1 (edited by clarknova 2022-06-19 07:44:14)

Topic: no longer able to relay from scanner

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.2 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer?: downloadable
- Linux/BSD distribution name and version: Debian GNU/Linux 11 (bullseye)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MARIADB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

My HP CM2320nf scanner cannot be configured to authorise to an SMTP server. The only email variables it accepts are Server, Port, From Address and Subject. At one point I was able to point it to my iredmail server on port 25 and send emails from it successfully. Then I lost my config and restarted from scratch. Now I get a generic error from the scanner ("cannot connect to the SMTP server") immediately when trying to scan to email. On the mail server I see this in the log during the failed send event:

Jun 18 17:24:05 mail postfix/postscreen[1865184]: CONNECT from [104.37.148.71]:27928 to [172.31.0.25]:25
Jun 18 17:24:05 mail postfix/postscreen[1865184]: PREGREET 5 after 0 from [104.37.148.71]:27928: EHLO 
Jun 18 17:24:05 mail postfix/postscreen[1865184]: DISCONNECT [104.37.148.71]:27928

No new lines appear in /var/log/iredapd/iredapd.log during the send attempt.

I have this is /opt/iredapd/settings.py:

MYNETWORKS = ['172.30.0.0/22', '172.31.0.0/24', '104.37.148.71']

While searching the log messages I read a lot of pages that don't seem applicable to my situation. I know this isn't really much to go on, but can somebody point me in the right direction for troubleshooting this?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: no longer able to relay from scanner

I changed the SMTP server on the scanner from the mail server's FQDN (which resolves to a public address), to the server's private IP, which is accessible to the scanner over a VPN. This time when attempting to scan to email, the scanner immediately displays the message "An error occurred while sending the email. Try sending again".

/var/log/mail.log looks like this:

Jun 18 17:49:22 mail postfix/postscreen[1866256]: CONNECT from [172.30.0.122]:58645 to [172.31.0.25]:25
Jun 18 17:49:22 mail postfix/postscreen[1866256]: PREGREET 5 after 0 from [172.30.0.122]:58645: EHLO 
Jun 18 17:49:22 mail postfix/postscreen[1866256]: DISCONNECT [172.30.0.122]:58645

So it looks the same on the server side (other than source IP address, as expected), even if different error on the client side.

3

Re: no longer able to relay from scanner

FYI
https://docs.iredmail.org/allow.send.wi … .auth.html
https://docs.iredmail.org/additional.smtp.port.html

4

Re: no longer able to relay from scanner

Thanks, I didn't see your response until now. I've added the following lines:

/opt/iredapd/settings.py

MYNETWORKS = ['172.30.0.0/22', '172.31.0.0/24', '104.37.148.71']
ALLOWED_LOGIN_MISMATCH_SENDERS = ['do-not-reply@burgess.tech']
GREYLISTING_TRAINING_MODE = True
ALLOWED_FORGED_SENDERS = ['do-not-reply@burgess.tech']

/etc/postfix/master.cf

2525      inet  n       -       -       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_tls_security_level=may
  -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

/etc/postfix/helo_access.pcre

/^CM2320nf$/ OK

/etc/postfix/sender_access.pcre

/^172\.30\.0\.  OK

After restarting the postfix service and trying again, I see this in the log:

Oct  3 10:46:00 mail postfix/smtpd[3047374]: NOQUEUE: reject: RCPT from unknown[172.30.0.122]: 554 5.7.1 <do-not-reply@burgess.tech>: Sender address rejected: Access denied; from=<do-not-reply@burgess.tech> to=<david@burgess.tech> proto=ESMTP helo=<CM2320nf>
Oct  3 10:46:00 mail postfix/smtpd[3047374]: generic_checks: name=reject status=2
Oct  3 10:46:00 mail postfix/smtpd[3047374]: >>> END Sender address RESTRICTIONS <<<
Oct  3 10:46:00 mail postfix/smtpd[3047374]: > unknown[172.30.0.122]: 554 5.7.1 <do-not-reply@burgess.tech>: Sender address rejected: Access denied

I've searched this error and found a few forum threads, but none that appear to match my situation. Where to look next?

5

Re: no longer able to relay from scanner

I see that I missed the trailing '/' in sender_access.pcre. I tried the following instead:

/^172\.30\.0\./  OK

and

/^172\.30\.0\.122$/     OK

restarting the postfix and testing each time, but the error was the same.

