Can't connect to SMTP over 587

email smtp email-server sasl

11,988

SASL Authentication Check List

Base on question and comments, sasl may not be setup correctly. Following check list is created base on Ubunut Guide provided in question.

Check file/etc/postfix/sasl/smtpd.conf, should be like following
```
pwcheck_method: saslauthd
mech_list: plain login
```

Check libsasl installed

dpkg -l | grep sasl

Should have the following (version number may differ)

ii  libsasl2-2           2.1.25.dfsg1-4    Cyrus SASL - authentication abstraction library
ii  libsasl2-modules     2.1.25.dfsg1-4    Cyrus SASL - pluggable authentication modules
ii  sasl2-bin            2.1.25.dfsg1-4    Cyrus SASL - administration programs for SASL users database

Check saslauthd is running
```
ps -ef | grep sasl
```

Check saslauthd PWDIR

grep PWDIR /etc/default/saslauthd

Output should be

PWDIR="/var/spool/postfix/var/run/saslauthd"

Postfix submission/587

/etc/postfix/master.cf

The Ubuntu guide only un-comment one line

submission inet n       -       -       -       -       smtpd

Try ucomment the whole section, including the options following it

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Then restart postfix

sudo service postfix restart

Double check your smtp login name

Since the guide is not using virtual user, your smtp login name should be joe only, not [email protected]. Double check email clients on your deivces/computers/webservices(gmail) are NOT using your email address as smtp login name. (Many do that for you. You will have to manually change it if so.)
Remove Password Map

I believe you are authenticating against local Linux account, not virtual user. Remove the following lines in /etc/postfix/main.cf
```
# password maps will not work. Customer must provide credentials
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
```

11,988

Julio

Updated on September 18, 2022

Comments

Julio almost 2 years

I am setting up a mail server, on Ubuntu, based on: https://help.ubuntu.com/community/Postfix

Currently, I can both send and receive email from the server. However, attempts to send email through SMTP from gmail fail with a bad authentication. I've verified my password, ensured that the port is open, and am able to telnet to the IP and port.

Telnet output (from remote host)

Computer:~ Louis$ telnet mail.mysite.com 587
Trying 71.66.218.124...
Connected to mail.mysite.com (71.66.218.124).
Escape character is '^]'.
220 mail.mysite.com ESMTP Postfix
ehlo mail.mysite.com
250-mail.mysite.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-AUTH=DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

And, testing my login information:

sudo testsaslauthd -u jon -p ********
0: OK "Success."

And currently listening ports:

netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp6       0      0 :::587                  :::*                    LISTEN     
tcp6       0      0 :::110                  :::*                    LISTEN     
tcp6       0      0 :::143                  :::*                    LISTEN     
tcp6       0      0 :::4949                 :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN

Any idea why I cannot remotely configure my SMTP to send email?

EDIT

I am preferential to gmail's interface, and would like to aggregate all of my mail on one online service. I can add my POP3 account on gmail (settings > accounts > Add a POP3 Mail Account Of Your Own). After successfully authenticating with my server, I am asked if I'd like to send email through my servers smtp, to which I say yes. When I try and login, I get the following message:

Authentication failed. Please check your username/password. [Server response: 535 5.7.8 Error: authentication failed: authentication failure code(535) ]

I should note, this is not a gmail problem - I cannot authenticate from ANY device or application over smtp. However, I can authenticate using the tools on the server, and over telnet . . .

EDIT 2

Errors from /var/log/mail.log

Feb 2 14:52:42 Mysite postfix/smtpd[16527]: connect from mail-ea0-f76.google.com[102.85.215.76] Feb 2 14:52:43 Mysite postfix/smtpd[16527]: Anonymous TLS connection established from mail-ea0-f76.google.com[102.85.215.76]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) Feb 2 14:52:43 Mysite postfix/smtpd[16527]: warning: SASL authentication failure: Password verification failed Feb 2 14:52:43 Mysite postfix/smtpd[16527]: warning: mail-ea0-f76.google.com[102.85.215.76]: SASL PLAIN authentication failed: authentication failure Feb 2 14:52:43 Mysite postfix/smtpd[16527]: disconnect from mail-ea0-f76.google.com[102.85.215.76]

EDIT 3 Here's my /etc/postfix/main.cf as requested.

mydomain = mysite.com
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_sasl_auth_enable = yes
# password maps will not work. Customer must provide credentials
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name 
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = mysite.localdomain, mysite, localhost.localdomain, localhost, mail.mysite.com, mysite.com
relayhost = 
mynetworks = 127.0.0.0/8
inet_interfaces = all
mailbox_size_limit = 0
recipient_delimiter = +
myorigin = mysite.com
inet_protocols = all
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = mail.mysite.com 
home_mailbox = Maildir/
mailbox_command = 
virtual_alias_domains = mysite.com
virtual_alias_maps = hash:/etc/postfix/virtual

mgorven over 11 years

How does Gmail fit into the picture? What is the actual error message and what is providing it?
Julio over 11 years

In gmail you can add an external account. Since I have several accounts, and prefer gmail's interface to other online options, I'd like to also add my site's email account to my gmail account. I've edited my post to reflect this information.
mgorven over 11 years

What do the server logs say?
Julio over 11 years

Edited to show the error in the logs.

Gryphius over 11 years

nope, 587 is not encrypted by default, STARTTLS is perfectly ok on that port. you probably confused with 465
Falcon Momot over 11 years

He is right about the use of 587. However, you must not require authentication for incoming messages bound for local delivery. Think about this.
Julio over 11 years

Not concerned with local delivery. I need the smtp to relay my messages as outgoing so I need to authenticate.
Julio over 11 years

Nope, this did not work.
John Siu over 11 years

Please add /etc/postfix/main.cf in your question.
Julio over 11 years

I don't have the mentioned configuration files, as they appear to be for Mutt(?).
Julio over 11 years

Added under edit #3.
John Siu over 11 years

Check #3. I believe you are using local linux user, not virtual user.
John Siu over 11 years

BTW, is your server receiving incoming email at all?
Julio over 11 years

Yup, I can receive email on the server just fine. I can also send email out successfully using the mail command. Can you elaborate on what I should check for? Do I need to create the virtual user for stmp?
John Siu over 11 years

In my answer (3). Comment out the line in main.cf.
Julio over 11 years

Lines removed, but still cannot login. Same error as before.
John Siu over 11 years

"SASL Authentication check List" section added.
Julio over 11 years

#1 in the checklist was the problem. Thanks!