0

I have a postfix mail server with sql authentication and I want to implement sieve on it.

Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign destination. So practically a email coming from sender@live.de for the local user testuser@server.net should be redirected to destination@gmail.com when the subject contains "redirect"

if header :contains ["subject"] ["redirect"]  {redirect "destination@gmail.com"; stop;}

when I test it I get the following log entry

postfix/smtpd[32114]: NOQUEUE: reject: RCPT from mail.server.net[xx.xx.xx.xx]: 554 5.7.1 <destination@gmail.com>: Relay access denied; from=<sender@live.de> to=<destination@gmail.com> proto=ESMTP helo=<mail.server.net>

How can I tell postfix to let dovecot/sieve relay the email?

can somebody give a hint?

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 15
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
home_mailbox = mail/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mail.server.net, localhost
myhostname = mail.server.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_authenticated_sender_login_mismatch, reject_unknown_sender_domain
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot

dovecot -n

# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot/dovecot.debug.log
disable_plaintext_auth = no
first_valid_gid = 99
first_valid_uid = 99
hostname = maxi.zp1.net
info_log_path = /var/log/mail.info
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = xxx.xxx.xxx.xxx
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready, Sir.
mail_debug = yes
mail_gid = 99
mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/
mail_plugins = acl
mail_uid = 99
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  location = maildir:/var/mail/public
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  acl_anyone = allow
  acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box from subject msgid size
  sieve = ~/.dovecot.sieve
  sieve_default = /var/lib/dovecot/sieve/default.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /var/lib/dovecot/sieve/global/
  sieve_max_actions = 64
  sieve_user_log = ~/.dovecot.sieve.log
}
postmaster_address = root@server.net
protocols = " imap sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
  unix_listener auth-userdb {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  service_count = 1
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
submission_host = smtp.server.net
userdb {
  args = uid=vmail gid=vmail home=/var/vmail/%u
  driver = static
}
verbose_proctitle = yes
protocol lda {
  mail_plugins = acl sieve
}
protocol imap {
  mail_plugins = acl autocreate acl imap_acl
}
protocol sieve {
  mail_max_userip_connections = 10
}
  • What the output of `postconf -n`? – masegaloeh Sep 22 '14 at 12:29
  • Umm, why `relay_domains` value becomes *permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit_inet_interfaces* – masegaloeh Sep 22 '14 at 13:42
  • Since you've redacted the domains, it's difficult to tell which servers are yours, and which are not. Do you control `mail.server.net`, and if not, why do you think it should be prepared to relay this email? – MadHatter Sep 22 '14 at 14:24
  • @masegaloeh i commented relay_domains out, restarted the server and still it is `Relay access denied;` –  Sep 22 '14 at 16:48
  • @MadHatter `live.de` belongs to Hotmail, `gmail` belongs to Google and my domain is `server.net`, mailserver is `mail.server.net` –  Sep 22 '14 at 16:50
  • What is wrong with my Question? why did you vote down? –  Sep 22 '14 at 17:20
  • Mouse over the down arrow; the popup says "*This question does not show any research effort; it is unclear or not useful*". Downvotes without comment may be presumed to be for at least one of those reasons. – MadHatter Sep 22 '14 at 17:44
  • And as regards servers, is the server on which you are getting the log entry that begins `postfix/smtpd[32114]:` also `mail.server.net`, or is it another system? It is `mail.server.net` that is giving the refusal-to-relay, I'm trying to get straight in my own head whether we're dealing with one or two systems, here. – MadHatter Sep 22 '14 at 17:46
  • @MadHatter I do not want to post the true server name to not expose it to hacker who may take advantage of the exposed settings here. Why do you insist to know the server name as it is irrelevant for the described failure. –  Sep 22 '14 at 19:33
  • @MadHatter this is no research publishing site here. I am working on this configuration since about 2 month, and i tried several things. I thing its irrelevant to publish all things I tried and failed. –  Sep 22 '14 at 19:37

1 Answers1

3

I don't know for certain, if Pigeonhole implements client SMTP AUTH, but I found no setting for it. On the other hand, you can use a sendmail script instead of SMTP to circumvent that limitation.

See:

# Binary to use for sending mails.
#sendmail_path = /usr/sbin/sendmail

# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
submission_host = localhost

ALSO There is something called SRS Sender_Rewriting_Scheme, that would create the possibility by adding and removing some headers to transform a normal email in a enveloped email. There also is a RFC 5293 that specifies the sieve commands "addheader" and "deleteheader" what permit alteration email but it seems like Pigeonhole Sieve is not supporting it yet.

Community
  • 1
Max Muster
  • 337
  • 2
  • 6
  • 27