We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

POSTFIX ERROR 554 5.7.1 - Relay Access Denied


Ice_dj
06/04/2015, 21:57
Creo que lo voy pillando.
Al menos ya me envia desde outlook, sin añadir 0.0.0.0/0 a permit_networks
Lo único, que tengo que marcar "este servidor precisa una conexion cifrada SSL". ¿Alguna pista para que no tenga que estar marcado eso?

Gracias dgranda por la ayuda

Ice_dj
06/04/2015, 14:49
Juraría que lo había puesto, pero no se debió copiar

Código:
[root@server1 postfix]# openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
   i:/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDszCCApsCBFREycYwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAlVTMREw
DwYDVQQIEwhWaXJnaW5pYTEQMA4GA1UEBxMHSGVybmRvbjESMBAGA1UEChMJUGFy
YWxsZWxzMRgwFgYDVQQLEw9QYXJhbGxlbHMgUGFuZWwxGDAWBgNVBAMTD1BhcmFs
bGVscyBQYW5lbDEhMB8GCSqGSIb3DQEJARYSaW5mb0BwYXJhbGxlbHMuY29tMB4X
DTE0MTAyMDA4MzcyNloXDTE1MTAyMDA4MzcyNlowgZ0xCzAJBgNVBAYTAlVTMREw
DwYDVQQIEwhWaXJnaW5pYTEQMA4GA1UEBxMHSGVybmRvbjESMBAGA1UEChMJUGFy
YWxsZWxzMRgwFgYDVQQLEw9QYXJhbGxlbHMgUGFuZWwxGDAWBgNVBAMTD1BhcmFs
bGVscyBQYW5lbDEhMB8GCSqGSIb3DQEJARYSaW5mb0BwYXJhbGxlbHMuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrpl5ikxEFnNxEBNece5jOyc
pgHQQacaMWTMf0z3AwWPzVxRq878xghVtcUcMAAy8BKh28p0+emrKCC7eX3+tsr9
IkMqUTslPEMgVfbiubwp6DlTRKexf2tJZdfzKvpMGDYjmVM9yFEdsMBpXv2JoXGg
Evb0ZoxCbqXcMldajfv7NXJLMb8JGJSxqsZc8BeTpgvbrDHPVKG4GP1XHkh11rF1
IPBiMoqvMj1bJizozbiaIEtYP8UO/++w4I9Bg+V3ammNr4UPTe5hsDPrKCZ2Om1Q
ZGB1QImrHWpjdxIC4mzjEHe63jtTpfNnxU5faS5S+OWftURh/OJTYjbZmTRsIQID
AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAM9nLPSZGPJ+S3c6SBGaxSJBLXVisowvIn
fHszcPrZfSE3lfxvUohffonvUx+hw/UKm9VuZInP1iSHfcG3EN3WZBNlPXRGq4D3
tY9p4KqjzN7rkD2MtMwiDD/jGmawmX0pR04Oh8H+lsaSCIF/vvUrF99u7kipdb+b
9j+1Vkcqv2dOW0jLSz5R5vBQv/QDiTKaOA7wCxQR92XVA6z+3MVjMpuQduI/xgdq
pYbp6nu2L44xRJNRAdSCkfzEQf9emherkA33W0LRf2SNDQaUZIL4hgFucnLxvH9q
ZCpfW7egufB5vpF6W6fSiLuveYF/glsmO5X9232FyCuVcBo1al8p
-----END CERTIFICATE-----
subject=/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
issuer=/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1733 bytes and written 418 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: D620A40444DF46DABF6F9A03CA8F8D1DD06AC70D409600A392AC19BD03508D2E
    Session-ID-ctx:
    Master-Key: 6C2AAF4D4BEEA78840FB5D1673F9B3FD1636F2B70E8F9267D8EB881FD952789D8FAAC3FC20E4FFC720F268F6032D512C
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1428324385
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN
EHLO localhost
250-host
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5
250-AUTH=CRAM-MD5 DIGEST-MD5
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
closed

dgranda
06/04/2015, 09:44
¿Cómo piensas investigar lo que pasa con la autenticación del cliente si tienes puesta una regla precedente que da por válida cualquier dirección IP? :confused:

Tienes puesta la siguiente directiva en tu configuración de Postfix:

smtpd_tls_auth_only = yes
Significa que solamente permites la autenticación de clientes usando un canal cifrado. ¿Cómo esperas probar la autenticación usando telnet?. En un mensaje anterior te ponía explícitamente que lo probases usando openssh.

En fin... suerte.

