J'ai dans l'idée d'ajouter à une infrastructure un serveur CENTOS 7 placé en DMZ permettant d'effectuer les choses suivantes:
Un utilisateur s'authentifie via login password en SMTP TLS via compte local du serveur
Il à alors le droit d'envoyer des mails à mon serveur exchange interne OU A DES DOMAINES EXTERNE
Je n'arrive pas à faire cela :s
J'ai bien du SMTP TLS
L'authentification fonctionne ... pas car je mets n'importe quoi cela fonction ...
Je peux envoyer des mails qu'en interne, lorsque j'essai en externe ... il me fait RELAY ACCESS DENIED
Voici ma conf main.conf
Code : Tout sélectionner
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = relai.mondomaine.fr
mydomain = localhost
myorigin = relai.mondomaine.fr
mydestination =
inet_interfaces = all
inet_protocols = all
mydestination = mondomaine.fr
local_recipient_maps =
local_transport = error:local mail delivery is disabled
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
unknown_local_recipient_reject_code = 550
mynetworks = 10.10.11.0/24, 192.168.0.0/24
relay_domains =
default_transport = smtp
relayhost =
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_tls_cert_file= /etc/ssl/certs/wildcard.pem
smtpd_tls_key_file= /etc/ssl/certs/wildcard.key
smtpd_use_tls= yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_recipient_limit = 100
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
smtpd_sasl_path = sasl/smtpd.conf
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
parent_domain_matches_subdomains =
show_user_unknown_table_name = no
#transfert au serveur de mail Exchange
transport_maps = hash:/etc/postfix/transport
Code : Tout sélectionner
#smtp inet n - n - - smtpd -v
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=neatem.fr
-o header_checks=
-o body_checks=
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
Mon code d'erreur
Code : Tout sélectionner
janv. 18 13:00:01 CENT7NTSMTP postfix/smtpd[1285]: connect from unknown[10.10.11.101]
janv. 18 13:00:01 CENT7NTSMTP postfix/smtpd[1285]: Anonymous TLS connection established from unknown[10.10.11.101]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 .../256 bits)
janv. 18 13:00:01 CENT7NTSMTP postfix/smtpd[1285]: NOQUEUE: reject: RCPT from unknown[10.10.11.101]: 554 5.7.1 <monadresseexterne@gmail.com>: Relay access denied; from...=<W10NT13>
janv. 18 13:00:03 CENT7NTSMTP postfix/smtpd[1285]: disconnect from unknown[10.10.11.101]
Bistoo