While trying to use my ISP smtp as a relay (smtp.myisp.com:587), I have the following error when trying to send a mail :
host smtp.myisp.com[XXX.XXX.XXX.XXX] said: 550 5.1.0 Authentification required. (in reply to MAIL FROM command)
It seems to me that postfix sends the MAIL FROM command without first authenticating...but (thanks to all the tutos on the web) I have in my config :
smtpd_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous
And I have filled /etc/postfix/sasl_passwd as required.
Here is postconf -n:
alias_database = $alias_maps alias_maps = hash:/etc/postfix/aliases append_dot_mydomain = no biff = no bounce_queue_lifetime = 1d broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 delay_warning_time = 4h home_mailbox = .Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maximal_backoff_time = 1200s maximal_queue_lifetime = 1d minimal_backoff_time = 300s mydestination = $myhostname, localhost.$mydomain, localhost mydomain = my.registered.domain.com myhostname = my.registered.domain.com mynetworks = 192.168.1.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = $mydestination relayhost = [smtp.mysip.com]:587 sample_directory = /etc/postfix/sample sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_cname_overrides_servername = no smtp_helo_timeout = 60s smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_hard_error_limit = 12 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_soft_error_limit = 3 smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/mail.crt smtpd_tls_key_file = /etc/ssl/private/mail.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 450
To eliminate some potential causes :
-my log in and passwords are ok because I can 'telnet smtp.myisp.com 587' and send mail manually with AUTH LOGIN method(with base64 encoded login/pass)
-I have a dynamic ip, but 'dig my.ip MX' gives correct answer
-SSL on both smtp and imap are ok because I can connect from a different ip address than my own and receives messages (locally sent from the server)
Any help appreciated :)
Last edited by John0000 (2013-02-12 13:32:21)
Have you hashed the sasl_passwd file using postmap?
These are the options I use for a similar setup; note it is the "smtp_" options (not "smtpd_")
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/saslpw smtp_sasl_security_options =
Thanks for your answer ! Indeed it was the
smtp_sasl_auth_enable = yes
variable I had forgotten...It's working now, at least to send emails.
While I'm at it, would you know why I can't receive mail on my mail server? From a gmail account I got mailer-daemon replies that tell me 'DNS Error: Domain name not found', but a
dig mydomain.tld MX
gives me the correct answer. Could it be my isp is refusing incoming mails ?
Hard to say without knowing the actual domain you're talking about, but if Google is saying "domain name not found" then it's likely a DNS problem, not specifically email.
Well, I have a dynamic IP address and an account at no-ip :
[acc@host ~]$ dig mydomain.no-ip.org ANY ; <<>> DiG 9.9.2-P1 <<>> mydomain.no-ip.org ANY ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63858 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mydomain.no-ip.org. IN ANY ;; ANSWER SECTION: mydomain.no-ip.org. 60 IN A 82.XXX.XXX.XXX mydomain.no-ip.org. 60 IN MX 5 mail.mydomain.no-ip.org. ;; AUTHORITY SECTION: no-ip.org. 84890 IN NS nf4.no-ip.com. no-ip.org. 84890 IN NS nf3.no-ip.com. no-ip.org. 84890 IN NS nf1.no-ip.com. no-ip.org. 84890 IN NS nf5.no-ip.com. no-ip.org. 84890 IN NS nf2.no-ip.com. ;; ADDITIONAL SECTION: nf1.no-ip.com. 84890 IN A 220.127.116.11 nf2.no-ip.com. 84890 IN A 18.104.22.168 nf3.no-ip.com. 84890 IN A 22.214.171.124 nf4.no-ip.com. 2090 IN A 126.96.36.199 ;; Query time: 158 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Feb 13 17:09:32 2013 ;; MSG SIZE rcvd: 246
The opendns, googledns and even my isp dns server give the same answers.
I also have the ports 25 and 993 opened with iptables, and I can be pinged from any internet address.
But until now my comp had be shut down at night, could it be the reason?
Thx brebs, I tried, sent a new test email, but I got the same answer from gmail a few hours later.
EDIT : ok I solved the problem, it was in the no-ip configuration, I shouldn't have put mail.mydomain.no-ip.org in the MX field, but simply mydomain.no-ip.org.
Last edited by John0000 (2013-02-13 20:05:00)
If you want mail.mydomain.no-ip.org. then there should be an option in the no-ip.org control panel to enable "Wildcard" records (if they're anything like DynDNS.org at least) which will point anything.mydomain.no-ip.org. to mydomain.no-ip.org.