Reindl Harald h.reindl@thelounge.net wrote:
Am 25.12.2013 18:26, schrieb Andreas Meyer:> Reindl Harald h.reindl@thelounge.net wrote:
Am 25.12.2013 15:29, schrieb Andreas Meyer:
If I define $rcmail_config['smtp_server'] = '78.47.3.18'; instead of $rcmail_config['smtp_server'] = ''; the users get a Relay access denied.
Whereby Roundcube takes the first IP of the subnet 78.47.3.17 and I assume, this is the reason for the denied access.
youndcube does take nothing 78.47.3.17 is the IP from which roundcube connects to the mailserver
why? 78.47.3.17 is not known by any mailservice at the host. Just because it is not blocked at the firewall?
# netstat -pantu |grep master
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.18:587 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.19:587 0.0.0.0:* LISTEN 2246/master
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 2246/master
tcp 0 0 213.239.207.165:587 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.18:465 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.19:465 0.0.0.0:* LISTEN 2246/master
tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN 2246/master
tcp 0 0 213.239.207.165:465 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.22:25 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.21:25 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.18:25 0.0.0.0:* LISTEN 2246/master
tcp 0 0 78.47.3.19:25 0.0.0.0:* LISTEN 2246/master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2246/master
tcp 0 0 213.239.207.165:25 0.0.0.0:* LISTEN 2246/master
The Relay access denied only happens when I set $rcmail_config['smtp_server'] = '78.47.3.18';
This is necessary so that Roundcube connects to the smtpd running in the same host instead of connecting directly to the pickup of postfix. The reason is the smtpd_restriction_classes restriction of postfix to work.
*SMTP authentication*
nobody should ever send any single message to be relayed without user/password why? because you have no clue which clients account was hacked in case of spam and you can do *nothing* to stop it without kill the whole service
// SMTP server host (for sending mails) $rcmail_config['smtp_server'] = 'tls://your-mailserver';
$rcmail_config['smtp_server'] = '78.47.3.18';
// SMTP port (default is 25; 465 for SSL) $rcmail_config['smtp_port'] = 587;
the clients submit on port 25. Why do I get a Relay access denied? The clients are authenticated per login with username and password and are allowed to relay per SASL. It works as soon Roundube connetcs with $rcmail_config['smtp_server'] = '';
// SMTP username (if required) if you use %u as the username Roundcube will use the current username for login $rcmail_config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube will use the current user's password for login $rcmail_config['smtp_pass'] = '%p';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use best server supported one) $rcmail_config['smtp_auth_type'] = 'PLAIN';
Dec 25 15:14:47 delta anup/smtpd[32664]: connect from sites.anup.de[78.47.3.17] Dec 25 15:14:47 delta anup/smtpd[32664]: NOQUEUE: reject: RCPT from sites.anup.de[78.47.3.17]: 554 5.7.1
anmeyer@gmx.net: Relay access denied; from=anmeyer@anup.de to=<anmeyer@gmx.net
Dec 25 15:14:47 delta anup/smtpd[32664]: disconnect from sites.anup.de[78.47.3.17]
How do I prevent this?
whitelist the roundcube IP on the mailserver or configure SMTP authentication properly roundcube is a mail-client like any other (Outlook, Thunderbird..) so handle it the same way
Connections of other MUAs are no problem.
hopefully not with authentication
Everybody who wants to relay has to authenticate. I thought whith Roundcube this is done as soon someone can login. In every MUA I can specify what outgoing SMTP-Server and incoming IMAP-Server to use. Where can this be done in Roundube?
How do I tell Roundcube to connect to the MTA with 78.47.3.18 instead of 78.47.3.17, which is no IP known to the MTA or known in virtual_mailbox_domains?
please learn about networking - the outgoing IP is nothing you tell roundcube it is your TCP stack!
You tell me if I specify $rcmail_config['smtp_server'] = '78.47.3.18'; users are not allowed to send, but they are authenticated. Why does the problem not occure if I set $rcmail_config['smtp_server'] = ''; ?
78.47.3.18 is known to the mailserver as a virtual_mailbox_domains
I do not understand what is happening.
Andreas