1 Topic by braindeadgenius (edited by braindeadgenius 2018-02-04 09:48:30)

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Topic: SMTP Login Refused

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
====

I'm using AWS as the host, so I'm unsure of whether some errors are coming from that end or not. However, I have ports 143, 465, 993, 995, 587, and 25 open. In addition, the subdomain mail points to the ELB, not the IP. I did not touch the IPTables settings. I'm trying to connect via IMAP/SMTP through port 143 and 587 utilizing TLS.

A couple errors I've received:

Feb  2 23:56:33 mail postfix/submission/smtpd[2975]: connect from unknown[198.199.98.246]
Feb  2 23:56:33 mail postfix/submission/smtpd[2975]: lost connection after CONNECT from unknown[198.199.98.246]
Feb  2 23:56:33 mail postfix/submission/smtpd[2975]: disconnect from unknown[198.199.98.246] commands=0/0
Feb  2 23:59:54 mail postfix/anvil[2978]: statistics: max connection rate 1/60s for (submission:198.199.98.246) at Feb  2 23:56:33
Feb  2 23:59:54 mail postfix/anvil[2978]: statistics: max connection count 1 for (submission:198.199.98.246) at Feb  2 23:56:33
Feb  2 23:59:54 mail postfix/anvil[2978]: statistics: max cache size 1 at Feb  2 23:56:33
Feb  2 23:56:37 mail dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=198.199.98.246, lip=10.0.0.238, session=<242AdkNkOtHGx2L2>

Also received this response email 1 day after trying to send a test email to the server.

The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [mail.mainelysoftware.com. 52.14.19.77: timed out] [mail.mainelysoftware.com. 52.15.223.142: timed out]


Final-Recipient: rfc822; tyler@mainelysoftware.com
Action: delayed
Status: 4.4.1
Diagnostic-Code: smtp; The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720
 [mail.mainelysoftware.com. 52.14.19.77: timed out]
 [mail.mainelysoftware.com. 52.15.223.142: timed out]
Last-Attempt-Date: Sat, 03 Feb 2018 17:45:34 -0800 (PST)
Will-Retry-Until: Mon, 05 Feb 2018 16:20:59 -0800 (PST)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP Login Refused

braindeadgenius wrote:

A couple errors I've received:

Not errors, safe to ignore.

braindeadgenius wrote:

In addition, the subdomain mail points to the ELB, not the IP.

The MX DNS record must point to your ELB IP address.

3 Reply by braindeadgenius (edited by braindeadgenius 2018-02-18 01:32:36)

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SMTP Login Refused

I've updated the DNS records. I figured I could point to the load balancer since everything else did. Could you ensure these settings are correct? I still have to work with AWS to get the PTR.
SPF -> "v=spf1 mx mx:example.com -all"
MX -> 10 mail.example.com
DKIM -> "v=DKIM1; p=text"
A (mail.example.com) -> Points to IP

These are the logs I get now when I try to connect to SMTP with Outlook 2013. I can login via SMTP, but it can't send mail. sieve.log, pop3.log, and dovecot.log are all empty.

mail.log

Feb 17 17:22:39 mail postfix/anvil[8282]: statistics: max connection rate 1/60s for (submissionMy_IP) at Feb 17 17:19:18
Feb 17 17:22:39 mail postfix/anvil[8282]: statistics: max connection count 1 for (submission:My_IP) at Feb 17 17:19:18
Feb 17 17:22:39 mail postfix/anvil[8282]: statistics: max cache size 1 at Feb 17 17:19:18
Feb 17 17:23:24 mail postfix/submission/smtpd[8311]: connect from My_IP.hsd1.nh.comcast.net[My_IP]
Feb 17 17:23:24 mail postfix/submission/smtpd[8311]: Anonymous TLS connection established from My_IP-95.hsd1.comcast.net[My_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 17 17:23:25 mail postfix/submission/smtpd[8311]: NOQUEUE: reject: RCPT from c-24-147-55-95.hsd1.comcast.net[My_IP]: 554 5.7.1 <My_IP.hsd1.comcast.net[My_IP]>: Client host rejected: Access denied; from=<t$
Feb 17 17:23:25 mail postfix/submission/smtpd[8311]: lost connection after RCPT from My_IP-95.hsd1.nh.comcast.net[My_IP]
Feb 17 17:23:25 mail postfix/submission/smtpd[8311]: disconnect from My_IP.hsd1.comcast.net[My_IP] helo=1 ehlo=1 starttls=1 mail=1 rcpt=0/1 commands=4/5

