smtp-AUTH :relay access denied

I have solved the problem with smtp -auth. ( relay access denied ) and thought i would share my configuration the with those who are facing similar issues My system is FC4 and i wanted a basic requirement of system users on my mail server ( only one domain ) . setting up of postfix in this case is pretty easy but smth-AUTH as major problem. Here are some of my tips and configuration files i sued to authenticate users through PAM instead of the /etc/shadow . { note: for to users authenticate r through /etc/shadow you would need to allow postfix have read permission to the /etc/shadow file , which would be a security risk by default /etc/shadow is 400 }

the testsaslauthd is a command to check is system user authenticate testsaslauthd -u testpostfix -p testpostfix

vi /etc/sysconfig/saslauthd # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled to use. MECH="PAM" # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS=

vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd mech_list: PLAIN LOGIN

[root@server227 ~]# rpm -qa grep cyrus cyrus-sasl-2.1.20-6 cyrus-sasl-plain-2.1.20-6 cyrus-sasl-sql-2.1.20-6 cyrus-sasl-md5-2.1.20-6 cyrus-sasl-devel-2.1.20-6 cyrus-sasl-gssapi-2.1.20-6 cyrus-sasl-ntlm-2.1.20-6

vi main.cf

enable_server_options = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_application_name = smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = broken_sasl_auth_clients = yes server_enabled = 1 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains

telnet ipaddress 25

220 mail.foostor.com ESMTP Postfix ehlo localhost 250-mail.foostor.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME

You can alo check the mynetwork_style = subnet and it should work

free web templates

http://www.freelayouts.com/template_categories/1?page=7

--

most amazing HOW TO

http://gentoo-wiki.com/Index:HOWTO

--

Postfix -- TheDefinitiveGuide

postfix important stites

http://www.maiamailguard.com/download.php

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html

http://safari.oreilly.com/0596002122/postfix-CHP-7-SECT-1#X2ludGVybmFsX1RvYz94bWxpZD0wNTk2MDAyMTIyL3Bvc3RmaXgtQ0hQLTc =

http://www.postfix.org/documentation.html
http://www.akadia.com/

http://www.akadia.com/services/postfix_amavisd.html

http://www.linuxjournal.com/article/9454

http://workaround.org/articles/ispmail-etch/#checking-the-logs

http://www.postfix.org/OVERVIEW.html#delivering

http://www.postfix.org/DATABASE_README.html
--

postfix flow chart

httpd access behind the fire wall

If you are having probles in accessin the website which is behind the
fire wall then you may want to use the following command

#system-config-securitylevel ( entre )
you will get the following screen.

choose customise

then choose www ( https) service

save anf restart IPtables

or

You can try something along the lines of:
iptables -A INPUT –p TCP --dport 80 --syn -m limit --limit 5/second -j ACCEPT

your done !!!

--

httpd access behind the fire wall

If you are having probles in accessin the website which is behind the
fire wall then you may want to use the following command

#system-config-securitylevel ( entre )
you will get the following screen.

choose customise

then choose www ( https) service

save anf restart IPtables

your done !!!

--

Remote MYSQL connection error

If you get a error if you try to a mysql databse whose servers IP
is(203.112.28.111 ) from a remote PC and get the following errors

[root@server ~]# mysql -h 203.112.28.111 -u root -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on 203.112.28.111 (113)

Also on the server i cannot stop the firewall setting cuse of security
reasons .....

then i have to do the followingon the mysql databases servers :

In my mysql server where the databes is located , i have edited the
/etc/my.cnf and did the following :
bind-address = host ip
# skip-networking

I log to mysql and
GRANT ALL PRIVILEGES ON *.* TO root@client'sipaddress IDENTIFIED BY
'root's_password';

quit;

Edited the /etc/sysconfig/iptables
i moved :
#########################################################
-A INPUT -p tcp -m tcp -s [clients IP-addr} --dport 3306 --sport
1024:65535 -j ACCEPT
##########################################################
to the top of the firewall rule before the blocking rules ....

Restart the iptables

then frm the then client machine try
mysql -h ipaddresss -u root -p
( you should be able to log to the mysql database )

In case you cannot log to mysql frm remote PC

I you cannot log to mysql frm remote machine on port 3306 you need to
do the following

mysql -u root -p

use mysql;

UPDATE mysql.user SET Host='%', User='root' WHERE Host='localhost' AND
User='root'

FLUSH PRIVILEGES;

--