This discussion is locked
-
All replies
-
Helpful answers
Page
1
Next
-
Nov 27, 2010 10:29 AM in response to Scott Howeby MrHoffman,Usual guess: your clients are not authorized for access, or your mail server is misconfigured.
Has DNS (forward, reverse, MX) been verified as correct?
Is the server using the same name as the MX host?
What are the accounts settings differences between the two clients, if any?
Is the same network being used here for mail access from both clients?
What mail submission ports are you using from the clients?
The mail server might not be set to receive mail for the specified domain (if you're aiming mail at the server, and not a remote server), or the mail client might be configured to use port 25 and not an authenticated submission port. -
Nov 27, 2010 11:48 AM in response to MrHoffmanby Scott Howe,The server is using macserver.sapowe.com as machine name and I set up am alias mail.sapowe.com to point to macserver.sapowe.com so Ive been using mail.sapowe.com for settings. Ive tried accessing my mail mainly from inside my network but through two outside hosted accounts, namely gmail and my work email. As far as I know DNS, reverse etc...is all ok. Comcast has repeatedly confirmed that my revese DNS is configured correctly.
One other weird thing that cropped up was I was getting emails saying they were from xxx@mail.sapowe.com or xxx@www.sapowe.com. This has never ocurred before. -
Nov 27, 2010 12:51 PM in response to Scott Howeby MrHoffman,How are your clients configured? These should be set to use authenticated submissions.
Remove the MX record for the macserver.sapowe.com box as a start.
Set the domain name to sapowe.com, the server name to mail.sapowe.com.
Post up the output from (should have asked this before) the +postconf -n+ command.
Also post up the relevant errors from your SMTP log when the relay gets rejected. -
Nov 27, 2010 2:29 PM in response to MrHoffmanby Scott Howe,Here's the postconf
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
header_checks = pcre:/etc/postfix/customheaderchecks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 0
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = sapowe.com
mydomain_fallback = localhost
myhostname = mail.sapowe.com
mynetworks = 10.1.10.1/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org permit
smtpdenforcetls = no
smtpdhelorequired = yes
smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname
smtpdpw_server_securityoptions = gssapi,cram-md5
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
smtpdtlsCAfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .chain.pem
smtpdtls_certfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .cert.pem
smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
smtpdtls_keyfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .key.pem
smtpduse_pwserver = yes
smtpdusetls = yes
tlsrandomsource = dev:/dev/urandom
unknownlocal_recipient_rejectcode = 550
virtualaliasmaps = $virtual_maps
Here's error that are repeating over and over:
Nov 27 17:27:50 macserver postfix/smtpd[21502]: fatal: non-null host address bits in "10.1.10.1/8", perhaps you should use "10.0.0.0/8" instead -
Nov 27, 2010 3:08 PM in response to Scott Howeby MrHoffman,Ok, there's the CIDR specification; fixing the error underneath that diagnostic. Get to this:mynetworks = 10.0.0.0/8
And there's the open question of whether the clients are using an authenticated path; in general, mail clients should not connect to port 25.
I'd probably fix that permit on the end of the client restrictions.
$ sudo postconf -e smtpdclient_restrictions='permitmynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org reject'
$ sudo postfix reload -
Nov 27, 2010 3:34 PM in response to MrHoffmanby Scott Howe,Im not sure what you mean by authenticated path. I have one client using mail set up through the auto setup. I believe it's using CRAM and the other is Entourage. Can you elaborate on what you mean here?
Thanks.
Message was edited by: Scott Howe -
Nov 27, 2010 3:28 PM in response to Scott Howeby Scott Howe,And by the way, this is just the default "Configure Mail Settings" auto setup through Mail Services in Server. Shouldnt that just work? Not to sound TOO stupid but.... -
Nov 27, 2010 4:28 PM in response to Scott Howeby MrHoffman,A mail client connects to the server via IMAP (port 143) or POP (port 110) to read mail from the server into the client, and connects to and sends outgoing mail via an authenticated path, or via port 25.
If you're not specifying an SSL certificate or a username and password, then you're probably aiming at port 25, and that's often going to be a problem.
The authenticated paths are usually 465 or 587. Can also be ports 993 for IMAP SSL and 995 for POP SSL.
Here's a decent article on [SMTP|http://en.wikipedia.org/wiki/SimpleMail_TransferProtocol] and here's a [Tufts write-up on configuring various mail clients|http://uit.tufts.edu/downloads/ChangingSMTPPort25toPort465or587.pdf] (for their servers). The Tufts article shows a variety of clients. For this case, moving to port 587 with a username and password would be a reasonable target for sending mail.
You may choose to enable SSL at the server to protect your passwords, which means you'd then need to enable it at the clients.
[Apple well-known ports (TS1629)|http://support.apple.com/kb/ts1629] -
Nov 27, 2010 4:29 PM in response to Scott Howeby Scott Howe,Sorry again, but also, how do I fix that permit in the postconf file? Im not really good in terminal. Working on it. -
Nov 27, 2010 4:31 PM in response to Scott Howeby MrHoffman,Whether it should or not, you need to ensure your clients are compatible with your server, and you need to ensure the server configuration meets your requirements. There are a gazillion ways to configure mail and mail clients. And there's a whole genre around configuring for anti-spam; see the front-line anti-spam articles on that topic over at [TopicDesk|http://osx.topicdesk.com/content/category/4/18/62> for details. -
Nov 27, 2010 4:35 PM in response to Scott Howeby MrHoffman,How? Launch Terminal.app and enter the two commands I specified in an earlier reply, exactly as specified. You might want to Google around for some materials on this stuff, so that you can better learn and understand what you're doing with the server here. -
Nov 27, 2010 4:47 PM in response to MrHoffmanby Scott Howe,Thanks Mr. Hoffman. As usual, an informative and enlightening discussion. I'll keep digging at it but now I can't even get my own clients to connect let alone get a relay access denied error. Ill check back in. -
Nov 27, 2010 5:12 PM in response to Scott Howeby UptimeJeff,I'm jumping in a little late here......... hopefully this helps...
Are you saying that mail send to your server with recipient address user@sapowe.com is rejected?
The domain "sapowe.com" is not listed as a local domain, so it would be considered a relay and thus refused. To fix this:
ServerAdmin/Mail/Settings/Advanced/Hosting/LocalHostAlias.
Add sapowe.com to that list.
Stop/start mail and you should be good.
Note- because your server is setup for greylisting, some email may be at first be delayed.... do a search for grey listing if you want to know more about this.
Jeff -
Nov 28, 2010 7:08 AM in response to UptimeJeffby Scott Howe,Thanks, now Im able to receive from and to internally from my same address but still nothing from outside.