you suggest it should.... The error message says the destination domain is not in relay_domains (or mydestination, virtual_mailbox_domains, virtual_alias_domains). Not much else we can do with the information given. -- Noel Jones > > Any suggestions on where else to look? > > > > > > > [snip] > >
From: Wietse Venema on 26 Jan 2010 20:29 Jeff Weinberger: [ Charset UTF-8 unsupported, converting... ] > --- In postfix-users(a)yahoogroups.com, mouss <mouss@...> wrote: > > > > Jeff Weinberger a ?crit : > > > I am hoping that this is something fairly simple that I am missing.... > > > > > > I have a few lists on a mailman server that I run. Until recently, only > > > authenticated users (those who have actual accounts on my IMAP/Virtual > > > mailboxes server and can authenticate via SASL). Now I want to allow > > > certain users who are not authenticated (i. e. they are outside my > > > server and domains) to send mail to those lists. > > > > > > as far as I can tell, mailman would allow this (I've made them list > > > owners). But when they try, I'm getting this in my mail log: > > > > > > Jan 25 15:18:18 s postfix/smtpd[46331]: NOQUEUE: reject: RCPT from > > > ns1.siteground235.com <http://ns1.siteground235.com/>[75.125.60.15]: 554 > > > 5.7.1 <mylist@... > > > <mailto:mylist@...>>: Relay access denied; You have not listed the domain in relay_domains, virtual_alias_domains, virtual_mailbox_domains or mydestination. Convince yourself and examine the output from: # postconf relay_domains # postconf virtual_alias_domains # postconf mailbox_domains # postconf mydestination Wietse
|
Next
|
Last
Pages: 1 2 3 4 Prev: multiple IPs in and out Next: QUESTION about 'reject_sender_login_mismatch' |