SASL Authentication For Mail Server (Sendmail/Postfix)
Mar 18, 2007
I recently moved to virtual dedicated hosting for my website, mainly because I wanted a better mail server to work with to manage a mailing list.
I have a few PHP software scripts for different things: managing affiliates and email marketing.
I want to send mail using both of those via SMTP on my new server. They both have a place to type in the host and username/password.
The problem I am noticing is SASL Authentication. They attempt to connect to the host without any trouble. However, the affiliate software fails SASL Authentication every time I try to send an email or test the email system.
Email marketing software connects when I manually send a campaign. However, users are supposed to immediately receive a confirmation mail upon opting in. In this case, it shows up as an attempt in the mail log, but it fails SASL Authentication. I don't know if it's a problem with the software or not, since it attempts to connect but fails, yet connects successfully in other cases.
My question is this: Is there another way around this? I've contacted my host to double check on the appropriate username/password to pass authentication. I will also be contacting the software developers after I receive an answer.
But if nothing comes of it, is there any way around it? Is there a place where I can have it automatically authenticate if the email is coming from a certain user, or if the attempt is being made from the same server (everything sits on the same server, I use localhost in the software to connect to the mail server). Since I am the only person who has access to the server and uses it, it seems safe to automatically authenticate if the request is being asked by the server itself...
I'm just looking for other alternatives if the software does indeed have a problem and I cannot figure it out.
Keep in mind I am very new to all this server and root access. Just a few days ago I was on a shared hosting plan, so I didn't have any access to anything. With that in mind, I know very little about mail servers, although I've been learning more over the past few days. I only stumbled upon the mail logs on my server recently by browsing files in the control panel (I'm not familiar with SSH, although I do have access to it)
I have a new Plesk 11.0.9. #34 server with Centos 6.3 64bit.
I made a few changes in order to be PCI Compliant.
I created a domain and try to send email with no luck.
----------Maillog------------ Jan 24 16:01:28 server7 pop3d-ssl: Connection, ip=[::ffff:X.X.X.X] Jan 24 16:01:34 server7 pop3d-ssl: IMAP connect from @ [::ffff:X.X.X.X]ERR: LOGIN FAILED, ip=[::ffff:X.X.X.X] Jan 24 16:01:34 server7 pop3d-ssl: Unexpected SSL connection shutdown. Jan 24 16:01:48 server7 pop3d-ssl: Connection, ip=[::ffff:X.X.X.X]
[Code] ....
As you can see from the logs, the pop/imap connection is successful. I login to webmail with the username/password successfully. I can't send from Outlook/thunderbird etc.
Tried to rebuild emails with /usr/local/psa/admin/sbin/mchk --with-spam but no luck.
Ubuntu 14.04 with Plesk 12 (10 Domain License).Using this for mail only... multiple domains.Postfix and Dovecot installed. Trying to figure out how to do:
- SASL Auth (Dovecot) - TLS - want above two to be mandatory... no plain text auth and no unencrypted connections.
How do I achieve this with Plesk 12?I have found countless how-to's about doing this with Vanilla (non Plesk) installs with the same server software. However, Postfix main.cf and master.cf both appear to have specific Plesk modificatuons. Same thing for the related Dovecot conf files... also have Plesk specific modifications.
I see no way to enable the desired settings from the Plesk Panel. Can't achieve this within the Panel but also can't modify the conf files without potentially breaking some Plesk-specific functionality? My original hope in purchasing the Plesk license was to make administration of the mail server easier. Unfortunately, I'm struggling to do this now and may have already had this figured out had I not bothered with the Panel.
I've just setup CentOS 6.6 with Plesk at my Hoster OVH. Now when I want to connect to the smtp server I get following message:
Code: SASL LOGIN authentication failed: encryption needed to use mechanism SASL auth is enabled in the main.cf also submission. I connect to tls://smtp.example.com:587 with my email and password.
I can't figure out how to be able to send mails using sendmail. I've a dovecot/sendmail installation and I can recieve mails OK but when I try to send mail I get the error message "Relaying denied. Proper authentication required."
