I'm running an SME 9.0 server with all updates installed. One piece of client software on the LAN is unable to send mail to outside destinations. When I check the qpsmtpd logs, I get:
[root@e-smith qpsmtpd]# grep danb35 *
@4000000054fe19b2363a7434.s:@4000000054fe1578084b7b54 21437 dispatching RCPT TO:<danb35@gmail.com>
@4000000054fe19b2363a7434.s:@4000000054fe1578084de86c 21437 to email address : [<danb35@gmail.com>]
@4000000054fe19b2363a7434.s:@4000000054fe15780872a6ac 21437 check_goodrcptto plugin (rcpt): address includes extn '-', checking users: danb35
@4000000054fe19b2363a7434.s:@4000000054fe1578087c998c 21437 check_goodrcptto plugin (rcpt): recipient danb35@gmail.com denied
@4000000054fe19b2363a7434.s:@4000000054fe1578087d7834 21437 Plugin check_goodrcptto, hook rcpt returned DENY, relaying denied danb35@gmail.com
@4000000054fe19b2363a7434.s:@4000000054fe1578087f1a2c 21437 logging::logterse plugin (deny): ` 192.168.1.201 pc-00201.familybrown.org pc-00201.familybrown.org <danb@brownlawoffice.us> check_goodrcptto 901 relaying denied danb35@gmail.com msg denied before queued
@4000000054fe19b2363a7434.s:@4000000054fe1578087ffcbc 21437 550 relaying denied danb35@gmail.com
@4000000054fedd6707b4c934.s:@4000000054fed46b1c17eec4 26784 dispatching RCPT TO:<danb35@gmail.com>
@4000000054fedd6707b4c934.s:@4000000054fed46b1c196d94 26784 to email address : [<danb35@gmail.com>]
@4000000054fedd6707b4c934.s:@4000000054fed46b1c34d14c 26784 check_goodrcptto plugin (rcpt): address includes extn '-', checking users: danb35
@4000000054fedd6707b4c934.s:@4000000054fed46b1c3aa964 26784 check_goodrcptto plugin (rcpt): recipient danb35@gmail.com denied
@4000000054fedd6707b4c934.s:@4000000054fed46b1c3b880c 26784 Plugin check_goodrcptto, hook rcpt returned DENY, relaying denied danb35@gmail.com
@4000000054fedd6707b4c934.s:@4000000054fed46b1c3d2dec 26784 logging::logterse plugin (deny): ` 192.168.1.201 pc-00201.familybrown.org pc-00201.familybrown.org <danb@brownlawoffice.us> check_goodrcptto 901 relaying denied danb35@gmail.com msg denied before queued
@4000000054fedd6707b4c934.s:@4000000054fed46b1c3e1464 26784 550 relaying denied danb35@gmail.com
[root@e-smith ~]# config show qpsmtpd
qpsmtpd=service
Bcc=disabled
BccMode=cc
BccUser=maillog
DNSBL=enabled
LogLevel=8
MaxScannerSize=25000000
RBLList=zen.spamhaus.org
RHSBL=enabled
RelayRequiresAuth=enabled
SBLList=dsn.rfc-ignorant.org
TlsBeforeAuth=1
access=public
qplogsumm=disabled
status=enabled
[root@e-smith ~]#
The client is configured to authenticate with username and password, but no encryption--it's unable to connect with SSL or TLS, likely due to using my own CA certificate (the client software isn't very helpful with error logging). From what I can tell at
http://wiki.contribs.org/Email#How_do_I_disable_SMTP_relay_for_unauthenticated_LAN_clients, it sounds like authentication and encryption are controlled by the same config setting--I can't require authentication without also requiring encryption. Do I understand that correctly?
I don't want my server to relay for unauthenticated remote clients. I don't really want it to relay for unauthenticated LAN clients either, but I guess it's OK if it does. But until I can get my client to accept my CA certificate, I can't require encryption on the LAN. What's the best way to do this? Is the only option to set RelayRequiresAuth to disabled?
2 Replies
2803 Views