[SOLVED]SMTP -> ERROR: RCPT not accepted from server: 530 5.7.0 Must issue a STARTTLS command first

Discussion in 'Installation/Configuration' started by webhunter, Jun 8, 2016.

  1. webhunter

    webhunter New Member HowtoForge Supporter

    What's wrong? I am going crazy. Followed the https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/ tutorial but can't send receive any e-mails.

    postconf -n
    Code:
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    append_dot_mydomain = no
    biff = no
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    content_filter = amavis:[127.0.0.1]:10024
    dovecot_destination_recipient_limit = 1
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    inet_protocols = all
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    myhostname = server101.teltow-flaeming.it
    mynetworks = 127.0.0.0/8 [::1]/128
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    owner_request_special = no
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    readme_directory = /usr/share/doc/postfix
    receive_override_options = no_address_mappings
    recipient_delimiter = +
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    relayhost =
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_security_level = may
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    smtpd_client_message_rate_limit = 100
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_transport = dovecot
    virtual_uid_maps = static:5000
    
    Any ideas?

    Thnx
     
  2. Jesse Norell

    Jesse Norell Active Member

    Sounds like you just need to enable TLS in your email client settings. ("server requires encryption" maybe, or something labeled SSL or TLS for the outgoing/smtp server)
     
  3. webhunter

    webhunter New Member HowtoForge Supporter

    Hi Jesse,
    I am using Outlook 2016.
    I tried all available settings: SSL, TLS, automatic. No luck
    The client throws an error : "Can't connect to IMAP or SMTP server."
    Error 0x800CCOE
    :/
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. webhunter

    webhunter New Member HowtoForge Supporter

    Hi Till, thanks for responding and your great tutorials!
    At first the output of the testscript:
    Code:
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.0.5.4p9
    ##### VERSION CHECK #####
    [INFO] php (cli) version is 5.6.20-0+deb8u1
    [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.20-0+deb8u1
    ##### PORT CHECK #####
    
    ##### MAIL SERVER CHECK #####
    [WARN] I found no "submission" entry in your postfix master.cf
    [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this.
    
    ##### RUNNING SERVER PROCESSES #####
    [INFO] I found the following web server(s):
            Apache 2 (PID 25243)
    [INFO] I found the following mail server(s):
            Postfix (PID 6960)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 25182)
    [INFO] I found the following imap server(s):
            Dovecot (PID 25182)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 25285)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [anywhere]:993          (25182/dovecot)
    [anywhere]:995          (25182/dovecot)
    [localhost]:10023               (21727/postgrey.pid)
    [localhost]:10024               (24106/amavisd-new)
    [localhost]:10025               (6960/master)
    [localhost]:11211               (31436/memcached)
    [anywhere]:110          (25182/dovecot)
    [anywhere]:143          (25182/dovecot)
    [anywhere]:111          (830/rpcbind)
    [anywhere]:465          (6960/master)
    ***.***.***.***:53              (25310/named)
    [localhost]:53          (25310/named)
    [anywhere]:21           (25285/pure-ftpd)
    [anywhere]:22           (4117/sshd)
    [anywhere]:25           (6960/master)
    [localhost]:953         (25310/named)
    *:*:*:*::*:993          (25182/dovecot)
    *:*:*:*::*:995          (25182/dovecot)
    *:*:*:*::*:10023                (21727/postgrey.pid)
    *:*:*:*::*:10024                (24106/amavisd-new)
    *:*:*:*::*:3306         (31872/mysqld)
    [localhost]10           (25182/dovecot)
    [localhost]43           (25182/dovecot)
    [localhost]11           (830/rpcbind)
    *:*:*:*::*:8080         (25243/apache2)
    *:*:*:*::*:80           (25243/apache2)
    *:*:*:*::*:465          (6960/master)
    *:*:*:*::*:8081         (25243/apache2)
    *:*:*:*::*:53           (25310/named)
    *:*:*:*::*:21           (25285/pure-ftpd)
    *:*:*:*::*:22           (4117/sshd)
    *:*:*:*::*:25           (6960/master)
    *:*:*:*::*:953          (25310/named)
    *:*:*:*::*:443          (25243/apache2)
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    fail2ban-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    fail2ban-dovecot-pop3imap  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,99$
    fail2ban-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    fail2ban-ssh  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain fail2ban-dovecot-pop3imap (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-postfix-sasl (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-pureftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    And here comes my master.cf:
    Code:
    #
    # Postfix master process configuration file. 
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    #smtp      inet  n       -       -       -       1       postscreen
    #smtpd     pass  -       -       -       -       -       smtpd
    #dnsblog   unix  -       -       -       -       0       dnsblog
    #tlsproxy  unix  -       -       -       -       0       tlsproxy
    #submission inet n       -       -       -       -       smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       -       -       -       qmqpd
    pickup    unix  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    relay     unix  -       -       -       -       -       smtp
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    # ====================================================================
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    # Old example of delivery via Cyrus.
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    # See the Postfix UUCP_README file for configuration details.
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    # Other external delivery methods.
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    If I try to send an e-mail through gmail.com, I got a notification about a 554 error (Access denied)
     
  6. Jesse Norell

    Jesse Norell Active Member

    For SMTP, what port are you using? 587 is the typical submission port, and your master.cf has it commented out, which could certainly give you a "can't connect" type error.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The issue is what Jesse posted, please remove the # in front of submission. In detail, the issue occurs because you removed the # in front of the -o config lines of the submission entry but not submission itself, so what happens now is that these -o lines get added the "non -o line" before, which is the smtp line, so email receiving and non ssl connections get disabled for port 25. Remove # in front of submission, restart postfix, and the setup should work.
     
  8. webhunter

    webhunter New Member HowtoForge Supporter

    :oops: I didn't saw that... wtf...Thank you very much!!!
     

Share This Page