Example from maillog: Oct 2 18:10:08 localhost sendmail[2196]: l92GA4UC002196: ruleset=check_rcpt, arg1=<xxxxx@gmail.com>, relay=rl-nvt-kaxx.xxxxxx.xxx [000.000.000.000] ....
I have a Plesk installation with Commandline access. Also on this server is a Request tracker installation. (The reason for the commandline access) CentOs 6 Server.
All installations are up to date, but this actually broke my installation after the last Plesk Upgrade.
At the last Plesk upgrade, my Request Tracker installation can no longer use sendmail to send email directly from the server.
The errors I am getting are: /var/log/maillog: May 1 22:58:53 vs10-janey postfix/smtpd[5345]: connect from localhost[127.0.0.1] May 1 22:58:53 vs10-janey postfix/smtpd[5345]: disconnect from localhost[127.0.0.1] May 1 22:58:53 vs10-janey plesk sendmail[5348]: Unable to get sender domain by sender mailname May 1 22:58:53 vs10-janey py_limit_out[5349]: ERROR Rejecting forged message: PPP_SENDER_VHOST_ID is present in environment, but its value is empty May 1 22:58:53 vs10-janey plesk sendmail[5348]: handlers_stderr: DATA REPLY:554:5.7.0 Your message could not be sent. The sender's domain is not registered in Panel, or is misconfigured.#012REJECT May 1 22:58:53 vs10-janey plesk sendmail[5348]: REJECT during call 'limit-out' handler
I have a brandnew server with CENTOS 6.5 Final with Plesk 12.
For some reason unknown i'm not able to configure Postfix as smtp server and accept plain text autentication. It only accept TLS autentication both on port 25 or 587. If i install Qmail everything works without any problem.
I know they're just self signed certs on the postfix mail servers used in PPA, but how can I renew them, customer was cautious about it once they saw it had expired.
I have found this: [URL] .... and was wondering is this the correct procedure to update the SSL cert?
A better title might be "hotmail or yahoo won't accept the emails from sendmail."
I have sendmail version: 8.13.4
I have the only modification I can remember doing is: MASQUERADE_AS(`ipalaces.org')dnl
I can send emails perfectly to gmail accounts. Here is a sucessfull output of an email send to gmail:
Quote:
Delivered-To: paroxsitic@gmail.com Received: by 10.114.113.11 with SMTP id l11cs366927wac; Thu, 29 Mar 2007 10:05:09 -0700 (PDT) Received: by 10.70.80.14 with SMTP id d14mr1879830wxb.1175187909424; Thu, 29 Mar 2007 10:05:09 -0700 (PDT) Return-Path: <root@ipalaces.org> Received: from ipalaces.org (ipalaces.org [64.74.153.24]) by mx.google.com with ESMTP id h40si1247663wxd.2007.03.29.10.05.09; Thu, 29 Mar 2007 10:05:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of root@ipalaces.org designates 64.74.153.24 as permitted sender) Received: from ipalaces.org (ipalaces.org [127.0.0.1]) by ipalaces.org (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l2TH58SJ005383 for <paroxsitic@gmail.com>; Thu, 29 Mar 2007 13:05:08 -0400 Received: (from root@localhost) by ipalaces.org (8.13.4/8.13.4/Submit) id l2TH51kd005299 for paroxsitic@gmail.com; Thu, 29 Mar 2007 13:05:01 -0400 Date: Thu, 29 Mar 2007 13:05:01 -0400 From: root <root@ipalaces.org> Message-Id: <200703291705.l2TH51kd005299@ipalaces.org> To: undisclosed-recipients:;
This is a test of the body.
I originally thought the reason hotmail or yahoo didn't receive my emails was because I had no reverse DNS for the IP I was sending the emails out with. Therefore I had my VPS provider create one for my IP. It now reflects ipalaces.org with the IP I use to send out emails (64.74.153.24)
Even after the reverse DNS in place, hotmail nor yahoo could recieve my emails. I am now pretty much stump as to why. I have googled and scanned various other solutions and I havent found anything.
