# Postfix SMTP not working from outside



## Gabo (Feb 6, 2015)

Hi, after two days looking for information finally I've decided to post here for help.   SMTP from localhost works fine. But when I connect with my email client from internet SMTP doesn't work.
Windows live mail says : 554 5.7.1 Relay Access Denied.
Note: I can retrieve emails from my MUA (Windows Live Mail) normally.
`ping mx.example.com.ar` resolves fine to the fixed IP of my server.  My server configuration:
FreeBSD 10.1-RELEASE-p5  GENERIC kernel.
I´m using Postfix mail_version = 2.11.3, Dovecot 2.2.15.

Configuration files:
etc/rc.conf

```
sshd_enable="YES"
dumpdev="AUTO"
ntpd_enable="YES"
apache24_enable="YES"
mysql_enable="YES"
# Disable sendmail
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
# start postfix y dovecot at boot
postfix_enable="YES"
dovecot_enable="YES"
```
/etc/group

```
postfix:*:125:
vpostfix:*:1003:
```
/etc/mail/mailer.conf

```
sendmail<------>/usr/local/sbin/sendmail
send-mail<----->/usr/local/sbin/sendmail
mailq<-><------>/usr/local/sbin/sendmail
newaliases<---->/usr/local/sbin/sendmail
```
Postfix configuration:
/usr/local/etc/postfix/main.cf

```
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = mail.example.com.ar
mydomain = example.com.ar
myorigin = $mydomain
inet_interfaces = all
mynetworks_style = host
home_mailbox = Maildir/
# Virtual domain config
virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_uid_maps = static:1003
virtual_gid_maps = static:1003
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
# TLS
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/local/etc/postfix/myserver.key
smtpd_tls_cert_file = /usr/local/etc/postfix/server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# SASL
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, rej
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_
```
/usr/local/etc/postfix/master.cf

```
# Postfix master process configuration file.  For details on the format
smtp  inet  n  -  n  -  -  smtpd
submission inet n  -  n  -  -  smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
```
/usr/local/etc/postfix/vmailbox

```
...
joe@example.com.ar  example.com.ar/joe/
...
```
/usr/local/etc/postfix/virtual_domains

```
...
example.com.ar
...
```
Dovecot configuration files
/usr/local/etc/dovecot/dovecot.conf

```
## Dovecot configuration file
!include conf.d/*.conf
!include_try local.conf
```
/usr/local/etc/dovecot/conf.d/10-auth.conf

```
disable_plaintext_auth = yes
auth_mechanisms = plain
!include auth-passwdfile.conf.ext
```
/usr/local/etc/dovecot/conf.d/auth-passwdfile.conf.ext

```
passdb {
  driver = passwd-file
  args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users
}
userdb {
  driver = passwd-file
  args = username_format=%u /usr/local/etc/dovecot/users
}
```
/usr/local/etc/dovecot/users

```
....
joe@example.com.ar:{SHA512-CRYPT}$6$tFQ---CUT---OV::::
....
```
/usr/local/etc/dovecot/conf.d/10-ssl.conf

```
ssl = yes
ssl_cert = </usr/local/etc/postfix/server.crt
ssl_key = </usr/local/etc/postfix/myserver.key
ssl_verify_client_cert = no
```
/usr/local/etc/dovecot/conf.d/10-master.conf

```
unix_listener auth-userdb {
  mode = 0600
  user = postfix
  group = postfix
  }
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
  mode = 0666
  user = postfix
  group = postfix
  }
```
/usr/local/etc/dovecot/conf.d/10-mail.conf

```
mail_location = maildir:~
mail_uid = 1003
mail_gid = 1003
mail_home = /var/mail/vhosts/%d/%n
mail_privileged_group = vpostfix
namespace inbox {
      inbox = yes
}
```
/usr/local/etc/dovecot/conf.d/10-mail.conf

```
mail_location = maildir:~
mail_uid = 1003
mail_gid = 1003
mail_home = /var/mail/vhosts/%d/%n
mail_privileged_group = vpostfix
namespace inbox {
      inbox = yes
}
```
I've enabled a lots of logging options in/usr/local/etc/dovecot/conf.d/10-logging.conf to see what is happening behind....
/usr/local/etc/dovecot/conf.d/10-mail.conf

```
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
verbose_ssl = yes
```
Well, here is the results of some test that I've made:
`doveadm auth test -a /var/spool/postfix/private/auth joe@example.com.ar joe's_passwd`
And the answer was:

```
passdb: joe@example.com.ar auth succeeded
extra fields:
  user=joe@example.com.ar
```
`openssl s_client -starttls smtp -connect localhost:587`

```
CONNECTED(00000003)
depth=0 C = AR, ST = BA, L = Some Place , O = Example, CN = localhost, emailAddress = someguy@example.com.ar
verify error:num=18:self signed certificate