Ice_dj
05/04/2015, 21:43
Cita Publicado inicialmente por dgranda

1.- Incrementa el nivel de log para ver qué está pasando con la configuración actual (ver http://www.postfix.org/DEBUG_README.html#verbose) y haz una prueba.

¿Está indicado en los clientes de correo que tienen que conectarse al servidor de manera cifrada?
Código:
Apr  5 21:19:19 server1 postfix/smtpd[25584]: connection established
Apr  5 21:19:19 server1 postfix/smtpd[25584]: master_notify: status 0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: name_mask: resource
Apr  5 21:19:19 server1 postfix/smtpd[25584]: name_mask: software
Apr  5 21:19:19 server1 postfix/smtpd[25584]: connect from my_host[my_ip]
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? [::1]/128
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? [::1]/128
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? ip_servidor
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? ip_servidor
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.1/32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.1/32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: send attr request = connect
Apr  5 21:19:19 server1 postfix/smtpd[25584]: send attr ident = smtp:my_ip
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: status
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: status
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: 0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: count
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: count
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: 1
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: rate
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: rate
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: 2
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: (list terminator)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: (end)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: report connect to all milters
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "j"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "my_host_server"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{daemon_name}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "my_host_server"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "v"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "Postfix 2.8.17"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: non-protocol events for protocol version 6:
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: transport=inet endpoint=127.0.0.1:12768
Apr  5 21:19:19 server1 postfix/smtpd[25584]: trying... [127.0.0.1]
Apr  5 21:19:19 server1 postfix/smtpd[25584]: vstream_tweak_tcp: TCP_MAXSEG 21845
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: my_version=0x6
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: my_actions=0x1ff SMFIF_ADDHDRS SMFIF_CHGBODY SMFIF_ADDRCPT SMFIF_DELRCPT SMFIF_CHGHDRS SMFIF_QUARANTINE SMFIF_CHGFROM SMFIF_ADDRCPT_PAR SMFIF_SETSYMLIST
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: my_events=0x1fffff SMFIP_NOCONNECT SMFIP_NOHELO SMFIP_NOMAIL SMFIP_NORCPT SMFIP_NOBODY SMFIP_NOHDRS SMFIP_NOEOH SMFIP_NR_HDR SMFIP_NOUNKNOWN SMFIP_NODATA SMFIP_SKIP SMFIP_RCPT_REJ SMFIP_NR_CONN SMFIP_NR_HELO SMFIP_NR_MAIL SMFIP_NR_RCPT SMFIP_NR_DATA SMFIP_NR_UNKN SMFIP_NR_EOH SMFIP_NR_BODY SMFIP_HDR_LEADSPC
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: milter inet:127.0.0.1:12768 version 6
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: events SMFIP_NOUNKNOWN
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_connect: requests SMFIF_ADDHDRS SMFIF_CHGBODY SMFIF_CHGHDRS SMFIF_CHGFROM
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_conn_event: milter inet:127.0.0.1:12768: connect my_host/my_ip
Apr  5 21:19:19 server1 postfix/smtpd[25584]: event: SMFIC_CONNECT; macros: j=my_host_server {daemon_name}=my_host_server v=Postfix 2.8.17
Apr  5 21:19:19 server1 postfix/smtpd[25584]: reply: SMFIR_CONTINUE data 0 bytes
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 220 my_host_server ESMTP Postfix
Apr  5 21:19:19 server1 postfix/smtpd[25584]: < my_host[my_ip]: EHLO SERVIDOR
Apr  5 21:19:19 server1 postfix/smtpd[25584]: report helo to all milters
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{tls_version}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cipher}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cipher_bits}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cert_subject}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cert_issuer}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_helo_event: milter inet:127.0.0.1:12768: helo SERVIDOR
Apr  5 21:19:19 server1 postfix/smtpd[25584]: event: SMFIC_HELO; macros: (none)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: reply: SMFIR_CONTINUE data 0 bytes
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-my_host_server
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-PIPELINING
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-SIZE 51200000
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-ETRN
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-STARTTLS
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-ENHANCEDSTATUSCODES
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-8BITMIME
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250 DSN
Apr  5 21:19:19 server1 postfix/smtpd[25584]: < my_host[my_ip]: STARTTLS
Apr  5 21:19:19 server1 postfix/smtpd[25584]: query milter states for other event
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_other_event: milter inet:127.0.0.1:12768
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 220 2.0.0 Ready to start TLS
Apr  5 21:19:19 server1 postfix/smtpd[25584]: abort all milters
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_abort: abort milter inet:127.0.0.1:12768
Apr  5 21:19:19 server1 postfix/smtpd[25584]: auto_clnt_open: connected to private/tlsmgr
Apr  5 21:19:19 server1 postfix/smtpd[25584]: send attr request = seed
Apr  5 21:19:19 server1 postfix/smtpd[25584]: send attr size = 32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/tlsmgr: wanted attribute: status
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: status
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: 0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/tlsmgr: wanted attribute: seed
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: seed
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: LB213phdKFK3Fwre+r7BEnlih65UtoxSg9nKYYhjz9Q=
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/tlsmgr: wanted attribute: (list terminator)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: (end)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: name_mask: noplaintext
Apr  5 21:19:19 server1 postfix/smtpd[25584]: < my_host[my_ip]: EHLO SERVIDOR
Apr  5 21:19:19 server1 postfix/smtpd[25584]: report helo to all milters
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{tls_version}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "TLSv1"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cipher}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "ECDHE-RSA-AES256-SHA"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cipher_bits}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "256"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cert_subject}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{cert_issuer}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_helo_event: milter inet:127.0.0.1:12768: helo SERVIDOR
