Share

Question

Hi, i've a problem with postfix sending mail between virtual domains in droplets.
I've 2 droplets with several domains in each droplet with virtualmin:
dropletA.domain.com -> domainA1.com
-> domainA2.com

dropletB.domain.com -> domainB1.com
-> domainB2.com

when i try to send mails between my domains there's a problem... perhaps postfix try to send locally?¿:
Sending from domainA1 to domainB1:
SASL authentication failed; server <dropletB.domain.com> said: 535 5.7.8 Error: authentication failed: authentication failure

If I send to any external domain (gmail, hotmail, ...) no problem.

Thanks!

Answer 1

JustSomeTech September 17, 2015

Hello,
First of all we can't help you out easily when you don't provide any information about your server. Once you ask a question, we need to know where we are dealing with to help you out. So what kind of server are you running, what configurations are you using? Atleast post the main.cf. Did you check your logs for any more information?

Reply

jpbarroso September 18, 2015

Hi!, sorry, the server is ubuntu, the default config. of virtualmin.
main.cf is:
See /usr/share/postfix/main.cf.dist for a commented, more complete version Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname
smtpdbanner = $myhostname ESMTP $mailname (Ubuntu)
biff = no
appending .domain is the MUA's job.
appenddotmydomain = no
Uncomment the next line to generate "delayed mail" warnings delaywarningtime = 4h
readme_directory = no
TLS parameters
smtpdtlscertfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpdtlskeyfile=/etc/ssl/private/ssl-cert-snakeoil.key
smtpdusetls=yes
smtpdtlssessioncachedatabase = btree:${datadirectory}/smtpdscache
smtptlssessioncachedatabase = btree:${datadirectory}/smtpscache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client.
myhostname = xxxx
aliasmaps = hash:/etc/aliases
aliasdatabase = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailboxcommand = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailboxsizelimit = 0
recipientdelimiter = +
virtualaliasmaps = hash:/etc/postfix/virtual
senderbccmaps = hash:/etc/postfix/bcc
homemailbox = Maildir/
smtpdsaslauthenable = yes
smtpdsaslsecurityoptions = noanonymous
brokensaslauthclients = yes
smtpdrecipientrestrictions = permitmynetworks permitsaslauthenticated rejectunauthdestination checkpolicyservice inet:127.0.0.1:10023
allowpercenthack = no
milterdefaultaction = accept
milterprotocol = 2
smtpdmilters = inet:localhost:8891
nonsmtpdmilters = inet:localhost:8891
maximalqueuelifetime = 2d
transportmaps = hash:/etc/postfix/transport
smtpsaslauthenable = yes
smtpsaslpasswordmaps = static:user:pass
smtpsaslsecurity_options = noanonymous

And the logs:
When i send a mail to any external domain: (gmail, hotmail) OK:
Sep 9 20:58:49 prod postfix/smtp[22713]: 83F7B807A8: to=xxx@gmail.com, orig_to=<yyyyy>, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=13, delays=12/0.01/0.67/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK 1441825128 n6si2883743wjq.53 - gsmtp)

But if i send a mail to a domain of dropletb... ¿it looks like tries to login to the server?
Sep 17 11:41:15 prod postfix/smtp[20550]: E5D908087C: to=xxxx@domaindropletb, relay=dropletb.domain.com[x.x.x.x]:25, delay=2.1, delays=0.05/0.02/2.1/0, dsn=4.7.8, status=deferred (SASL authentication failed; server dropletb.domain.com[x.x.x.x]: said: 535 5.7.8 Error: authentication failed: authentication failure)
probably is because my droplet's name share the same domain?
droplet1: hostname (dropletA.domain.com)
droplet2:hostname (dropletB.domain.com)

thanks!
- JustSomeTech September 20, 2015
  
  What do you have inside your SASL smtpd.conf ?
  Please post it in a code block. Its easier to read then
  
  jpbarroso September 20, 2015
  
  just:
  
  pwcheck_method: saslauthd mech_list: plain login
  
  jpbarroso September 20, 2015
  
  in both droplets (dropletA.domain.com, dropletB.domain.com) the problem is.... why is trying authenticate in mail server of dropletb? I've a problem with smtpd concepts... if send to gmail, hotmail no problem, send to domain of dropletb tries authenticate? How can I say that mails send to a certain domain must not be treated as local/trying to authenticate?
  
  thanksss!

