1 Topic by dann0 (edited by dann0 2018-10-31 03:41:15)

  • dann0
  • Member
  • Offline
  • Registered: 2018-10-31
  • Posts: 6

Topic: SoGo EAS Unable to Send mail on iOS

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 OPENLDAP edition
- Linux/BSD distribution name and version: CentOS Linux release 7.5.1804 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I am getting the following error when I try to send mail from iOS device (using sogo eas)
Cannot Send Mail - The message was rejected by the server.

Sending from both Round Cube and SoGo web interfaces works fine. Only seems to be an issue with EAS

I see the following in maillog: (domains/users sanitized)
Oct 30 15:34:27 404-svr05 postfix/smtpd[22153]: connect from localhost[127.0.0.1]
Oct 30 15:34:27 404-svr05 postfix/smtpd[22153]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost); from=<user@iredmailserver.com> to=<user@gmail.com> proto=ESMTP helo=<localhost>
Oct 30 15:34:27 404-svr05 postfix/smtpd[22153]: disconnect from localhost[127.0.0.1]

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SoGo EAS Unable to Send mail on iOS

dann0 wrote:

Oct 30 15:34:27 404-svr05 postfix/smtpd[22153]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost); from=<user@iredmailserver.com> to=<user@gmail.com> proto=ESMTP helo=<localhost>

Please make sure you have SMTP Authentication enabled in your iOS devices.

3 Reply by dann0

  • dann0
  • Member
  • Offline
  • Registered: 2018-10-31
  • Posts: 6

Re: SoGo EAS Unable to Send mail on iOS

Thanks for the quick reply!

iOS device is setup using EAS, I don't see any option for SMTP. If I configured as IMAP/POP I think I would see the SMTP section, but trying to use EAS.

Thanks!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SoGo EAS Unable to Send mail on iOS

on iOS device, you should add this account as an "Exchange" account (Settings -> Passwords & Accounts -> Add Account -> Exchange), it will ask you to type username and password.

5 Reply by dann0 (edited by dann0 2018-11-02 00:30:57)

  • dann0
  • Member
  • Offline
  • Registered: 2018-10-31
  • Posts: 6

Re: SoGo EAS Unable to Send mail on iOS

ZhangHuangbin wrote:

on iOS device, you should add this account as an "Exchange" account (Settings -> Passwords & Accounts -> Add Account -> Exchange), it will ask you to type username and password.

That is how I have added the account.

I Think the problem is between SoGo (handling the EAS) and how that is handed off to dovecot/postfix (I think postfix as I'm trying to send) Postfix doesn't seem to trust connections from localhost or 127.0.0.1 is what I got from the log error I posted.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SoGo EAS Unable to Send mail on iOS

I think you pasted unrelated log in first post. sad
Could you try again and extract the log?

7 Reply by dann0

  • dann0
  • Member
  • Offline
  • Registered: 2018-10-31
  • Posts: 6

Re: SoGo EAS Unable to Send mail on iOS

ZhangHuangbin wrote:

I think you pasted unrelated log in first post. sad
Could you try again and extract the log?

I ran two tests
1.) test sending from roundcube - test OK
2.) testing sending from iOS - test FAIL