6 (edited by clarknova 2022-10-04 01:10:56)

Re: no longer able to relay from scanner

I finally found success by adding this line to my unauthenticated postfix service on port 2525 (/etc/postifx/master.cf):

  -o mynetworks=127.0.0.1,172.30.0.122

per this thread: https://forum.iredmail.org/post73774.html#p73774

It might be worth adding this line to the page here:

https://docs.iredmail.org/additional.smtp.port.html

I don't know why somebody would add an additional listening port to postfix without also adding that line, but there's a lot I don't know.

7

Re: no longer able to relay from scanner

So in fixing SMTP for the scanner I broke it for webmail. When trying to send an email from webmail I get the error "SMTP Error (): Authentication failed." I see this in the log:

Oct  3 11:27:47 mail postfix/submission/smtpd[3049792]: connect from localhost[::1]
Oct  3 11:27:47 mail roundcube: <tiehakn4> PHP Error: SMTP server does not support authentication (POST /mail/?_task=mail&_unlock=loading1664817905899&_framed=1&_action=send)
Oct  3 11:27:47 mail postfix/submission/smtpd[3049792]: disconnect from localhost[::1] ehlo=1 quit=1 commands=2
Oct  3 11:27:47 mail roundcube: <tiehakn4> SMTP Error: Authentication failure: mail.burgess.tech
Oct  3 11:27:47 mail roundcube: PIPELINING
Oct  3 11:27:47 mail roundcube: SIZE 15728640
Oct  3 11:27:47 mail roundcube: ETRN
Oct  3 11:27:47 mail roundcube: STARTTLS
Oct  3 11:27:47 mail roundcube: ENHANCEDSTATUSCODES
Oct  3 11:27:47 mail roundcube: 8BITMIME
Oct  3 11:27:47 mail roundcube: DSN
Oct  3 11:27:47 mail roundcube: SMTPUTF8
Oct  3 11:27:47 mail roundcube: CHUNKING (Code: 250) in /opt/www/roundcubemail-1.5.2/program/lib/Roundcube/rcube.php on line 1795 (POST /mail/?_task=mail&_unlock=loading1664817905899&_framed=1&_action=send)

8 (edited by Cthulhu 2022-10-04 03:49:49)

Re: no longer able to relay from scanner

PREGREET means, the printer ignores the server HELO and has a very very poorly implemented mail function


https://www.postfix.org/POSTSCREEN_README.html

look at the pregreet section


iredmail bans pregreets trough fail2ban, so to avaoid that you need to add the printer to the postscreen access list aswell


and you should revert your other settings and follow the guides



edit: just use an external solution:

https://www.smtp2go.com/setupguide/hp-cm2320/

9

Re: no longer able to relay from scanner

The printer is working. I've reviewed my changes and I suspect it was the upgrade to iRedMail this morning that broke my ability to send mail. I upgraded thinking it was best not to post asking for help if I wasn't running the latest stable.

10 (edited by kysh 2022-10-04 09:04:44)

Re: no longer able to relay from scanner

clarknova wrote:

So in fixing SMTP for the scanner I broke it for webmail. When trying to send an email from webmail I get the error "SMTP Error (): Authentication failed." I see this in the log:

Oct  3 11:27:47 mail postfix/submission/smtpd[3049792]: connect from localhost[::1]
Oct  3 11:27:47 mail roundcube: <tiehakn4> PHP Error: SMTP server does not support authentication (POST /mail/?_task=mail&_unlock=loading1664817905899&_framed=1&_action=send)
Oct  3 11:27:47 mail postfix/submission/smtpd[3049792]: disconnect from localhost[::1] ehlo=1 quit=1 commands=2
Oct  3 11:27:47 mail roundcube: <tiehakn4> SMTP Error: Authentication failure: mail.burgess.tech
Oct  3 11:27:47 mail roundcube: PIPELINING
Oct  3 11:27:47 mail roundcube: SIZE 15728640
Oct  3 11:27:47 mail roundcube: ETRN
Oct  3 11:27:47 mail roundcube: STARTTLS
Oct  3 11:27:47 mail roundcube: ENHANCEDSTATUSCODES
Oct  3 11:27:47 mail roundcube: 8BITMIME
Oct  3 11:27:47 mail roundcube: DSN
Oct  3 11:27:47 mail roundcube: SMTPUTF8
Oct  3 11:27:47 mail roundcube: CHUNKING (Code: 250) in /opt/www/roundcubemail-1.5.2/program/lib/Roundcube/rcube.php on line 1795 (POST /mail/?_task=mail&_unlock=loading1664817905899&_framed=1&_action=send)

Latest roundcube has an issue #8698 on Roundcube Github (Can't post links)

I fell into the same trap when I upgraded and couldn't send mail on webmail anymore. The solution is in the issue but basically the installto.sh script is failing to transfer some files to the roundcube folder.