Page 1 of 1

SOLVED: Smart host with SMTP AUTH LOGIN not working

Posted: 09 May 2019 06:20
by e-d-i-t
Okay, so I have been digging into this problem a while ago in EFA3 but now I installed a clean version of EFA4 on a minimal CentOS7 install and try again.
I need to use a smarthost as my Internet provider blocks port 25 at home.
So incoming is set to the bsmtp server of my host provider, outgoing is set to their smarthost where I need to authenticate.

For me one thing is certain after searching without real postfix knowledge, we have to set "smtp_" variables as we are talking about the SMTP outgoing part here.

A setting already there in the main.cf postfix config, once you installed EFA:

Code: Select all

smtpd_use_tls = yes
smtp_use_tls = yes
Need to add:

Code: Select all

relayhost = [smtp.myhostprovider.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_auth_only = yes
But it seems I need this too (which is not there):

Code: Select all

smtp_sasl_auth_enable = yes
And here comes the fun part...

Do realise I have used postmap to hash the password file set in smtp_sasl_password_maps, I even set it to static:myusername:mypassword.
But whatever I try, I always get a bounce from my smarthost.

bounced (host smtp.myhostprovider.com[xx.xx.xx.xx] said: 554 5.7.1 Recipient address rejected: Authentication required (in reply to RCPT TO command))

It looks like we are using postfix version 2.1? (Somewhere in main.cf it shows but could be an old config file?)
So basically I cannot set the log level any higher than 1 in postfix for TLS logging? Something I read...

So we tried:

Code: Select all

smtp_tls_security_level = encrypt
When I change this specific setting to "encrypt" (I'm being told my smarthost needs the user/pass after encrypting the connection) I test EFA to send me a detailed spam report by mail to an external address which has to go via the smarthost. It fails and throws a red coloured error on the web interface stating it cannot send the report.

If I set this setting to "may", it sends the report and you can see it being sent, but fails eventually being bounced by the smarthost.

So we think something is preventing the actual username/password to be sent correctly?
I can succesfully connect to the smarthost with an online tester but not with the postfix in EFA3 and EFA4.

So I am getting lost here, leaving me a few options:
  • Dig into EFA's postfix deeper and try to understand what is going on. (Is the actual certificate after a clean install EFA4 active/valid for TLS?)
  • Install a clean CentOS7 with postfix and build an intermediate smarthost between EFA and my smarthost (to prove that postfix can actually connect to my smarthost)
  • Use my Windows hypervisor where EFA runs on and activate the IIS smtp service as an intermediate (figuring out stuff with local certificates first)

Re: Outgoing mail: Smart host with SMTP AUTH LOGIN not working

Posted: 09 May 2019 17:34
by ethandee178
ONe thing i have forgotten in the past, that maybe helpful,

[mail.isp.example]:587 username:password

the syntax for the sasl_passwd file is different if you use port 587.
Have you tried this already?

Re: Outgoing mail: Smart host with SMTP AUTH LOGIN not working

Posted: 10 May 2019 16:45
by e-d-i-t
That got me a bit closer to a next problem and maybe the way to a fix.

First of all, the config setting in main.cf seems wrong:

Code: Select all

smtp_tls_security_options = noanonymous
It needs to be:

Code: Select all

smtp_sasl_security_options = noanonymous
Now we get a fail in the maillog:
warning: SASL authentication failure: No worthy mechs found

And this seems to be pointing to a missing libsasl2-modules

yum install libsasl2-modules didn''t work.
So this is where I am now, close ;-)

Re: Outgoing mail: Smart host with SMTP AUTH LOGIN not working

Posted: 10 May 2019 16:51
by e-d-i-t
Maybe i need this instead.

yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain

SOLVED: Smart host with SMTP AUTH LOGIN not working

Posted: 10 May 2019 17:19
by e-d-i-t
EUREKA!

So it seems EFA4 is missing libraries for outgoing authenticated smtp to a smarthost.
Maybe even EFA3, but ah well,... I stick to 4 anyway.

Re: SOLVED: Smart host with SMTP AUTH LOGIN not working

Posted: 15 May 2019 13:09
by ethandee178
Smashing :clap:

Re: SOLVED: Smart host with SMTP AUTH LOGIN not working

Posted: 19 May 2019 21:55
by e-d-i-t
In EFA3 these libraries are allready installed, so basically it was a wrong config in main.cf and the notation of the host in the password file.
Got it working in EFA3 as well, so I can continue for now in production with authenticated smtp to a smart host.