Closed jamenlang closed 3 years ago
Can you share the contents of your config files (with email addresses, etc. redacted)?
/etc/postfix/main.cfg
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_security_level=may
smtpd_use_tls=yes
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_use_tls=yes
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = xoauth2
smtp_tls_security_level = encrypt
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = relay.city
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = relay.[mylocaldomain], relay, localhost.[mylocaldomain], localhost.localdomain, , localhost
relayhost =
relay_domains = [mytlddomain]
mynetworks = [mynetwork1] [mynetwork2] 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
myorigin = /etc/mailname
/etc/postfix/sasl_passwd
special_account1@[mytlddomain] special_account1@[mytlddomain]:/etc/tokens/special_account1@[mytlddomain]
special_account2@[mytlddomain] special_account2@[mytlddomain]:/etc/tokens/special_account2@[mytlddomain]
[smtp.gmail.com]:587 generic_account@[mytlddomain]:/etc/tokens/generic_account@[mytlddomain]
/etc/postfix/sender_relay
special_account1@[mytlddomain] [smtp.gmail.com]:587
special_account2@[mytlddomain] [smtp.gmail.com]:587
I don't see anything obviously wrong in the configs. Do you have logs you can provide?
I thought for sure that something would need to be changed to support the user@domain user@domain:path syntax in sasl_passwd.
I'll email the raw syslog entries.
I'm happy to report that this does work as intended with correctly formed sasl_xoauth2.conf and some chroot modifications.
adding these here before I forget:
$ sudo mkdir -p /var/spool/postfix/etc/ssl/certs $ sudo cp /etc/ssl/certs/ca-certificates.crt /var/spool/postfix/etc/ssl/certs/ca-certificates.crt
symlinking doesn't seem to work.
Yeah, symlinking doesn't let you break out of the chroot jail, sadly. I've updated the README with a note on SSL certs and chroot.
I was looking for a way to set up something like this https://gist.github.com/zmwangx/2c56aa32be68daf48c2f
I'd like to set up one relay server with multiple accounts defined in sasl_passwd (and /etc/tokens) and have the messages send out of the correct account when it comes in.
I tried it like it's outlined in that document, the catchall account [smtp.gmail.com]:587 works every time, but if the sender matches above that line then I get
SASL authentication failure: no worthy mechs found
, thenSASL authentication failed; cannot authenticate to server smtp.gmail.com[173.194.196.108]: no mechanism available