Here is a verbose output of using sendmail to an hotmail address of mine:
Quote:
ek_opteron@hotmail.com... Connecting to [127.0.0.1] port 587 via relay... 220 ipalaces.org ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge3; Thu, 29 Mar 2007 1 3:07:17 -0400; (No UCE/UBE) logging access from: ipalaces.org(OK)-ipalaces.org [ 127.0.0.1] >>> EHLO ipalaces.org 250-ipalaces.org Hello ipalaces.org [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP >>> VERB 250 2.0.0 Verbose mode >>> MAIL From:<root@ipalaces.org> SIZE=15 AUTH=root@ipalaces.org 250 2.1.0 <root@ipalaces.org>... Sender ok >>> RCPT To:<ek_opteron@hotmail.com> >>> DATA 250 2.1.5 <ek_opteron@hotmail.com>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 050 <ek_opteron@hotmail.com>... Connecting to mx3.hotmail.com. via esmtp... 050 220 bay0-mc8-f1.bay0.hotmail.com Sending unsolicited commercial or bulk e-ma il to Microsoft's computer network is prohibited. Other restrictions are found a t http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Thu, 29 Mar 2007 10:07:17 -0700 050 >>> EHLO ipalaces.org 050 250-bay0-mc8-f1.bay0.hotmail.com (3.3.2.16) Hello [64.74.153.24] 050 250-SIZE 29696000 050 250-PIPELINING 050 250-8bitmime 050 250-BINARYMIME 050 250-CHUNKING 050 250-AUTH LOGIN 050 250-AUTH=LOGIN 050 250 OK 050 >>> MAIL From:<root@ipalaces.org> SIZE=320 AUTH=<> 050 250 root@ipalaces.org....Sender OK 050 >>> RCPT To:<ek_opteron@hotmail.com> 050 >>> DATA 050 250 ek_opteron@hotmail.com 050 354 Start mail input; end with <CRLF>.<CRLF> 050 >>> . 050 250 <200703291707.l2TH7DSt007328@ipalaces.org> Queued mail for delivery 050 <ek_opteron@hotmail.com>... Sent ( <200703291707.l2TH7DSt007328@ipalaces.org > Queued mail for delivery) 250 2.0.0 l2TH7HeD007332 Message accepted for delivery ek_opteron@hotmail.com... Sent (l2TH7HeD007332 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 ipalaces.org closing connection
The main thing that strikes out to me is that hotmail says "Queued mail for delivery" whereas Gmail normally says "OKAY". It seems as hotmail gets the email, and then decides it's no good. I don't know if my IP is blacklisted or I have to change something in my configuration from 127.0.0.1 to my IP, or what I have to do.
I'm wondering if anyone else has experience with this, or if it's something easy that I'm overlooking.
I am on a VPS service (CentOS Linux) and I want my php mail function emails to send from a specified address. I've already manipulated the headers, so the emails do appear to come from the specified addres, but on mobile devices it comes up as nobody@server1.mydomain.com format. I would like this to read something like no-reply@mydomain.com
know which configuration files can change this default address?
I tried to configure Sendmail as e-mail MTA with ClamAV & SpamAssassin before my local network. I can send and receive e-mail but spamassassin doesn't filter them. Do you know where I should look for?
Lately I've been spending a lot of time grok'ing the Postfix logfile (i.e., /usr/local/psa/var/log/maillog) and I've been noticing a lot of authentication failures (and even one successful break-in).
Most entries are just a simple pair of log entries that includes the source IP address and then the details of the mailbox name, like this one:
Code: Aug 12 08:08:18 www postfix/smtpd[4805]: warning: unknown[162.255.86.250]: SASL LOGIN authentication failed: authentication failure Aug 12 08:08:20 www plesk_saslauthd[4434]: failed mail authenticatication attempt for user 'media@example.com' (password len=6)
[Code]....
How are these entries generated? i.e., Why mailbox name given right away some times (like the first example) while - other times - the account name isn't displayed for several seconds - almost ninety seconds in the second example?
I'm having issue with mails stuck in queue and take days to send out. I'm looking for a command or script solution that puts a priority to particular message or domain so their message can be sent first.