sanitized output of /var/log/maillog |grep postfix

Nov  5 16:18:44 iredmail01 postfix/submission/smtpd[24013]: connect from localhost[127.0.0.1]
Nov  5 16:18:44 iredmail01 postfix/submission/smtpd[24013]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Nov  5 16:18:44 iredmail01 postfix/submission/smtpd[24013]: 1DAB11841AEB: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=user@iredmailserver.com
Nov  5 16:18:44 iredmail01 postfix/cleanup[23517]: 1DAB11841AEB: message-id=<ea9afb3637173e0c70f3b7e4e57a34aa@404trapier.com>
Nov  5 16:18:44 iredmail01 postfix/qmgr[1723]: 1DAB11841AEB: from=<user@iredmailserver.com>, size=567, nrcpt=1 (queue active)
Nov  5 16:18:44 iredmail01 postfix/submission/smtpd[24013]: disconnect from localhost[127.0.0.1]
Nov  5 16:18:44 iredmail01 postfix/10025/smtpd[23538]: connect from localhost[127.0.0.1]
Nov  5 16:18:44 iredmail01 postfix/10025/smtpd[23538]: 9D2F31841AEC: client=localhost[127.0.0.1]
Nov  5 16:18:44 iredmail01 postfix/cleanup[23517]: 9D2F31841AEC: message-id=<ea9afb3637173e0c70f3b7e4e57a34aa@404trapier.com>
Nov  5 16:18:44 iredmail01 postfix/qmgr[1723]: 9D2F31841AEC: from=<user@iredmailserver.com>, size=1700, nrcpt=1 (queue active)
Nov  5 16:18:44 iredmail01 postfix/10025/smtpd[23538]: disconnect from localhost[127.0.0.1]
Nov  5 16:18:44 iredmail01 postfix/amavis/smtp[23522]: 1DAB11841AEB: to=<user@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.59, delays=0.06/0/0.01/0.52, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9D2F31841AEC)
Nov  5 16:18:44 iredmail01 postfix/qmgr[1723]: 1DAB11841AEB: removed
Nov  5 16:18:45 iredmail01 postfix/smtp[24028]: Untrusted TLS connection established to outbound.mailhop.org[52.28.251.132]:2525: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Nov  5 16:18:50 iredmail01 postfix/smtp[24028]: 9D2F31841AEC: to=<user@gmail.com>, relay=outbound.mailhop.org[52.28.251.132]:2525, delay=6, delays=0.01/0.09/2.3/3.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 60b16417-e140-11e8-9048-075f73944867)
Nov  5 16:18:50 iredmail01 postfix/qmgr[1723]: 9D2F31841AEC: removed
Nov  5 16:19:27 iredmail01 postfix/smtpd[22922]: connect from localhost[127.0.0.1]
Nov  5 16:19:27 iredmail01 postfix/smtpd[22922]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost); from=<user@iredmailserver.com> to=<user@gmail.com> proto=ESMTP helo=<localhost>
Nov  5 16:19:27 iredmail01 postfix/smtpd[22922]: disconnect from localhost[127.0.0.1]

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SoGo EAS Unable to Send mail on iOS

Again, i don't think your iOS mail client is correctly configured, seems SMTP authentication is missing.

With SMTP authentication, postfix will bypass the HELO check completely, so no "Helo command rejected" error at all.

9 Reply by dann0

  • dann0
  • Member
  • Offline
  • Registered: 2018-10-31
  • Posts: 6

Re: SoGo EAS Unable to Send mail on iOS

ZhangHuangbin wrote:

Again, i don't think your iOS mail client is correctly configured, seems SMTP authentication is missing.

With SMTP authentication, postfix will bypass the HELO check completely, so no "Helo command rejected" error at all.

I don't know any other way to configure iOS Mail App, I selected Exchange, and then filled in the required fields. I work with a lot of native exchange and Office 365 deployments professionally. There is no option to configure SMTP anything for an exchange active sync mail profile.

It is my understanding the SoGO is used to facilitate the EAS connectivity in iRedMail. It seems like from the logs that when the connection comes from SoGo it's not trying to use TLS, is there a way to check that, or some place in SoGo logs that I should be looking?

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SoGo EAS Unable to Send mail on iOS

I'm afraid that we need a new smtp port for SOGo in this case, but with default iRedMail settings, it works fine.

*) Add new lines in /etc/postfix/master.cf:

127.0.0.1:2525    inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/plain-smtp-2525
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_security_level=may
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

*) In /etc/sogo/sogo.conf, update "SOGoSMTPServer" setting:

    SOGoSMTPServer = 127.0.0.1:2525;

*) Restart both postfix and sogo services.

11 Reply by dann0

  • dann0
  • Member
  • Offline
  • Registered: 2018-10-31
  • Posts: 6

Re: SoGo EAS Unable to Send mail on iOS

ZhangHuangbin wrote:

I'm afraid that we need a new smtp port for SOGo in this case, but with default iRedMail settings, it works fine.

*) Add new lines in /etc/postfix/master.cf:

127.0.0.1:2525    inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/plain-smtp-2525
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_security_level=may
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

*) In /etc/sogo/sogo.conf, update "SOGoSMTPServer" setting:

    SOGoSMTPServer = 127.0.0.1:2525;

*) Restart both postfix and sogo services.


I was able to resolve the issue - It was discovered that someone had followed this doc:
https://docs.iredmail.org/allow.insecur … tions.html

Section: Allow insecure SMTP connection on port 25

Once I undid these changes I was able to send mail from iOS again. I believe that your solution above would have also resolved the issue. The changes to port 25 were done while testing a multifunction device, but it was ultimately not used. The changes were never backed out.

Thank you for all the help on this!