jpbarroso
By:
jpbarroso

postfix headaches - send mails between different droplets, same hostname.

September 17, 2015 1.6k views
Email Ubuntu

Hi, i've a problem with postfix sending mail between virtual domains in droplets.
I've 2 droplets with several domains in each droplet with virtualmin:
dropletA.domain.com -> domainA1.com
-> domainA2.com

dropletB.domain.com -> domainB1.com
-> domainB2.com

when i try to send mails between my domains there's a problem... perhaps postfix try to send locally?¿:
Sending from domainA1 to domainB1:
SASL authentication failed; server <dropletB.domain.com> said: 535 5.7.8 Error: authentication failed: authentication failure

If I send to any external domain (gmail, hotmail, ...) no problem.

Thanks!

1 Answer

Hello,
First of all we can't help you out easily when you don't provide any information about your server. Once you ask a question, we need to know where we are dealing with to help you out. So what kind of server are you running, what configurations are you using? Atleast post the main.cf. Did you check your logs for any more information?

  • Hi!, sorry, the server is ubuntu, the default config. of virtualmin.
    main.cf is:

    See /usr/share/postfix/main.cf.dist for a commented, more complete version Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname

    smtpdbanner = $myhostname ESMTP $mailname (Ubuntu)
    biff = no

    appending .domain is the MUA's job.

    appenddotmydomain = no

    Uncomment the next line to generate "delayed mail" warnings delaywarningtime = 4h

    readme_directory = no

    TLS parameters

    smtpdtlscertfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd
    tlskeyfile=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpdusetls=yes
    smtpdtlssessioncachedatabase = btree:${datadirectory}/smtpdscache
    smtptlssessioncachedatabase = btree:${datadirectory}/smtpscache

    See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client.

    myhostname = xxxx
    aliasmaps = hash:/etc/aliases
    alias
    database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination =
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailboxcommand = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
    mailbox
    sizelimit = 0
    recipient
    delimiter = +
    virtualaliasmaps = hash:/etc/postfix/virtual
    senderbccmaps = hash:/etc/postfix/bcc
    homemailbox = Maildir/
    smtpd
    saslauthenable = yes
    smtpdsaslsecurityoptions = noanonymous
    broken
    saslauthclients = yes
    smtpdrecipientrestrictions = permitmynetworks permitsaslauthenticated rejectunauthdestination checkpolicyservice inet:127.0.0.1:10023
    allow
    percenthack = no
    milter
    defaultaction = accept
    milter
    protocol = 2
    smtpdmilters = inet:localhost:8891
    non
    smtpdmilters = inet:localhost:8891
    maximal
    queuelifetime = 2d
    transport
    maps = hash:/etc/postfix/transport
    smtpsaslauthenable = yes
    smtp
    saslpasswordmaps = static:user:pass
    smtpsaslsecurity_options = noanonymous

    And the logs:
    When i send a mail to any external domain: (gmail, hotmail) OK:
    Sep 9 20:58:49 prod postfix/smtp[22713]: 83F7B807A8: to=xxx@gmail.com, orig_to=<yyyyy>, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=13, delays=12/0.01/0.67/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK 1441825128 n6si2883743wjq.53 - gsmtp)

    But if i send a mail to a domain of dropletb... ¿it looks like tries to login to the server?
    Sep 17 11:41:15 prod postfix/smtp[20550]: E5D908087C: to=xxxx@domaindropletb, relay=dropletb.domain.com[x.x.x.x]:25, delay=2.1, delays=0.05/0.02/2.1/0, dsn=4.7.8, status=deferred (SASL authentication failed; server dropletb.domain.com[x.x.x.x]: said: 535 5.7.8 Error: authentication failed: authentication failure)
    probably is because my droplet's name share the same domain?
    droplet1: hostname (dropletA.domain.com)
    droplet2:hostname (dropletB.domain.com)

    thanks!

    • What do you have inside your SASL smtpd.conf ?
      Please post it in a code block. Its easier to read then

      • just:

        pwcheck_method: saslauthd
        mech_list: plain login
        
        • in both droplets (dropletA.domain.com, dropletB.domain.com) the problem is.... why is trying authenticate in mail server of dropletb? I've a problem with smtpd concepts... if send to gmail, hotmail no problem, send to domain of dropletb tries authenticate? How can I say that mails send to a certain domain must not be treated as local/trying to authenticate?

          thanksss!

Have another answer? Share your knowledge.