Hey guys,
I'm new here (go figure), but absolutely love this product. I moved from scrollout to this because of the tracking capabilities. It is setup much like a cisco Ironport and I think this has potential to grow.
Anyways, now on to the problem.
Current setup:
VMware Appliance (EFA)
Mail Server (Zimbra on port 25)
Internally (No firewalls)
Externally (Port 587 opened)
All inbound mail comes in on port 587 using No-IP's mail reflector service and then gets scanned by EFA. Once scanned, it then sends it to my Zimbra server on port 25. If i reply to the message, it then gets sent back to my EFA Box and then gets routed to a smart host.
Here is where the problem comes in place. My service provider blocks port 25. By default, EFA uses port 25 to send mail to my smart host. When using port 25, I obviously get "Connection Timed Out".. no brainer so I change the port to 587.
When Changing the port, this is where the error comes in to play - I get an error status on the mail queue that states: "SASL Authentication failed: Cannot Authenticate to domanname[x.x.x.x]: no mechanism available. When disabling Auth, I then get an error that states authentication must be used.
[Domain name is a real domain name and x.x.x.x returns the correct ip.
I do know that my smart host does indeed use port 587 because i've used it previously on scrollout. Thoughts?
Razorsedge
Outbound SMTP Smart Host
Re: Outbound SMTP Smart Host
Hi
how do you change the port from 25 to 587?
how do you change the port from 25 to 587?
-
- Posts: 4
- Joined: 07 Aug 2015 13:08
Re: Outbound SMTP Smart Host
**Edit - Dan - Do you mean for inbound or outbound? if Outbound, see below.
On the Webmin interface, I go to server, SMTP Authentication and Encryption.
Down at the bottom, I typed send outgoing mail via host: Mail.x.org:587
Then I use SASL SMTP AUTH and type in the credentials.
I'm assuming there is some other way to edit the smarthost section and get it to use a different port that 25. As well i'm assuming that it can't distinguish that after the : is a port? possibly?
Razorsedge
On the Webmin interface, I go to server, SMTP Authentication and Encryption.
Down at the bottom, I typed send outgoing mail via host: Mail.x.org:587
Then I use SASL SMTP AUTH and type in the credentials.
I'm assuming there is some other way to edit the smarthost section and get it to use a different port that 25. As well i'm assuming that it can't distinguish that after the : is a port? possibly?
Razorsedge
Re: Outbound SMTP Smart Host
I don't use/have webmin, so I don't know if this works. Does the config menu offers a option to change the outgoing port?
Is viewtopic.php?f=14&t=1035&p=3307&hilit=port#p3307 helpful?
Is viewtopic.php?f=14&t=1035&p=3307&hilit=port#p3307 helpful?
-
- Posts: 4
- Joined: 07 Aug 2015 13:08
Re: Outbound SMTP Smart Host
That doesnt seem to work. Basically says Transport Failure.
I've tried in different strings
* smtp:plover.arvixe.com - this uses port 25
* plover.arvixe.com:587 Transport failure
* smtp:plover.arvixe.com:587 Transport failure
So not sure if sending it on any other port than 25 is possible when using smarthost :/
Razorsedge
I've tried in different strings
* smtp:plover.arvixe.com - this uses port 25
* plover.arvixe.com:587 Transport failure
* smtp:plover.arvixe.com:587 Transport failure
So not sure if sending it on any other port than 25 is possible when using smarthost :/
Razorsedge
-
- Posts: 4
- Joined: 07 Aug 2015 13:08
Re: Outbound SMTP Smart Host
I found an article out there on the web that deals with sending external email which still didnt work:
http://serverfault.com/questions/119278 ... a-port-587
So I got to thinking if it was something to do with my relay through arvixe, so I changed it to google's relay service and I still get SASL authentiaction failed, cannot authenticate to the server :smtp-relay.gmail.com[74.125.21.28]:no mechanism available.
Time to go back to the drawing board with google
Has anyone else has this problem?
razorsedge
http://serverfault.com/questions/119278 ... a-port-587
So I got to thinking if it was something to do with my relay through arvixe, so I changed it to google's relay service and I still get SASL authentiaction failed, cannot authenticate to the server :smtp-relay.gmail.com[74.125.21.28]:no mechanism available.
Time to go back to the drawing board with google
Has anyone else has this problem?
razorsedge
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Outbound SMTP Smart Host
You may need to set up SASL credentials if you are trying to relay through Google.So I got to thinking if it was something to do with my relay through arvixe, so I changed it to google's relay service and I still get SASL authentiaction failed, cannot authenticate to the server :smtp-relay.gmail.com[74.125.21.28]:no mechanism available.
Re: Outbound SMTP Smart Host
Tried to use a smarthost from my bsmtp-provider which needs to be on port 465 (don't know why, but it seems to react on 587 as well)
So I tried both, ports opened on the router to EFA on 465 and 587. I entered the smarthost, login username and password with webmin in the Postfix "SMTP Authentication and Encryption".
On port 465
Postfix: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger)
So I did it, but now inbound to my mailserver is an issue with tls. So skip port 465 cause these additional settings work for in/outbound. And inbound mailserver stays on port 25 internally for reasons.
On port 587
SASL on: SASL authentication failed; cannot authenticate to server smtp.mysmarthost.com[x.x.x.x]: no mechanism available
SASL off: 554 5.7.1 Recipient address rejected: Authentication required (in reply to RCPT TO command)
I'm on a dead end here as well, will have to keep going on smarthost ISP on port 25, but that won't last forever.
