I'm trying to set up a simple SMTP relay on 14.04 LTS. I've found hundreds of tutorials with using postfix, dovecot, etc. and have had little success because most are explaining setting up mail servers, not a simple relay.
Here is my situation... I am setting up the SMTP Relay server in an Amazon VPC. I need the server to relay email messages from SQL and other machines that we don't want to give any external access to.
The SMTP Relay will relay emails from these VPC servers to Amazon's SES service.
I have it working to send emails from a server within the VPC to my relay server on port 587 using postfix (with no user authentication) and it sends it to SES.
What I can't figure out is how do I create a user that is used by the servers sending emails to authenticate with?
Any time I remove the "permit_mynetwoks" value from "smtpd_relay_restrictions" then I get an error message with "Relay Access Denied". I understand that my user authentication is not working correctly (or at all), I just haven't found a place that actually explains how it's done.
Here is what I currently have in my /etc/postfix/main.cf file:
This is what's in my /ect/postfix/master.cf (or at least what I think is relevant). This enabled port 587, I commented out the "smtp inet n - - - - smtpd" entry:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = ip-10-0-25-99.ec2.internal
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = MYSITE.com
#the 10.0.0.0/16 below is what allows the permit_mynetworks to work in the relay_restrictions
mynetworks = 10.0.0.0/16 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
mydestination = ip-10-0-25-99.ec2.internal, localhost.ec2.internal, localhost
relayhost = email-smtp.us-east-1.amazonaws.com:587
submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
This is the message in /var/log/mail.log
This is from /var/log/auth.log
Aug 20 15:02:04 ip-10-0-25-99 postfix/smtpd: lost connection after RCPT from ip-10-0-150-99.ec2.internal[10.0.150.99]
Aug 20 15:02:04 ip-10-0-25-99 postfix/smtpd: disconnect from ip-10-0-150-99.ec2.internal[10.0.150.99]
Aug 20 15:02:07 ip-10-0-25-99 postfix/smtpd: connect from ip-10-0-150-99.ec2.internal[10.0.150.99]
Aug 20 15:02:07 ip-10-0-25-99 postfix/smtpd: NOQUEUE: reject: RCPT from ip-10-0-150-99.ec2.internal[10.0.150.99]: 554 5.7.1 <USER@COMPANY.com>: Relay access denied; from=<do-not-reply@COMPANY.com> to=<USER@COMPANY.com> proto=ESMTP helo=<SENDING-SERVER>
Any help would be appreciated. I'm guessing that it's an issue with the authorization but I just can't find enough information to point me in the right direction. Or if there's a simplier way to accomplish this I'm open to anything.
Aug 20 19:38:22 ip-10-0-25-99 saslauthd: PAM unable to dlopen(pam_mysql.so): /lib/security/pam_mysql.so: cannot open shared object file: No such file or directory
Aug 20 19:38:22 ip-10-0-25-99 saslauthd: PAM adding faulty module: pam_mysql.so
Aug 20 19:38:22 ip-10-0-25-99 saslauthd: DEBUG: auth_pam: pam_authenticate failed: Module is unknown
Aug 20 19:38:22 ip-10-0-25-99 saslauthd: do_auth : auth failure: [user=**USER_FROM_SENDING_SERVER**] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]