Exercise 9.4 - Enable relaying using SMTP Auth in postfix.

Elyas

I am not sure, but I believe there might be a confusion in this exercise.

In the beginning of the exercise we ensure that mynetworks_style is set to host

postconf -e "mynetworks_style = host"

Later it is sais that any system on our subnet is permitted to relay due to permit_mynetworks.

6. Test plain text authentication from a remote host.
Notice that any system on our subnet will be allowed to relay due to permit mynetworks.
If you wish to test on a single machine eliminate the permit mynetworks entry from
smtpd recipient restrictions to force all relaying to authenticate.

This is confusing for me because I thought that we defined mynetworks to be host instead of subnet.

Is there something I am missing or maybe it is an error in the exercise? Would someone please be so kind and give us some certitude?

 

Another point is the access via telnet. I get the message

Connection closed by foreign host.

In the log file under /var/log/maillog I can see the following information:

Sep 17 12:31:21 localhost postfix/smtpd[3873]: warning: SASL: Connect to private/auth failed: No such file or directory
Sep 17 12:31:21 localhost postfix/smtpd[3873]: fatal: no SASL authentication mechanisms

 

I try to connect via telnet from my host machine (e.g. 192.168.0.17) to my virtual machine (e.g. 192.168.0.30), on which I had set up postfix and dovecot. I am not sure why I cannot connect. When I check the status of the processes then it looks ok to me; both, postfix and dovecot, are in status active(running).

Could someone please help out with this?

lee42x

Thank you for your input

The first challange, the section 9.4.6.  The "smtpd_recipient_restrictions" section will allow any system access depending on the content of "permit_mynetworks" and we have it set to "host" so any other host except us will have to be authenticated. This would require a second system to test the authentication. By removing "permit_mynetworks" from "smtpd_recipiient_restrictions" ALL connections trying to relay will require authentication. 

Does that help?   

In the second bit, the telnet connection to port 25, lets first check that step 6 works to "localhost", if that works, try to connect to your ip address 192.168.0.30 from the vm system (same machine just a different IP).  Please check the status of the firewall (firewalld or iptables).  

Elyas

Thank you. Now I understand it better.

Regarding Telnet, it was my firewall. I'm getting used to it now. I wish in the logs I would have better hints in that regard though.

Thanks for your help.