Welcome to the Linux Foundation Forum!

Exercise 9.4 - Enable relaying using SMTP Auth in postfix.

Elyas
Elyas Posts: 28
edited October 2017 in LFS211 Class Forum

I am not sure, but I believe there might be a confusion in this exercise.

In the beginning of the exercise we ensure that mynetworks_style is set to host


postconf -e "mynetworks_style = host"

Later it is sais that any system on our subnet is permitted to relay due to permit_mynetworks.


6. Test plain text authentication from a remote host. Notice that any system on our subnet will be allowed to relay due to permit mynetworks. If you wish to test on a single machine eliminate the permit mynetworks entry from smtpd recipient restrictions to force all relaying to authenticate.

This is confusing for me because I thought that we defined mynetworks to be host instead of subnet.

Is there something I am missing or maybe it is an error in the exercise? Would someone please be so kind and give us some certitude?

 

Another point is the access via telnet. I get the message


Connection closed by foreign host.

In the log file under /var/log/maillog I can see the following information:


Sep 17 12:31:21 localhost postfix/smtpd[3873]: warning: SASL: Connect to private/auth failed: No such file or directory Sep 17 12:31:21 localhost postfix/smtpd[3873]: fatal: no SASL authentication mechanisms

 

I try to connect via telnet from my host machine (e.g. 192.168.0.17) to my virtual machine (e.g. 192.168.0.30), on which I had set up postfix and dovecot. I am not sure why I cannot connect. When I check the status of the processes then it looks ok to me; both, postfix and dovecot, are in status active(running).

Could someone please help out with this?

Comments

  • lee42x
    lee42x Posts: 380
    edited October 2017

    Thank you for your input

    The first challange, the section 9.4.6.  The "smtpd_recipient_restrictions" section will allow any system access depending on the content of "permit_mynetworks" and we have it set to "host" so any other host except us will have to be authenticated. This would require a second system to test the authentication. By removing "permit_mynetworks" from "smtpd_recipiient_restrictions" ALL connections trying to relay will require authentication. 

    Does that help?   

    In the second bit, the telnet connection to port 25, lets first check that step 6 works to "localhost", if that works, try to connect to your ip address 192.168.0.30 from the vm system (same machine just a different IP).  Please check the status of the firewall (firewalld or iptables).  

  • Elyas
    Elyas Posts: 28
    edited October 2017

    Thank you. Now I understand it better.

    Regarding Telnet, it was my firewall. I'm getting used to it now. I wish in the logs I would have better hints in that regard though.

    Thanks for your help.

Categories

Upcoming Training