Topic: Strange Behavior with SMTP Authentication
I have a user who is no longer able to relay mail via my iRedMail server. It was working several days ago but his ability to do so has stopped.
The strange thing is, the user can successfully log in to Roundcube. His first error message was "Client host rejected: Access denied." Then he got, "Relay access denied." Now he repeatedly gets "Client host rejected: Access denied."
I tested the user name and password by telnetting to port 587 and using AUTH PLAN <encrypted username and password> but got a response of "Authentication failed" in the telnet session but I didn't see any indication of this failure in /var/log/mail.info. However, I could immediately go to Roundcube and login successfully. Any ideas on what could cause this behavior?
The user has another e-mail account set up and when I tested that username and password via telnet, the authentication was successful. I could then use that user name and password to successfully relay mail from my test Postfix server through my production iRedMail server. However, the user still could not successfully relay mail from his Exchange server through the production iRedMail server using the exact same user name and password to authenticate. The mail.info log does not even show any SASL PLAIN authentication failures when he tries to relay mail but he gets the "Client host rejected: Access denied" message. It's as if something else is denying his connection before he even gets the chance to authenticate.
These are the options I have enabled for smtpd_recipient_restrictions:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domains, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unauth_destination, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
I've even checked the policyd blacklist tables and I don't see his ip address in any of them.
I hope someone can help me resolve this issue because I'm perplexed.