imap.log

Feb 17 17:23:24 mail dovecot: imap-login: Login: user=<tyler@example.com>, method=PLAIN, rip=MY_IP, lip=10.0.0.238, mpid=8310, TLS, session=<Ztjgt2tlf9QYkzdf>
Feb 17 17:23:24 mail dovecot: imap(tyler@example.com): Connection closed (IDLE running for 0.001 + waiting input for 0.062 secs, 2 B in + 10+0 B out, state=wait-input) in=11 out=388

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP Login Refused

braindeadgenius wrote:

Feb 17 17:23:25 mail postfix/submission/smtpd[8311]: NOQUEUE: reject: RCPT from c-24-147-55-95.hsd1.comcast.net[My_IP]: 554 5.7.1 <My_IP.hsd1.comcast.net[My_IP]>: Client host rejected: Access denied; from=<t$

Did you update any Postfix config files after iRedMail installation?

5 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SMTP Login Refused

ZhangHuangbin wrote:
braindeadgenius wrote:

Feb 17 17:23:25 mail postfix/submission/smtpd[8311]: NOQUEUE: reject: RCPT from c-24-147-55-95.hsd1.comcast.net[My_IP]: 554 5.7.1 <My_IP.hsd1.comcast.net[My_IP]>: Client host rejected: Access denied; from=<t$

Did you update any Postfix config files after iRedMail installation?

No, I did not.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP Login Refused

*) Could you please show me the content of /etc/postfix/master.cf? Just the "submission" section should be enough.
*) Also output of command "postconf -n" please.

7 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SMTP Login Refused

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailq_path = /usr/bin/mailq
message_size_limit = 15728640
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mail.mainelysoftware.com
myhostname = mail.mainelysoftware.com
mynetworks = 127.0.0.1 [::1]
myorigin = mail.mainelysoftware.com
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.[2..11]*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = enforce
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = encrypt
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP Login Refused

I didn't find any obvious configuration issue.

is your mail client application configured to perform SMTP authentication to send email through port 587?

9 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SMTP Login Refused

ZhangHuangbin wrote:

I didn't find any obvious configuration issue.

is your mail client application configured to perform SMTP authentication to send email through port 587?

It should be. The mail setup says that you use 587, and I never changed any of the settings anywhere. All I did was install iRedMail.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP Login Refused

Please just double check the Outlook settings, make sure it's configured to perform SMTP authentication to send email through port 587.

11 Reply by braindeadgenius (edited by braindeadgenius 2018-03-02 19:01:33)

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SMTP Login Refused

ZhangHuangbin wrote:

Please just double check the Outlook settings, make sure it's configured to perform SMTP authentication to send email through port 587.

I know I changed the port when I attempted to login with my Desktop, but I will have to check when I get home from work.
I was able to login with my phone, so it does work for sure.

Edit:
It looks like SMTP "requires authentication" wasn't enabled, so it was not trying to properly login when I used the desktop client. Clicking the checkbox for that enabled it to work now.

Final Questions:
- I enabled SSL in Postfix and Dovecot for mail.example.com and am using the SSL info generated from that. I do not have to update Apache for this subdomain (mail) if I am not actually using it for anything, correct? I have no mail subdomain in my VHost settings.

- How do I setup a default email address so that if an email address does not exist, the mail gets routed to say, admin@example.com?

- How do I change the settings for emails of logs. There is a daily email for LogWatch and for backup for iRedMail. Can I change this to weekly email updates?

12 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP Login Refused

braindeadgenius wrote:

- How do I setup a default email address so that if an email address does not exist, the mail gets routed to say, admin@example.com?

Use a catch-all account:
https://docs.iredmail.org/sql.create.catch-all.html

braindeadgenius wrote:

- How do I change the settings for emails of logs. There is a daily email for LogWatch and for backup for iRedMail. Can I change this to weekly email updates?

It's controlled by program "logwatch", it's ran by cron, you can find its script under /etc/cron.*/