Answer 2

jpbarroso September 18, 2015

Hi!, sorry, the server is ubuntu, the default config. of virtualmin.
main.cf is:
See /usr/share/postfix/main.cf.dist for a commented, more complete version Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname
smtpdbanner = $myhostname ESMTP $mailname (Ubuntu)
biff = no
appending .domain is the MUA's job.
appenddotmydomain = no
Uncomment the next line to generate "delayed mail" warnings delaywarningtime = 4h
readme_directory = no
TLS parameters
smtpdtlscertfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpdtlskeyfile=/etc/ssl/private/ssl-cert-snakeoil.key
smtpdusetls=yes
smtpdtlssessioncachedatabase = btree:${datadirectory}/smtpdscache
smtptlssessioncachedatabase = btree:${datadirectory}/smtpscache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client.
myhostname = xxxx
aliasmaps = hash:/etc/aliases
aliasdatabase = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailboxcommand = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailboxsizelimit = 0
recipientdelimiter = +
virtualaliasmaps = hash:/etc/postfix/virtual
senderbccmaps = hash:/etc/postfix/bcc
homemailbox = Maildir/
smtpdsaslauthenable = yes
smtpdsaslsecurityoptions = noanonymous
brokensaslauthclients = yes
smtpdrecipientrestrictions = permitmynetworks permitsaslauthenticated rejectunauthdestination checkpolicyservice inet:127.0.0.1:10023
allowpercenthack = no
milterdefaultaction = accept
milterprotocol = 2
smtpdmilters = inet:localhost:8891
nonsmtpdmilters = inet:localhost:8891
maximalqueuelifetime = 2d
transportmaps = hash:/etc/postfix/transport
smtpsaslauthenable = yes
smtpsaslpasswordmaps = static:user:pass
smtpsaslsecurity_options = noanonymous

And the logs:
When i send a mail to any external domain: (gmail, hotmail) OK:
Sep 9 20:58:49 prod postfix/smtp[22713]: 83F7B807A8: to=xxx@gmail.com, orig_to=<yyyyy>, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=13, delays=12/0.01/0.67/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK 1441825128 n6si2883743wjq.53 - gsmtp)

But if i send a mail to a domain of dropletb... ¿it looks like tries to login to the server?
Sep 17 11:41:15 prod postfix/smtp[20550]: E5D908087C: to=xxxx@domaindropletb, relay=dropletb.domain.com[x.x.x.x]:25, delay=2.1, delays=0.05/0.02/2.1/0, dsn=4.7.8, status=deferred (SASL authentication failed; server dropletb.domain.com[x.x.x.x]: said: 535 5.7.8 Error: authentication failed: authentication failure)
probably is because my droplet's name share the same domain?
droplet1: hostname (dropletA.domain.com)
droplet2:hostname (dropletB.domain.com)

thanks!
- JustSomeTech September 20, 2015
  
  What do you have inside your SASL smtpd.conf ?
  Please post it in a code block. Its easier to read then
  
  jpbarroso September 20, 2015
  
  just:
  
  pwcheck_method: saslauthd mech_list: plain login
  
  jpbarroso September 20, 2015
  
  in both droplets (dropletA.domain.com, dropletB.domain.com) the problem is.... why is trying authenticate in mail server of dropletb? I've a problem with smtpd concepts... if send to gmail, hotmail no problem, send to domain of dropletb tries authenticate? How can I say that mails send to a certain domain must not be treated as local/trying to authenticate?
  
  thanksss!

postfix headaches - send mails between different droplets, same hostname.

Leave a Comment

Share

Share your Question

postfix headaches - send mails between different droplets, same hostname.

Leave a Comment

Related Questions

Almost there!