verify return:1
---
Certificate chain
0 s:/C=AR/ST=BA/L=Some Place/O=Example/CN=localhost/emailAddress=someguy@example.com.ar
---
Server certificate
-----BEGIN CERTIFICATE-----
garbage here
-----END CERTIFICATE-----
No client certificate CA names sent
---
SSL handshake has read 1357 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
  Protocol  : TLSv1.2
  Cipher  : ECDHE-RSA-AES256-GCM-SHA384
  Session-ID: BB11655......FFE
  Session-ID-ctx:
  Master-Key: 5646......654E
  Key-Arg  : None
  PSK identity: None
  PSK identity hint: None
  SRP username: None
  TLS session ticket lifetime hint: 7200 (seconds)
  TLS session ticket:
  more garbage here...
  Start Time: 1423261644
  Timeout  : 300 (sec)
  Verify return code: 18 (self signed certificate)
---
250 DSN
```
It´s true, I´m using a self signed certiticate..... is that a sin?, well I don´t think so...
`[B]ehlo world.com[/B]`

```
250-mail.example.com.ar
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
```
`mail from: joe@example.com.ar`

```
250 2.1.0 Ok
```
Another test:
`telnet localhost 25`

```
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com.ar ESMTP Postfix
ehlo kl
250-mail.example.com.ar
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: joe@example.com.ar
250 2.1.0 Ok
rcpt to: someguy@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 674B6EB309
```
It´s works, the email was sent ok. It´s obvious, localhost is trusted.
Now let me show you the logs when I try to send an email from outside using Windows Live Mail.
/var/log/maillog

```
Feb  6 20:14:29 v0523 postfix/submission/smtpd[1024]: connect from unknown[200.xx.xxx.169]
Feb  6 20:14:30 v0523 postfix/submission/smtpd[1024]: Anonymous TLS connection established from unknown[200.50.247.169]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb  6 20:14:33 v0523 postfix/submission/smtpd[1024]: NOQUEUE: reject: RCPT from unknown[200.xx.xxx.169]: 554 5.7.1 <someguy@gmail.com>: Relay access denied; from=<joe@example.com.ar> to=<someguy@gmail.com> proto=ESMTP helo=<I5>
Feb  6 20:14:33 v0523 postfix/submission/smtpd[1024]: disconnect from unknown[200.xx.xxx.169]
```
and:  /var/log/dovecot

```
Feb 06 20:14:30 auth: Debug: auth client connected (pid=0)
Feb 06 20:14:33 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Feb 06 20:14:33 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Feb 06 20:14:33 auth: Debug: auth client connected (pid=1028)
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [200.xx.xxx.169]
Feb 06 20:14:33 pop3-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [200.xx.xxx.169]
Feb 06 20:14:34 pop3-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [200.xx.xxx.169]
Feb 06 20:14:34 auth: Debug: client in: AUTH<-->1<----->PLAIN<->service=pop3<-->secured>session=<------>lip=131.XXX.x.43<------>rip=200.xx.xxx.169<---->lport=995<----->rport=49230<>
Feb 06 20:14:34 auth: Debug: passwd-file(joe@example.com.ar,200.xx.xxx.169,<sfsggsghhtt>): lookup: user=joe@example.com.ar file=/usr/local/etc/dovecot/users
Feb 06 20:14:34 auth: Debug: client passdb out: OK<---->1<----->user=joe@example.com.ar
Feb 06 20:14:34 auth: Debug: master in: REQUEST>1098252289<---->1028<-->1<-----><------>session_pid=1029
Feb 06 20:14:34 auth: Debug: passwd-file(joe@example.com.ar,200.xx.xxx.169,<dwBwlXMOTgDIMvep>): lookup: user=joe@example.com.ar file=/usr/local/etc/dovecot/users
Feb 06 20:14:34 auth: Debug: master userdb out: USER<-->1098252289<---->joe@example.com.ar<---->
Feb 06 20:14:34 pop3-login: Info: Login: user=<joe@example.com.ar>, method=PLAIN, rip=200.xx.xxx.169, lip=131.255.4.43, mpid=1029, TLS, session=<>
Feb 06 20:14:34 pop3: Debug: Added userdb setting: plugin/=yes
Feb 06 20:14:34 pop3(joe@example.com.ar): Debug: Effective uid=1003, gid=1003, home=/var/mail/vhosts/example.com.ar/joe
Feb 06 20:14:34 pop3(joe@example.com.ar): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~
Feb 06 20:14:34 pop3(joe@example.com.ar): Debug: maildir++: root=/var/mail/vhosts/example.com.ar/joe, index=, indexpvt=, control=, inbox=/var/mail/vhosts/example.com.ar/joe, alt=
Feb 06 20:14:35 pop3(joe@example.com.ar): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/9, size=16220
Feb 06 20:14:35 pop3-login: Debug: SSL alert: close notify [200.xx.xxx.169]
```
At the moment I have nothing more to add , except that I'm lost and I have no clue!!.
*Anyway, took 15 years married to FreeBSD and I will not divorce me , I assure you .*
*I love it!*
*Thanks in advance for reading/answer.*