Apr  5 21:19:19 server1 postfix/smtpd[25584]: event: SMFIC_HELO; macros: {tls_version}=TLSv1 {cipher}=ECDHE-RSA-AES256-SHA {cipher_bits}=256
Apr  5 21:19:19 server1 postfix/smtpd[25584]: reply: SMFIR_CONTINUE data 0 bytes
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-my_host_server
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-PIPELINING
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-SIZE 51200000
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-ETRN
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-AUTH CRAM-MD5 DIGEST-MD5
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-AUTH=CRAM-MD5 DIGEST-MD5
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-ENHANCEDSTATUSCODES
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250-8BITMIME
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250 DSN
Apr  5 21:19:19 server1 postfix/smtpd[25584]: < my_host[my_ip]: MAIL FROM: 
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? ip_servidor
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? ip_servidor
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.1/32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.1/32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: send attr request = message
Apr  5 21:19:19 server1 postfix/smtpd[25584]: send attr ident = smtp:my_ip
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: status
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: status
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: 0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: rate
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: rate
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute value: 2
Apr  5 21:19:19 server1 postfix/smtpd[25584]: private/anvil: wanted attribute: (list terminator)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: input attribute name: (end)
Apr  5 21:19:19 server1 postfix/smtpd[25584]: extract_addr: input: 
Apr  5 21:19:19 server1 postfix/smtpd[25584]: smtpd_check_addr: addr=email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: ctable_locate: move existing entry key email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: extract_addr: in: , result: email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: report sender to all milters
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "i"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{auth_type}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{auth_authen}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{auth_author}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{mail_addr}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: ctable_locate: leave existing entry key email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "email_origen"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{mail_host}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: ctable_locate: leave existing entry key email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "my_dominio"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: "{mail_mailer}"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: ctable_locate: leave existing entry key email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter_macro_lookup: result "plesk_virtual"
Apr  5 21:19:19 server1 postfix/smtpd[25584]: milter8_mail_event: milter inet:127.0.0.1:12768: mail 
Apr  5 21:19:19 server1 postfix/smtpd[25584]: event: SMFIC_MAIL; macros: {mail_addr}=email_origen {mail_host}=my_domain {mail_mailer}=plesk_virtual
Apr  5 21:19:19 server1 postfix/smtpd[25584]: reply: SMFIR_CONTINUE data 0 bytes
Apr  5 21:19:19 server1 postfix/smtpd[25584]: fsspace: .: block size 4096, blocks free 416515404
Apr  5 21:19:19 server1 postfix/smtpd[25584]: smtpd_check_queue: blocks 4096 avail 416515404 min_free 0 msg_size_limit 51200000
Apr  5 21:19:19 server1 postfix/smtpd[25584]: > my_host[my_ip]: 250 2.1.0 Ok
Apr  5 21:19:19 server1 postfix/smtpd[25584]: < my_host[my_ip]: RCPT TO:  NOTIFY=SUCCESS,FAILURE,DELAY
Apr  5 21:19:19 server1 postfix/smtpd[25584]: extract_addr: input: 
Apr  5 21:19:19 server1 postfix/smtpd[25584]: smtpd_check_addr: addr=email_destino
Apr  5 21:19:19 server1 postfix/smtpd[25584]: ctable_locate: move existing entry key email_destino
Apr  5 21:19:19 server1 postfix/smtpd[25584]: extract_addr: in: , result: email_destino
Apr  5 21:19:19 server1 postfix/smtpd[25584]: name_mask: SUCCESS
Apr  5 21:19:19 server1 postfix/smtpd[25584]: name_mask: FAILURE
Apr  5 21:19:19 server1 postfix/smtpd[25584]: name_mask: DELAY
Apr  5 21:19:19 server1 postfix/smtpd[25584]: >>> START Client host RESTRICTIONS <<<
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_mynetworks
Apr  5 21:19:19 server1 postfix/smtpd[25584]: permit_mynetworks: my_host my_ip
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.0/8
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? ip_servidor
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? ip_servidor
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.1/32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostaddr: my_ip ~? 127.0.0.1/32
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_host: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_list_match: my_ip: no match
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_mynetworks status=0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_sasl_authenticated
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_sasl_authenticated status=0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: >>> END Client host RESTRICTIONS <<<
Apr  5 21:19:19 server1 postfix/smtpd[25584]: >>> START Sender address RESTRICTIONS <<<
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=check_sender_access
Apr  5 21:19:19 server1 postfix/smtpd[25584]: check_mail_access: email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: ctable_locate: move existing entry key email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: check_access: email_origen
Apr  5 21:19:19 server1 postfix/smtpd[25584]: check_domain_access: my_dominio
Apr  5 21:19:19 server1 postfix/smtpd[25584]: check_access: david@
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=check_sender_access status=0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_sasl_authenticated
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_sasl_authenticated status=0
Apr  5 21:19:19 server1 postfix/smtpd[25584]: >>> END Sender address RESTRICTIONS <<<
Apr  5 21:19:19 server1 postfix/smtpd[25584]: >>> START Recipient address RESTRICTIONS <<<
Apr  5 21:19:19 server1 postfix/smtpd[25584]: generic_checks: name=permit_mynetworks
Apr  5 21:19:19 server1 postfix/smtpd[25584]: permit_mynetworks: my_host my_ip
Apr  5 21:19:19 server1 postfix/smtpd[25584]: match_hostname: my_host ~? 127.0.0.0/8
Apr  5 21:19:22 server1 /usr/lib64/plesk-9.0/psa-pc-remote[15395]: Message aborted.
Apr  5 21:19:22 server1 /usr/lib64/plesk-9.0/psa-pc-remote[15395]: Message aborted.
Si, tengo marcado que se autentifique para enviar emails


