SOLVED: Smart host with SMTP AUTH LOGIN not working
Posted: 09 May 2019 06:20
Okay, so I have been digging into this problem a while ago in EFA3 but now I installed a clean version of EFA4 on a minimal CentOS7 install and try again.
I need to use a smarthost as my Internet provider blocks port 25 at home.
So incoming is set to the bsmtp server of my host provider, outgoing is set to their smarthost where I need to authenticate.
For me one thing is certain after searching without real postfix knowledge, we have to set "smtp_" variables as we are talking about the SMTP outgoing part here.
A setting already there in the main.cf postfix config, once you installed EFA:
Need to add:
But it seems I need this too (which is not there):
And here comes the fun part...
Do realise I have used postmap to hash the password file set in smtp_sasl_password_maps, I even set it to static:myusername:mypassword.
But whatever I try, I always get a bounce from my smarthost.
bounced (host smtp.myhostprovider.com[xx.xx.xx.xx] said: 554 5.7.1 Recipient address rejected: Authentication required (in reply to RCPT TO command))
It looks like we are using postfix version 2.1? (Somewhere in main.cf it shows but could be an old config file?)
So basically I cannot set the log level any higher than 1 in postfix for TLS logging? Something I read...
So we tried:
When I change this specific setting to "encrypt" (I'm being told my smarthost needs the user/pass after encrypting the connection) I test EFA to send me a detailed spam report by mail to an external address which has to go via the smarthost. It fails and throws a red coloured error on the web interface stating it cannot send the report.
If I set this setting to "may", it sends the report and you can see it being sent, but fails eventually being bounced by the smarthost.
So we think something is preventing the actual username/password to be sent correctly?
I can succesfully connect to the smarthost with an online tester but not with the postfix in EFA3 and EFA4.
So I am getting lost here, leaving me a few options:
I need to use a smarthost as my Internet provider blocks port 25 at home.
So incoming is set to the bsmtp server of my host provider, outgoing is set to their smarthost where I need to authenticate.
For me one thing is certain after searching without real postfix knowledge, we have to set "smtp_" variables as we are talking about the SMTP outgoing part here.
A setting already there in the main.cf postfix config, once you installed EFA:
Code: Select all
smtpd_use_tls = yes
smtp_use_tls = yes
Code: Select all
relayhost = [smtp.myhostprovider.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_auth_only = yes
Code: Select all
smtp_sasl_auth_enable = yes
Do realise I have used postmap to hash the password file set in smtp_sasl_password_maps, I even set it to static:myusername:mypassword.
But whatever I try, I always get a bounce from my smarthost.
bounced (host smtp.myhostprovider.com[xx.xx.xx.xx] said: 554 5.7.1 Recipient address rejected: Authentication required (in reply to RCPT TO command))
It looks like we are using postfix version 2.1? (Somewhere in main.cf it shows but could be an old config file?)
So basically I cannot set the log level any higher than 1 in postfix for TLS logging? Something I read...
So we tried:
Code: Select all
smtp_tls_security_level = encrypt
If I set this setting to "may", it sends the report and you can see it being sent, but fails eventually being bounced by the smarthost.
So we think something is preventing the actual username/password to be sent correctly?
I can succesfully connect to the smarthost with an online tester but not with the postfix in EFA3 and EFA4.
So I am getting lost here, leaving me a few options:
- Dig into EFA's postfix deeper and try to understand what is going on. (Is the actual certificate after a clean install EFA4 active/valid for TLS?)
- Install a clean CentOS7 with postfix and build an intermediate smarthost between EFA and my smarthost (to prove that postfix can actually connect to my smarthost)
- Use my Windows hypervisor where EFA runs on and activate the IIS smtp service as an intermediate (figuring out stuff with local certificates first)