Sending email with postfix, relay host, SASL problem

Discussion in 'Server Operation' started by totte_karlsson, Aug 26, 2009.

  1. totte_karlsson

    totte_karlsson New Member

    Sending email with postfix, relay host, STARTTLS problem?

    Hi, I have setup a (ISP config) server following the steps in http://howtoforge.org/perfect-server-ubuntu-9.04-ispconfig-3

    I want to send email using my isp providers smtp server (smtp.live.com).

    I have edited /etc/postfix/main.cf and added/changed
    relayhost = smtp.live.com
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    When trying to send email I get this in mail.log

    Aug 25 16:56:15 isp1 postfix/smtp[10711]: B3423E220A: to=<[email protected]>, relay=smtp.live.com[65.55.172.254]:25, delay=0.67, delays=0.03/0.09/0.44/0.12, dsn=5.7.0, status=bounced (host smtp.live.com[65.55.172.254] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
    Aug 25 16:56:15 isp1 postfix/cleanup[10690]: 8ACA7E2220: message-id=<[email protected]>

    Anyone knowing the steps to get this working with the ISPConfig 3 setup?

    Thanks,
    totte
     
    Last edited: Aug 26, 2009
  2. falko

    falko Super Moderator ISPConfig Developer

    Can you run
    Code:
    telnet localhost 25
    and then type
    Code:
    ehlo localhost
    ?
    What's the output?
     
  3. totte_karlsson

    totte_karlsson New Member

    Here is the output;
    Code:
    tk@isp1:~$ telnet localhost 25
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 isp1.monkisoft.com ESMTP Postfix (Ubuntu)
    ehlo localhost
    250-isp1.monkisoft.com
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    I guess the PLAIN LOGIN is a problem?
    Here is my main.cf:
    Code:
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = isp1.monkisoft.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = isp1.monkisoft.com, localhost, localhost.localdomain
    relayhost = [smtp.live.com]
    mynetworks = 127.0.0.0/8 [::1]/128 10.11.1.127
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canon
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    smtpd_tls_auth_only = no
    
     
    Last edited: Aug 26, 2009
  4. falko

    falko Super Moderator ISPConfig Developer

    Looks ok to me... :confused:
     
  5. totte_karlsson

    totte_karlsson New Member

    I got it working!

    Here is what I changed. In the main.cf, shown above,
    changed/added the following lines

    #changed from no to yes (may not matter for sending mail?)
    smtpd_tls_auth_only = yes

    #Added this line
    smtp_tls_security_level = may

    I also found a problem in my sasl passwd file:

    [smtp.live.com] 'useraccountname:my password'


    However, I still have the following problems. If I send an email from a ssh shell, the email from address is
    'myloginname'@isp1.example.com.
    I can't figure out where isp1.example.com comes from. If I send email using squirrel mail from an account created with ispconfig(3), the email "from" domain is correct.

    Also, in the mail.log file, I get this "warning" for each mail that is relayed:
    Aug 27 10:30:58 isp1 postfix/smtp[26534]: certificate verification failed for smtp.live.com[65.55.172.254]:25: untrusted issuer /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
    Not sure how to get rid of that, not sure if I want since mail sending does work now.

    Anyone knows where to set example.com to my correct domain?

    Thanks,
    totte
     
    Last edited: Aug 27, 2009
  6. falko

    falko Super Moderator ISPConfig Developer

    You must always set the correct sender address in your email client (Outlook, Thunderbird, webmail, on the command line, etc.). What command did you use to send the email? Did you take a look at its man page to find out how to set the sender address?
     
  7. totte_karlsson

    totte_karlsson New Member

    Thanks Falko,
    There is no problem with Thunderbird or Outlook, they both send email fine. It is from a command prompt, on the actual hosting machine, using the mail command, i.e.

    tk@isp1:~$ echo "Hello" | mail -s"a subject" ToSomeEmailAddress

    The hostname is isp1.monkisoft.com and my username is tk. In the received mail on the other end, the from address is [email protected], not isp1.monkisoft.com.

    Any help is appreciated,
    totte
     
  8. falko

    falko Super Moderator ISPConfig Developer

    I guess you can set the sender with the -a switch. See
    Code:
    man mail
     
  9. totte_karlsson

    totte_karlsson New Member

    Thanks for suggestion, but I do suspect the the mail "from address" domain is taken from /etc/mailname which contains isp1.example.com at the moment.

    Can I just edit it with vi, or do I need to reconfigure something. Can I change it from within ISPConfig 3?

    Thanks,
    totte
     
  10. falko

    falko Super Moderator ISPConfig Developer

    If the sender address is the only issue you're having, I'd not change the name of the mailserver - you might get yourself into trouble.

    No.
     
  11. totte_karlsson

    totte_karlsson New Member

    Hi changeed the name isp1.example.com in the file /etc/mailname to isp1.monkisoft.com, which is the correct domain.

    Now, all outgoing emails have correct from address.

    Thanks,
    totte
     
  12. technocp

    technocp New Member

    Problem with from address

    See I have used gmail smtp i.e. smtp.gmail.com

    and then I used sasl_passwd file to store

    smtp.gmail.com username:password

    now in from address of all sent emails I get the username that is mentioned as above in sasl_passwd file

    I want to change it because if I don't change it all my three different users have same from address in all the emails sent.

    can any body please suggest any ideas on resolving this problem
     
  13. falko

    falko Super Moderator ISPConfig Developer

    Did you set the correct sender address in your email client?
     
  14. razor7

    razor7 New Member

    Well, this just got the thinbg working. Of course, after adding the relay data on ISPConfig server config area.

    Best regards!
     

Share This Page