[SOLVED]SMTP -> ERROR: RCPT not accepted from server: 530 5.7.0 Must issue a STARTTLS command first

Discussion in 'Installation/Configuration' started by webhunter, Jun 8, 2016.

  1. webhunter

    webhunter Member HowtoForge Supporter

    What's wrong? I am going crazy. Followed the https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/ tutorial but can't send receive any e-mails.

    postconf -n
    Code:
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    append_dot_mydomain = no
    biff = no
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    content_filter = amavis:[127.0.0.1]:10024
    dovecot_destination_recipient_limit = 1
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    inet_protocols = all
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    myhostname = server101.teltow-flaeming.it
    mynetworks = 127.0.0.0/8 [::1]/128
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    owner_request_special = no
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    readme_directory = /usr/share/doc/postfix
    receive_override_options = no_address_mappings
    recipient_delimiter = +
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    relayhost =
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_security_level = may
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    smtpd_client_message_rate_limit = 100
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_transport = dovecot
    virtual_uid_maps = static:5000
    
    Any ideas?

    Thnx
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    Sounds like you just need to enable TLS in your email client settings. ("server requires encryption" maybe, or something labeled SSL or TLS for the outgoing/smtp server)
     
  3. webhunter

    webhunter Member HowtoForge Supporter

    Hi Jesse,
    I am using Outlook 2016.
    I tried all available settings: SSL, TLS, automatic. No luck
    The client throws an error : "Can't connect to IMAP or SMTP server."
    Error 0x800CCOE
    :/
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. webhunter

    webhunter Member HowtoForge Supporter

    Hi Till, thanks for responding and your great tutorials!
    At first the output of the testscript:
    Code:
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.0.5.4p9
    ##### VERSION CHECK #####
    [INFO] php (cli) version is 5.6.20-0+deb8u1
    [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.20-0+deb8u1
    ##### PORT CHECK #####
    
    ##### MAIL SERVER CHECK #####
    [WARN] I found no "submission" entry in your postfix master.cf
    [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this.
    
    ##### RUNNING SERVER PROCESSES #####
    [INFO] I found the following web server(s):
            Apache 2 (PID 25243)
    [INFO] I found the following mail server(s):
            Postfix (PID 6960)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 25182)
    [INFO] I found the following imap server(s):
            Dovecot (PID 25182)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 25285)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [anywhere]:993          (25182/dovecot)
    [anywhere]:995          (25182/dovecot)
    [localhost]:10023               (21727/postgrey.pid)
    [localhost]:10024               (24106/amavisd-new)
    [localhost]:10025               (6960/master)
    [localhost]:11211               (31436/memcached)
    [anywhere]:110          (25182/dovecot)
    [anywhere]:143          (25182/dovecot)
    [anywhere]:111          (830/rpcbind)
    [anywhere]:465          (6960/master)
    ***.***.***.***:53              (25310/named)
    [localhost]:53          (25310/named)
    [anywhere]:21           (25285/pure-ftpd)
    [anywhere]:22           (4117/sshd)
    [anywhere]:25           (6960/master)
    [localhost]:953         (25310/named)
    *:*:*:*::*:993          (25182/dovecot)
    *:*:*:*::*:995          (25182/dovecot)
    *:*:*:*::*:10023                (21727/postgrey.pid)
    *:*:*:*::*:10024                (24106/amavisd-new)
    *:*:*:*::*:3306         (31872/mysqld)
    [localhost]10           (25182/dovecot)
    [localhost]43           (25182/dovecot)
    [localhost]11           (830/rpcbind)
    *:*:*:*::*:8080         (25243/apache2)
    *:*:*:*::*:80           (25243/apache2)
    *:*:*:*::*:465          (6960/master)
    *:*:*:*::*:8081         (25243/apache2)
    *:*:*:*::*:53           (25310/named)
    *:*:*:*::*:21           (25285/pure-ftpd)
    *:*:*:*::*:22           (4117/sshd)
    *:*:*:*::*:25           (6960/master)
    *:*:*:*::*:953          (25310/named)
    *:*:*:*::*:443          (25243/apache2)
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    fail2ban-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    fail2ban-dovecot-pop3imap  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,99$
    fail2ban-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    fail2ban-ssh  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain fail2ban-dovecot-pop3imap (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-postfix-sasl (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-pureftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    And here comes my master.cf:
    Code:
    #
    # Postfix master process configuration file. 
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    #smtp      inet  n       -       -       -       1       postscreen
    #smtpd     pass  -       -       -       -       -       smtpd
    #dnsblog   unix  -       -       -       -       0       dnsblog
    #tlsproxy  unix  -       -       -       -       0       tlsproxy
    #submission inet n       -       -       -       -       smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       -       -       -       qmqpd
    pickup    unix  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    relay     unix  -       -       -       -       -       smtp
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    # ====================================================================
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    # Old example of delivery via Cyrus.
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    # See the Postfix UUCP_README file for configuration details.
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    # Other external delivery methods.
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    If I try to send an e-mail through gmail.com, I got a notification about a 554 error (Access denied)
     
  6. Jesse Norell

    Jesse Norell Well-Known Member

    For SMTP, what port are you using? 587 is the typical submission port, and your master.cf has it commented out, which could certainly give you a "can't connect" type error.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The issue is what Jesse posted, please remove the # in front of submission. In detail, the issue occurs because you removed the # in front of the -o config lines of the submission entry but not submission itself, so what happens now is that these -o lines get added the "non -o line" before, which is the smtp line, so email receiving and non ssl connections get disabled for port 25. Remove # in front of submission, restart postfix, and the setup should work.
     
  8. webhunter

    webhunter Member HowtoForge Supporter

    :oops: I didn't saw that... wtf...Thank you very much!!!
     

Share This Page