----------



## gkontos (Feb 7, 2015)

Can you try adding the following in /usr/local/etc/postfix/main.cf


```
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
```


----------



## Gabo (Feb 7, 2015)

gkontos said:


> Can you try adding the following in /usr/local/etc/postfix/main.cf
> 
> 
> ```
> ...



I´ve added that line in /usr/local/etc/postfix/main.cf

then run
`service postfix restart`
`service dovecot restart`

check again in Windows Live mail.
and everything seems to stay the same.....

the logs:

```
Feb  7 10:02:30 v0523 postfix/submission/smtpd[3090]: connect from unknown[200.xx.xxx.169]
Feb  7 10:02:30 v0523 postfix/submission/smtpd[3090]: Anonymous TLS connection established from unknown[200.xx.xxx.169]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb  7 10:02:31 v0523 postfix/submission/smtpd[3090]: NOQUEUE: reject: RCPT from unknown[200.xx.xxx.169]: 554 5.7.1 <someguy@gmail.com>: Relay access denied; from=<joe@example.com.ar> to=<someguy@gmail.com>  proto=ESMTP helo=<I5
Feb  7 10:02:31 v0523 postfix/submission/smtpd[3090]: disconnect from unknown[200.xx.xxx.169]
Feb  7 10:05:51 v0523 postfix/anvil[3092]: statistics: max connection rate 1/60s for (submission:200.xx.xxx.169) at Feb  7 10:02:30
Feb  7 10:05:51 v0523 postfix/anvil[3092]: statistics: max connection count 1 for (submission:200.xx.xxx.169) at Feb  7 10:02:30
Feb  7 10:05:51 v0523 postfix/anvil[3092]: statistics: max cache size 1 at Feb  7 10:02:30
```


