You are not logged in.
Hi,
While trying to use my ISP smtp as a relay (smtp.myisp.com:587), I have the following error when trying to send a mail :
host smtp.myisp.com[XXX.XXX.XXX.XXX] said: 550 5.1.0 Authentification required. (in reply to MAIL FROM command)
It seems to me that postfix sends the MAIL FROM command without first authenticating...but (thanks to all the tutos on the web) I have in my config :
/etc/postfix/main.cf :
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
And I have filled /etc/postfix/sasl_passwd as required.
Here is postconf -n:
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 4h
home_mailbox = .Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_backoff_time = 1200s
maximal_queue_lifetime = 1d
minimal_backoff_time = 300s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = my.registered.domain.com
myhostname = my.registered.domain.com
mynetworks = 192.168.1.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination
relayhost = [smtp.mysip.com]:587
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_cname_overrides_servername = no
smtp_helo_timeout = 60s
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_hard_error_limit = 12
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.crt
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
To eliminate some potential causes :
-my log in and passwords are ok because I can 'telnet smtp.myisp.com 587' and send mail manually with AUTH LOGIN method(with base64 encoded login/pass)
-I have a dynamic ip, but 'dig my.ip MX' gives correct answer
-SSL on both smtp and imap are ok because I can connect from a different ip address than my own and receives messages (locally sent from the server)
Any help appreciated :)
Last edited by John0000 (2013-02-12 13:32:21)
Offline
Have you hashed the sasl_passwd file using postmap?
These are the options I use for a similar setup; note it is the "smtp_" options (not "smtpd_")
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpw
smtp_sasl_security_options =
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Thanks for your answer ! Indeed it was the
smtp_sasl_auth_enable = yes
variable I had forgotten...It's working now, at least to send emails.
While I'm at it, would you know why I can't receive mail on my mail server? From a gmail account I got mailer-daemon replies that tell me 'DNS Error: Domain name not found', but a
dig mydomain.tld MX
gives me the correct answer. Could it be my isp is refusing incoming mails ?
Offline
Hard to say without knowing the actual domain you're talking about, but if Google is saying "domain name not found" then it's likely a DNS problem, not specifically email.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Well, I have a dynamic IP address and an account at no-ip :
[acc@host ~]$ dig mydomain.no-ip.org ANY
; <<>> DiG 9.9.2-P1 <<>> mydomain.no-ip.org ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63858
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.no-ip.org. IN ANY
;; ANSWER SECTION:
mydomain.no-ip.org. 60 IN A 82.XXX.XXX.XXX
mydomain.no-ip.org. 60 IN MX 5 mail.mydomain.no-ip.org.
;; AUTHORITY SECTION:
no-ip.org. 84890 IN NS nf4.no-ip.com.
no-ip.org. 84890 IN NS nf3.no-ip.com.
no-ip.org. 84890 IN NS nf1.no-ip.com.
no-ip.org. 84890 IN NS nf5.no-ip.com.
no-ip.org. 84890 IN NS nf2.no-ip.com.
;; ADDITIONAL SECTION:
nf1.no-ip.com. 84890 IN A 50.31.129.129
nf2.no-ip.com. 84890 IN A 69.72.255.8
nf3.no-ip.com. 84890 IN A 69.65.40.108
nf4.no-ip.com. 2090 IN A 180.92.187.122
;; Query time: 158 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 13 17:09:32 2013
;; MSG SIZE rcvd: 246
The opendns, googledns and even my isp dns server give the same answers.
I also have the ports 25 and 993 opened with iptables, and I can be pinged from any internet address.
But until now my comp had be shut down at night, could it be the reason?
Offline
As a wild stab, try in main.cf
disable_dns_lookups = yes
Offline
Thx brebs, I tried, sent a new test email, but I got the same answer from gmail a few hours later.
EDIT : ok I solved the problem, it was in the no-ip configuration, I shouldn't have put mail.mydomain.no-ip.org in the MX field, but simply mydomain.no-ip.org.
Last edited by John0000 (2013-02-13 20:05:00)
Offline
If you want mail.mydomain.no-ip.org. then there should be an option in the no-ip.org control panel to enable "Wildcard" records (if they're anything like DynDNS.org at least) which will point anything.mydomain.no-ip.org. to mydomain.no-ip.org.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline