Can't connect to SMTP over 587
SASL Authentication Check List
Base on question and comments, sasl may not be setup correctly. Following check list is created base on Ubunut Guide provided in question.
-
Check file
/etc/postfix/sasl/smtpd.conf
, should be like followingpwcheck_method: saslauthd mech_list: plain login
-
Check libsasl installed
dpkg -l | grep sasl
Should have the following (version number may differ)
ii libsasl2-2 2.1.25.dfsg1-4 Cyrus SASL - authentication abstraction library ii libsasl2-modules 2.1.25.dfsg1-4 Cyrus SASL - pluggable authentication modules ii sasl2-bin 2.1.25.dfsg1-4 Cyrus SASL - administration programs for SASL users database
-
Check saslauthd is running
ps -ef | grep sasl
-
Check saslauthd
PWDIR
grep PWDIR /etc/default/saslauthd
Output should be
PWDIR="/var/spool/postfix/var/run/saslauthd"
Postfix submission/587
-
/etc/postfix/master.cf
The Ubuntu guide only un-comment one line
submission inet n - - - - smtpd
Try ucomment the whole section, including the options following it
submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Then restart postfix
sudo service postfix restart
-
Double check your smtp login name
Since the guide is not using virtual user, your smtp login name should be
joe
only, not[email protected]
. Double check email clients on your deivces/computers/webservices(gmail) are NOT using your email address as smtp login name. (Many do that for you. You will have to manually change it if so.) -
Remove Password Map
I believe you are authenticating against local Linux account, not virtual user. Remove the following lines in
/etc/postfix/main.cf
# password maps will not work. Customer must provide credentials smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Related videos on Youtube
Julio
Updated on September 18, 2022Comments
-
Julio almost 2 years
I am setting up a mail server, on Ubuntu, based on: https://help.ubuntu.com/community/Postfix
Currently, I can both send and receive email from the server. However, attempts to send email through SMTP from gmail fail with a bad authentication. I've verified my password, ensured that the port is open, and am able to telnet to the IP and port.
Telnet output (from remote host)
Computer:~ Louis$ telnet mail.mysite.com 587 Trying 71.66.218.124... Connected to mail.mysite.com (71.66.218.124). Escape character is '^]'. 220 mail.mysite.com ESMTP Postfix ehlo mail.mysite.com 250-mail.mysite.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-AUTH=DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
And, testing my login information:
sudo testsaslauthd -u jon -p ******** 0: OK "Success."
And currently listening ports:
netstat -ln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp6 0 0 :::587 :::* LISTEN tcp6 0 0 :::110 :::* LISTEN tcp6 0 0 :::143 :::* LISTEN tcp6 0 0 :::4949 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::25 :::* LISTEN
Any idea why I cannot remotely configure my SMTP to send email?
EDIT
I am preferential to gmail's interface, and would like to aggregate all of my mail on one online service. I can add my POP3 account on gmail (settings > accounts > Add a POP3 Mail Account Of Your Own). After successfully authenticating with my server, I am asked if I'd like to send email through my servers smtp, to which I say yes. When I try and login, I get the following message:
Authentication failed. Please check your username/password. [Server response: 535 5.7.8 Error: authentication failed: authentication failure code(535) ]
I should note, this is not a gmail problem - I cannot authenticate from ANY device or application over smtp. However, I can authenticate using the tools on the server, and over telnet . . .
EDIT 2
Errors from /var/log/mail.log
Feb 2 14:52:42 Mysite postfix/smtpd[16527]: connect from mail-ea0-f76.google.com[102.85.215.76] Feb 2 14:52:43 Mysite postfix/smtpd[16527]: Anonymous TLS connection established from mail-ea0-f76.google.com[102.85.215.76]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) Feb 2 14:52:43 Mysite postfix/smtpd[16527]: warning: SASL authentication failure: Password verification failed Feb 2 14:52:43 Mysite postfix/smtpd[16527]: warning: mail-ea0-f76.google.com[102.85.215.76]: SASL PLAIN authentication failed: authentication failure Feb 2 14:52:43 Mysite postfix/smtpd[16527]: disconnect from mail-ea0-f76.google.com[102.85.215.76]
EDIT 3 Here's my /etc/postfix/main.cf as requested.
mydomain = mysite.com biff = no append_dot_mydomain = no smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_sasl_auth_enable = yes # password maps will not work. Customer must provide credentials smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = mysite.localdomain, mysite, localhost.localdomain, localhost, mail.mysite.com, mysite.com relayhost = mynetworks = 127.0.0.0/8 inet_interfaces = all mailbox_size_limit = 0 recipient_delimiter = + myorigin = mysite.com inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom myhostname = mail.mysite.com home_mailbox = Maildir/ mailbox_command = virtual_alias_domains = mysite.com virtual_alias_maps = hash:/etc/postfix/virtual
-
mgorven over 11 yearsHow does Gmail fit into the picture? What is the actual error message and what is providing it?
-
Julio over 11 yearsIn gmail you can add an external account. Since I have several accounts, and prefer gmail's interface to other online options, I'd like to also add my site's email account to my gmail account. I've edited my post to reflect this information.
-
mgorven over 11 yearsWhat do the server logs say?
-
Julio over 11 yearsEdited to show the error in the logs.
-
-
Gryphius over 11 yearsnope, 587 is not encrypted by default, STARTTLS is perfectly ok on that port. you probably confused with 465
-
Falcon Momot over 11 yearsHe is right about the use of 587. However, you must not require authentication for incoming messages bound for local delivery. Think about this.
-
Julio over 11 yearsNot concerned with local delivery. I need the smtp to relay my messages as outgoing so I need to authenticate.
-
Julio over 11 yearsNope, this did not work.
-
John Siu over 11 yearsPlease add
/etc/postfix/main.cf
in your question. -
Julio over 11 yearsI don't have the mentioned configuration files, as they appear to be for Mutt(?).
-
Julio over 11 yearsAdded under edit #3.
-
John Siu over 11 yearsCheck #3. I believe you are using local linux user, not virtual user.
-
John Siu over 11 yearsBTW, is your server receiving incoming email at all?
-
Julio over 11 yearsYup, I can receive email on the server just fine. I can also send email out successfully using the mail command. Can you elaborate on what I should check for? Do I need to create the virtual user for stmp?
-
John Siu over 11 yearsIn my answer (3). Comment out the line in main.cf.
-
Julio over 11 yearsLines removed, but still cannot login. Same error as before.
-
John Siu over 11 years"SASL Authentication check List" section added.
-
Julio over 11 years#1 in the checklist was the problem. Thanks!