Desde mi PC
Código:
telnet my_server 25
Conectándose a my_server...No se puede abrir la conexión al host,
 en puerto 25: Error en la conexión
Desde el Server
Código:
[root@server1 postfix]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 host ESMTP Postfix
ehlo localhost
250-host
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

dgranda
05/04/2015, 20:52
Cita Publicado inicialmente por Ice_dj
Añadiendo 0.0.0.0/0 a mynetworks, consigo que envie correctamente, pero lo veo una chapuza
Una chapuza no, pero un agujero de seguridad bastante grande sí.

Todo apunta a que el problema está en la autenticación de los clientes. Opciones para investigar:

1.- Incrementa el nivel de log para ver qué está pasando con la configuración actual (ver http://www.postfix.org/DEBUG_README.html#verbose) y haz una prueba.

2.- Prueba la autenticación vía openssh (ver http://www.postfix.org/SASL_README.html#server_test)

¿Está indicado en los clientes de correo que tienen que conectarse al servidor de manera cifrada?

Ice_dj
05/04/2015, 19:50
Añadiendo 0.0.0.0/0 a mynetworks, consigo que envie correctamente, pero lo veo una chapuza

Ice_dj
05/04/2015, 19:28
He conseguido hacer que envie, añadiendo mi ip a "mynetworks", pero no veo que esa sea la solucion, no voy a añadir "internet entero" a ese campo.

Ice_dj
05/04/2015, 19:07
Cita Publicado inicialmente por dgranda
Uhmmm... parece que la versión de Postfix es la 2.8.17, pero en versiones anteriores a la 2.10 no se contempla la directiva "smtpd_relay_restrictions" (ver http://www.postfix.org/SMTPD_ACCESS_README.html#danger). Por el error parece que podemos saltarnos la directiva "smtpd_sender_restrictions" así que habrá que concentrarse en "smtpd_recipient_restrictions":





Vaya... ¿hay alguna razón para que "reject" sea evaluado antes de "permit_sasl_authenticated"? Tal y como está puesto ahora, no se llegará a evaluar nunca la última condición...