Any free smtp-relays besides my ISP and bsmtp provider for further experiments?
So I tried both, ports opened on the router to EFA on 465 and 587. I entered the smarthost, login username and password with webmin in the Postfix "SMTP Authentication and Encryption".
On port 465
Postfix: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger)
So I did it, but now inbound to my mailserver is an issue with tls. So skip port 465 cause these additional settings work for in/outbound. And inbound mailserver stays on port 25 internally for reasons.
On port 587
SASL on: SASL authentication failed; cannot authenticate to server smtp.mysmarthost.com[x.x.x.x]: no mechanism available
SASL off: 554 5.7.1 Recipient address rejected: Authentication required (in reply to RCPT TO command)
I'm on a dead end here as well, will have to keep going on smarthost ISP on port 25, but that won't last forever.
Any free smtp-relays besides my ISP and bsmtp provider for further experiments?
Re: Outbound SMTP Smart Host
I think that you can create a transport map to determine which way to forward your e-mail. Then you need to create a password map to authenticate. Port tcp:465 is the SMTPS protocol port. Port tcp:587 is the client submission port.
/etc/postfix/relay_password_maps
then: #sudo postmap /etc/postfix/relay_password_maps
/etc/postfix/transport_maps
then: #sudo postmap /etc/postfix/transport_maps
/etc/postfix/main.cf
/etc/postfix/tls_policy_maps
then:#sudo postmap /etc/postfix/tls_policy_maps
If you check out http://www.postfix.org/SASL_README.html there is a section on using telnet to determine what the authentication method is that the other server supports. Since it looks like you need TLS, you'll need to read this http://www.postfix.org/TLS_README.html as well.
You may have to add the ports to the transport maps as well, like smtp:smarthost.no1.somedomain.com:465. I'm not really sure. Try it and let me know. You also may need to install the sasl libraries appropriate for the authentication types that you're trying to use...
You can also check out http://www.postfix.org/postconf.5.html. Look for the smtp_tls_wrappermode and smtp_tls_security_level and smtp_tls_policy_maps.
- Create a map file for your username/passwords to authenticate to your relay servers
- Create a transport map to determine which mail should go to which servers
- Enable TLS with a setting of 'may' for your PostFix Server
- Create a TLS policy map to override the setting for each relay ( so you can have multiple settings )
/etc/postfix/relay_password_maps
Code: Select all
smarthost.no1.somedomain.com USERNAME:PASSWORD
smarhotst.no2.someotherdomain.com USERNAME:PASSOWRD
/etc/postfix/transport_maps
Code: Select all
somedomain.com smtp:smarthost.no1.somedomain.com
someotherdomain.com smtp:smarthost.no2.someotherdomain.com
* smtp:if.allelse.fails.com
/etc/postfix/main.cf
Code: Select all
relayhost = hash:/etc/postfix/transport_maps
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password_maps
smtp_sasl_mechanism_filter = digest-md5, auth, login, plain
smtp_sasl_security_options =
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_maps
smtp_tls_wrappermode = yes
Code: Select all
somedomain.com:587 encrypt
someotherdomain.com:465 encrypt protocols=TLSv1 ciphers=high
If you check out http://www.postfix.org/SASL_README.html there is a section on using telnet to determine what the authentication method is that the other server supports. Since it looks like you need TLS, you'll need to read this http://www.postfix.org/TLS_README.html as well.
You may have to add the ports to the transport maps as well, like smtp:smarthost.no1.somedomain.com:465. I'm not really sure. Try it and let me know. You also may need to install the sasl libraries appropriate for the authentication types that you're trying to use...
Code: Select all
$ yum search sasl
Loaded plugins: fastestmirror, security
Determining fastest mirrors
* EFA: dl.efa-project.org
* base: mirror.net.cen.ct.gov
* epel: fedora.mirrors.pair.com
* extras: mirror.trouble-free.net
* updates: mirror.umd.edu
===================================================================================== N/S Matched: sasl =====================================================================================
cyrus-sasl.x86_64 : The Cyrus SASL library
cyrus-sasl-devel.i686 : Files needed for developing applications with Cyrus SASL
cyrus-sasl-devel.x86_64 : Files needed for developing applications with Cyrus SASL
cyrus-sasl-gssapi.i686 : GSSAPI authentication support for Cyrus SASL
cyrus-sasl-gssapi.x86_64 : GSSAPI authentication support for Cyrus SASL
cyrus-sasl-ldap.i686 : LDAP auxprop support for Cyrus SASL
cyrus-sasl-ldap.x86_64 : LDAP auxprop support for Cyrus SASL
cyrus-sasl-lib.i686 : Shared libraries needed by applications which use Cyrus SASL
cyrus-sasl-lib.x86_64 : Shared libraries needed by applications which use Cyrus SASL
cyrus-sasl-md5.i686 : CRAM-MD5 and DIGEST-MD5 authentication support for Cyrus SASL
cyrus-sasl-md5.x86_64 : CRAM-MD5 and DIGEST-MD5 authentication support for Cyrus SASL
cyrus-sasl-ntlm.i686 : NTLM authentication support for Cyrus SASL
cyrus-sasl-ntlm.x86_64 : NTLM authentication support for Cyrus SASL
cyrus-sasl-plain.i686 : PLAIN and LOGIN authentication support for Cyrus SASL
cyrus-sasl-plain.x86_64 : PLAIN and LOGIN authentication support for Cyrus SASL
cyrus-sasl-sql.i686 : SQL auxprop support for Cyrus SASL
cyrus-sasl-sql.x86_64 : SQL auxprop support for Cyrus SASL