SMTP Authentication

[thanhduongcong]

Hi members,

I'm using ebox-mailserver on Ubuntu 9.04 and it's working perfect now(transport,local delivery mailbox,catch-all as well). All of my users who has mailbox in postfix(ebox-mailserver) always send their e-mail from theirs to the internet when I configured postfix to allow my private IP in LAN, but the mobile users can not send to the internet because postfix gave me errors concern "relay access denied". I'd like to ask you about SMTP Authentication for users to allow them send e-mail to the internet anywhere even they will be working outside my company. I heard about sasauth to allow configure this. Please kindly assist me or is there anyway to configure this man?

Any helps would be appreciated,

[Javier Amor Garcia]

Just enable the 'Require authentication' checkbox in Mail -> General -> Authentication . Then any authenticated user could relay mail.

To authenticate use the email address (not an alias) and the user's password

[thanhduongcong]

Yes I did, but it's not working Sir, anyway thank you for your help. Do I have to configure anything except you mentioned?

[Javier Amor Garcia]

Nothing more. What parameters do you have in your clients? you clients are configured tou se either TLS or SSL?

[thanhduongcong]

Firstly, I configured TLS and require Authentication in ebox (Mail->General->Authentication) but when the clients to be configured with TLS,SSL port SMTP: 465 done, when I was sending email from mobile users then I get error like this

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'it.tech78@yahoo.com'. Subject '1', Account: 'mail.gheonline.com.vn', Server: 'mail.gheonline.com.vn', Protocol: SMTP, Server Response: '554 5.7.1 <unknown[113.161.64.40]>: Client host rejected: Access denied', Port: 465, Secure(SSL): Yes, Server Error: 554, Error Number: 0x800CCC79

Please allow me to get your help about how to configure my mobile client to be authenticated ?

[Javier Amor Garcia]

I would like to see the mail's log to have more information about this error. Can you try  again to send and report here the new lines in /var/log/mail.log?

[thanhduongcong]

Thank you Sir, let me post my /var/log/mail.log while I was sending the message it's here:

Feb  5 17:41:31 TTTFirewall postfix/smtpd[17183]: connect from unknown[72.46.136.227]
Feb  5 17:41:40 TTTFirewall postfix/smtpd[17529]: connect from unknown[113.161.64.40]
Feb  5 17:41:40 TTTFirewall postfix/smtpd[17529]: setting up TLS connection from unknown[113.161.64.40]
Feb  5 17:41:40 TTTFirewall postfix/smtpd[17529]: Anonymous TLS connection established from unknown[113.161.64.40]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Feb  5 17:41:40 TTTFirewall postfix/smtpd[17529]: NOQUEUE: reject: RCPT from unknown[113.161.64.40]: 554 5.7.1 <unknown[113.161.64.40]>: Client host rejected: Access denied; from=<catchall@gheonline.com.vn> to=<it.tech78@yahoo.com> proto=ESMTP helo=<mailsrv>
Feb  5 17:41:40 TTTFirewall postfix/smtpd[17529]: disconnect from unknown[113.161.64.40]
Feb  5 17:41:40 TTTFirewall dovecot: pop3-login: Login: user=<catchall@gheonline.com.vn>, method=PLAIN, rip=113.161.64.40, lip=123.30.108.56, TLS
Feb  5 17:41:40 TTTFirewall dovecot: POP3(catchall@gheonline.com.vn): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Feb  5 17:41:43 TTTFirewall postfix/smtpd[17181]: connect from tx2ehsobe005.messaging.microsoft.com[65.55.88.15]
Feb  5 17:41:43 TTTFirewall postfix/smtpd[16822]: connect from mx1.quoniam.de[217.110.39.61]
Feb  5 17:41:43 TTTFirewall postfix/smtpd[17181]: setting up TLS connection from tx2ehsobe005.messaging.microsoft.com[65.55.88.15]
Feb  5 17:41:43 TTTFirewall postfix/smtpd[16822]: setting up TLS connection from mx1.quoniam.de[217.110.39.61]
Feb  5 17:41:44 TTTFirewall postfix/smtpd[17181]: Anonymous TLS connection established from tx2ehsobe005.messaging.microsoft.com[65.55.88.15]: TLSv1 with cipher RC4-MD5 (128/128 bits)

[Marcello Teodori]

I am trying with Mail.app but without any success, I can only connect without authentication and send to addresses within the same domain, but anyway my internet gateway only allows port 25 in.
Requiring TLS means I need to open other ports from the internet besides 25? As far as I know it be possible to negotiate if plain or TLS and stay on the same port.
As an alternative would it be possible to have authentication without TLS and how?

thanks for any info

[ctek]

Sorry to join your thread but... same issue here... I cannot connect to SMTP server from outside regardles of auth method.... to send emails.

From Lan side is ok, from outside if i try to connect to the server, the client is not able to connect and send the mails.
Is not a firewall problem and the email server is configured "By the book"

After viewing all the logs, at first it looked like the ldap server could not be contacted so i added 0.0.0.0 to the ldap config si the maill.err does not show "can't connect to server ...", but still no resolve.

From mail errors log it seems that the client is able to connect to the server and retrive the mails via pop and then it does a logout and that's all ...

So please some help with this. It's driving me crazy. (and it seems that i'm not the only one)  .
Thank you

Resolved:

After a number of manual hacks of .mas files i have it working. Although i do not know witch of the modiffication is the one that made it work....

I have changed in postfix main.mas  $myorigin with $myhostname.
I have added a extranet object relay witch is 0.0.0.1/8
and som other modifications that i'm not recalling right now...

If someone from ebox staff is willing to take a look into the config files i'll be happy to show them so they can pinpoint the difference between the working and non working config.

The clients now can connnect to my.server.address : 465 with TLS and they are ok to send mails after authentication

Hope this helps a little.
Best regards
Bogdan

[Javier Amor Garcia]

Seeing your log file and your fix, it seems that it was a SMTP helo bug that was solved in ebox-mail 1.4.2 .
If you want you could try this version, however take in account that your modifications will be overwritten so maybe you want to backup them before upgrading

[Marcello Teodori]

solved also for me, it wasn't eBox fault but a problem in the CISCO firewall ahead of it:
  http://tomas.cat/blog/en/how-solve-smtp-auth-errors-postfix-or-any-other-mailserver-behind-cisco-pix-firewall
anyway I think the 25 port would be enough for both plain and TLS using STARTTLS as the output using telnet is exactly the same both using 25 and 465 port:

Code: [Select]

220 eBox ESMTP
EHLO client.example.com
250-mail.example.com
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


[ctek]

I don't know about the original poster but i'm willing to try and see. If this will help develop an even stable release is for the best.

I'll let you know of the updates. I'm going to update now and post the results in a few moments.

Regards
Bogdan


LE:
It seems that my system is already up to date so i don't know with steps to take any further to test.
Any suggestions ?

[Javier Amor Garcia]

I think the 25 port would be enough for both plain and TLS using STARTTLS

Yes, you can use both SMTPS and SMTP in port 25

[Javier Amor Garcia]

Thanks for willing to hep with list but the helo issue was fixed in ebox-mail 1.4.2 .
Or you are talking about other of this thread issues?