1 Topic by tchangth

  • tchangth
  • Member
  • Offline
  • Registered: 2017-05-21
  • Posts: 10

Topic: Azure and SMTP 25

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.98
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

For Azure pay-as-you-go customer and for those after Nov 2017, Azure does not allow them to send email through port 25. Azure insists customers should send email through 587. iRedMail Roundcube default configuration for smtp is 587, but I could not send the email out, is there anything I had over-looked? thanks in advance

this is the log:

Jul  7 22:04:03 mail amavis[18982]: (18982-02) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:56290 <peter@certislearning.info> -> <tchangth@singnet.com.sg>, Queue-ID: CE9693F12E, Message-ID: <797aaafacc7914515bc59c314157f352@certislearning.info>, mail_id: KRp2CE9WDSGq, Hits: 0.213, size: 559, queued_as: 26EF740E92, dkim_new=dkim:certislearning.info, 253 ms, Tests: [ALL_TRUSTED=-1,TVD_RCVD_SINGLE=1.213]
Jul  7 22:04:03 mail postfix/10025/smtpd[6517]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jul  7 22:04:03 mail postfix/amavis/smtp[6510]: CE9693F12E: to=<tchangth@singnet.com.sg>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.37, delays=0.08/0.02/0/0.26, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 26EF740E92)

After awhile I would get:

Jul  7 22:04:33 mail postfix/smtp[6318]: 26EF740E92: to=<tchangth@singnet.com.sg>, relay=none, delay=30, delays=0.02/0.01/30/0, dsn=4.4.1, status=deferred (connect to mx-fuse-1.singnet.com.sg[202.40.249.79]:25: Connection timed out)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Azure and SMTP 25

tchangth wrote:

Jul  7 22:04:33 mail postfix/smtp[6318]: 26EF740E92: to=<tchangth@singnet.com.sg>, relay=none, delay=30, delays=0.02/0.01/30/0, dsn=4.4.1, status=deferred (connect to mx-fuse-1.singnet.com.sg[202.40.249.79]:25: Connection timed out)

Port 25 is used for communication between mail servers, it must be open.
if Azure blocks port 25, you have to contact them to open it for your server. If not possible, then you cannot use Azure for mail server.

3 Reply by tchangth

  • tchangth
  • Member
  • Offline
  • Registered: 2017-05-21
  • Posts: 10

Re: Azure and SMTP 25

I had asked Microsoft Technical Support : I cut and paste here the reply (for the benefit of the members here)

I checked the Subscription details for given Subscription ID: 8470c6de-35ae-48f7-8971-b65950343c25, I see the creation date: 6/25/2018, Azure Pass offer.

Regarding the outbound restriction for port 25 for the subscription 8470c6de-35ae-48f7-8971-b65950343c25, as documented in our public article: https://blogs.msdn.microsoft.com/mast/2 … 17-update/  outbound communication on port 25 from Virtual Machines deployed in this subscription is blocked

it went on to suggest:

Possible workaround:

1.            Use secure port like 587 for SMTP communication instead of port 25.

2.            Change the subscription type to Pay-As-You-Go (PAYG) so they can be enabled for port 25 outbound communication

I am currently PAYG, I guess they want me to upgrade my plan to enterprise plan.

4 Reply by tchangth

  • tchangth
  • Member
  • Offline
  • Registered: 2017-05-21
  • Posts: 10

Re: Azure and SMTP 25

I think for the normal azure users Microsoft would like us to use sendgrid app.sendgrid.com service. I document down here so for users who want to iRedMail on azure, it is possible - basically i try to answer the question I started:

The first step is inside azure portal create the sendgrid resource (please remember the password)

1. Edit main.cf and add the following lines:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587

Comment out smtp_tls_security_level = may (I think there are 2 occurances)

2. Edit master.cf, under smtp-amavis unix -  -   -   -  add the following line:

-o smtp_tls_security_level=none

3. create a file /etc/postfix/sasl_passwd and add the following:

[smtp.sendgrid.net]:587 azure_efdca1dac1234c57c6102619ace586ce@azure.com:yourpassword

4. chmod 600 /etc/postfix/sasl_passwd

5. postmap /etc/postfix/sasl_passwd

Remember to restart postfix

https://stackoverflow.com/questions/414 … id-api-key (there is no need to get the api key but just in case u need it)

https://forum.iredmail.org/topic8884-ir … 27001.html

(The above reference is important otherwise you would have the error as shown here taken from mail.log)
Jul 10 06:01:51 mail postfix/amavis/smtp[63100]: 0588A41A06: to=<abc@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.09/0.03/0/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])