En cuanto a las otras entradas de log, simplemente dejan constancia de que algo ha "saludado" a tu servidor SMTP y se ha ido :-p
He cambiado la linea a como esta aqui debajo:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Y sigue dandome el mismo error

Código:
Apr  5 19:05:33 server1 postfix/smtpd[10177]: connect from [mi_ip]
Apr  5 19:05:33 server1 postfix/smtpd[10177]: NOQUEUE: reject: RCPT from [mi_ip]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Apr  5 19:05:36 server1 postfix/smtpd[10177]: disconnect from [mi_ip]
Apr  5 19:05:36 server1 /usr/lib64/plesk-9.0/psa-pc-remote[9803]: Message aborted.
Apr  5 19:05:36 server1 /usr/lib64/plesk-9.0/psa-pc-remote[9803]: Message aborted.

dgranda
05/04/2015, 14:20
Uhmmm... parece que la versión de Postfix es la 2.8.17, pero en versiones anteriores a la 2.10 no se contempla la directiva "smtpd_relay_restrictions" (ver http://www.postfix.org/SMTPD_ACCESS_README.html#danger). Por el error parece que podemos saltarnos la directiva "smtpd_sender_restrictions" así que habrá que concentrarse en "smtpd_recipient_restrictions":

smtpd_recipient_restrictions = permit_mynetworks reject_unknown_sender_domain reject permit_sasl_authenticated
Vaya... ¿hay alguna razón para que "reject" sea evaluado antes de "permit_sasl_authenticated"? Tal y como está puesto ahora, no se llegará a evaluar nunca la última condición...

En cuanto a las otras entradas de log, simplemente dejan constancia de que algo ha "saludado" a tu servidor SMTP y se ha ido :-p

Ice_dj
04/04/2015, 21:03
Cita Publicado inicialmente por dgranda
Para investigar un poco sería de utilidad saber la configuración usada en postfix y las entradas de log al respecto:

- Configuración postfix: ejecutar 'postconf' (sin comillas) desde línea de comandos.
- Las entradas de log deberían estar en /var/log/mail.log (o algo parecido)

Código:
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
inet_protocols = all
unknown_local_recipient_reject_code = 550
alias_database = hash:/etc/aliases
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop
html_directory = no

manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.8.17/samples
readme_directory = /usr/share/doc/postfix-2.8.17/README_FILES
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtp_send_xforward_command = yes
#---smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
mailbox_size_limit = 0
virtual_mailbox_limit = 0
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
smtpd_sasl_security_options = noplaintext
smtpd_tls_auth_only = yes
tls_ssl_options = NO_COMPRESSION
message_size_limit = 51200000
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
inet_interfaces = all
disable_vrfy_command = yes
mynetworks = , 127.0.0.0/8, /32, 127.0.0.1/32
relay_domains = mydomain.com
smtpd_recipient_restrictions = permit_mynetworks reject_unknown_sender_domain reject permit_sasl_authenticated
smtp_bind_address = 
smtp_bind_address6 = 
broken_sasl_auth_clients = yes
Código:
Apr  4 18:41:09 server1 postfix/smtpd[3998]: connect from [mi_ip_casa]
Apr  4 18:41:09 server1 postfix/smtpd[3998]: NOQUEUE: reject: RCPT from [mi_ip_casa]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Apr  4 18:41:11 server1 postfix/smtpd[3998]: disconnect from [mi_ip_casa]

Aunque ahora, despues de tocar, no tengo ni idea el que, me da el siguiente error:

Código:
Apr  4 20:47:58 server1 postfix/smtpd[8834]: connect from unknown[47.60.39.135]
Apr  4 20:47:58 server1 postfix/smtpd[8834]: lost connection after EHLO from unknown[47.60.39.135]
Apr  4 20:47:58 server1 postfix/smtpd[8834]: disconnect from unknown[47.60.39.135]

dgranda
04/04/2015, 20:08
Para investigar un poco sería de utilidad saber la configuración usada en postfix y las entradas de log al respecto:

- Configuración postfix: ejecutar 'postconf' (sin comillas) desde línea de comandos.
- Las entradas de log deberían estar en /var/log/mail.log (o algo parecido)

salva85
03/04/2015, 17:29
A mi me pasa también, usando virtualmin y postfix.
Desde el webmail (roundcube) se envian y reciben correos sin problemas, pero desde outlook ocurre el error que se comenta y no tengo ni idea de como solucionarlo. He seguido varias guías de Internet, pero nada.

Se agradece cualquier ayuda que podáis aportar.

Ice_dj
03/04/2015, 11:35
Me ocurre lo mismo.
Con qmail funciona correctamente.
¿Alguien tiene idea de como solucionar el fallo?

msoler
27/03/2015, 15:15
Tengo un servidor dedicado con la release 3 que lleva preconfigurado postfix.
Al configurar un cliente de correo (outlook) con una cuenta POP3 de este servidor, puedo recibir correo pero no puedo enviarlo. Al enviar recibo el error:

554 5.7.1 : Relay access denied


He añadido mi dominio al campo "mydestination" del main.cf pero sigue igual.

Alguna idea.

Gracias