/var/log/dovecot.log

```
Feb 07 10:02:30 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Feb 07 10:02:30 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Feb 07 10:02:30 auth: Debug: passwd-file /usr/local/etc/dovecot/users: Read 2 users in 0 secs
Feb 07 10:02:30 auth: Debug: auth client connected (pid=0)
Feb 07 10:02:31 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Feb 07 10:02:31 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Feb 07 10:02:31 auth: Debug: auth client connected (pid=3096)
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [200.xx.xxx.169]
Feb 07 10:02:31 pop3-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [200.xx.xxx.169]
Feb 07 10:02:32 auth: Debug: client in: AUTH<-->1<----->PLAIN<->service=pop3<-->secured>session=jvp1Jn8OIADIMvep<------>lip=131.xxx.xx.43<----->rip=200.xx.xxx.169<---->lport=995<----->rport=62240<>
Feb 07 10:02:32 auth: Debug: passwd-file(joe@example.com.ar,200.xx.xxx.169,<jvp1Jn8OIADIMvep>): lookup: user=joe@example.com.ar file=/usr/local/etc/dovecot/users
Feb 07 10:02:32 auth: Debug: client passdb out: OK<---->1<----->user=joe@example.com.ar
Feb 07 10:02:32 auth: Debug: master in: REQUEST>2806644737<---->3096<-->1<----->fcfa30ed0d0c7ca832d3002544eb2750<------>session_pid=3098
Feb 07 10:02:32 auth: Debug: passwd-file(joe@example.com.ar,200.xx.xxx.169,<jvp1Jn8OIADIMvep>): lookup: user=joe@example.com.ar file=/usr/local/etc/dovecot/users
Feb 07 10:02:32 auth: Debug: master userdb out: USER<-->2806644737<---->joe@example.com.ar<---->
Feb 07 10:02:32 pop3-login: Info: Login: user=<joe@example.com.ar>, method=PLAIN, rip=200.xx.xxx.169, lip=131.xxx.xxx.43, mpid=3098, TLS, session=<jvp1Jn8OIADIMvep>
Feb 07 10:02:32 pop3: Debug: Added userdb setting: plugin/=yes
Feb 07 10:02:32 pop3(joe@example.com.ar): Debug: Effective uid=1003, gid=1003, home=/var/mail/vhosts/example.com.ar/joe
Feb 07 10:02:32 pop3(joe@example.com.ar): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~
Feb 07 10:02:32 pop3(joe@example.com.ar): Debug: maildir++: root=/var/mail/vhosts/example.com.ar/joe, index=, indexpvt=, control=, inbox=/var/mail/vhosts/example.com.ar/joe, alt=
Feb 07 10:02:33 pop3(joe@example.com.ar): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1889
Feb 07 10:02:33 pop3-login: Debug: SSL alert: close notify [200.xx.xxx.169]
```


----------



## gkontos (Feb 7, 2015)

This is my configuration, working with mysql as backend but that should not make much of a difference:

main.cf


```
# SASL CONFIG
#
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_unknown_reverse_client_hostname,
  reject_rbl_client zen.spamhaus.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
  check_sender_access hash:/usr/local/etc/postfix/sender_access
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# TLS CONFIG
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
```

master.cf


```
smtp      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
```

That's the logs when I am sending an email from my OSX Mail:


```
Feb  7 13:49:22 sigma postfix/smtpd[53691]: connect from ppp005055060070.access.hol.gr[5.55.60.70]
Feb  7 13:49:25 sigma postfix/smtpd[53691]: 2B5EA4561B: client=ppp005055060070.access.hol.gr[5.55.60.70], sasl_method=PLAIN, sasl_username=******@********
Feb  7 13:49:25 sigma postfix/cleanup[53695]: 2B5EA4561B: message-id=<AD39037B-7845-4407-AAB2-99F9B191407F@******.**>
Feb  7 13:51:44 sigma postfix/qmgr[77438]: 2B5EA4561B: from=<******@********.**>, size=11790406, nrcpt=1 (queue active)
Feb  7 13:51:53 sigma postfix/smtp[53702]: 2B5EA4561B: to=<danae@*****.**>, relay=gofigure.gr[72.52.232.144]:25, delay=149, delays=140/0.01/1.6/7.1, dsn=2.0.0, status=sent (250 OK id=1YK3vQ-0006Cn-7H)
Feb  7 13:51:53 sigma postfix/qmgr[77438]: 2B5EA4561B: removed
```


----------



## gkontos (Feb 7, 2015)

Also, in your Dovecot log I only see pop3 authentication. Are you using pop before smtp by any chance?


----------

