ISP bounces email
in [Postfix]
|
Prev: TLS Client certificate expiry?
Next: Receipent Access
From: Frank Shute on 16 May 2010 15:52 Hi, My ISP suddenly started bouncing my mail. I phoned them up and they started saying "In profiles do...". I pointed out at that point that I used Unix and the tech took fright & said that he'd get somebody to ring me back; nobody ever did. I assume that they've added some sort of authentication scheme on their mail server in addition to IP based. Beforehand I could push mail to their server without any special setup. They run Sendmail on Linux IIRC. I tried setting up cyrus-sasl with my Postfix running on FreeBSD-8-STABLE. This is what I did: added the lines: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd to main.cf put this in /usr/local/etc/postfix/sasl_passwd [mail.zetnet.co.uk] esperance.zetnet.co.uk:XXXXX since I've got a pop3 email address of: frank(a)esperance.zetnet.co.uk # postmap sasl_passwd # postfix reload This is what I get in maillog when trying to send mail (I cranked up debug to 3): May 16 20:38:33 orange postfix/pickup[44725]: 5ACCF33C1F: uid=1001 from=<frank> May 16 20:38:33 orange postfix/cleanup[44736]: 5ACCF33C1F: message-id=<201005161 93833.GA44727(a)orange.esperance-linux.co.uk> May 16 20:38:33 orange postfix/qmgr[44726]: 5ACCF33C1F: from=<frank(a)esperance-li nux.co.uk>, size=766, nrcpt=1 (queue active) May 16 20:38:34 orange postfix/smtp[44738]: vstream_buf_get_ready: fd 13 got 92 May 16 20:38:34 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25 : 220 mail108c26.carrierzone.com ESMTP Sendmail 8.13.6/8.13.1; Sun, 16 May 2010 19:38:33 GMT May 16 20:38:34 orange postfix/smtp[44738]: > mail.zetnet.co.uk[64.29.151.40]:25 : EHLO orange.esperance-linux.co.uk May 16 20:38:34 orange postfix/smtp[44738]: vstream_fflush_some: fd 13 flush 35 May 16 20:38:35 orange postfix/smtp[44738]: vstream_buf_get_ready: fd 13 got 217 May 16 20:38:35 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25 : 250-8BITMIME May 16 20:38:35 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25: 250-SIZE 52428800 May 16 20:38:35 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25: 250-DSN May 16 20:38:35 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25: 250-AUTH PLAIN LOGIN May 16 20:38:35 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25: 250-DELIVERBY May 16 20:38:35 orange postfix/smtp[44738]: < mail.zetnet.co.uk[64.29.151.40]:25: 250 HELP May 16 20:38:35 orange postfix/smtp[44738]: server features: 0x902b size 52428800 May 16 20:38:35 orange postfix/smtp[44738]: maps_find: smtp_sasl_passwd: mail.zetnet.co.uk: not found May 16 20:38:35 orange postfix/smtp[44738]: maps_find: smtp_sasl_passwd: hash:/usr/local/etc/postfix/sasl_passwd(0,lock|fold_fix): [mail.zetnet.co.uk] = esperance.zetnet.co.uk:XXXXX May 16 20:38:35 orange postfix/smtp[44738]: smtp_sasl_passwd_lookup: host `mail.zetnet.co.uk' user `esperance.zetnet.co.uk' pass `XXXX' May 16 20:38:35 orange postfix/smtp[44738]: starting new SASL client May 16 20:38:35 orange postfix/smtp[44738]: name_mask: noplaintext May 16 20:38:35 orange postfix/smtp[44738]: name_mask: noanonymous May 16 20:38:35 orange postfix/smtp[44738]: smtp_sasl_authenticate: mail.zetnet.co.uk[64.29.151.40]:25: SASL mechanisms PLAIN LOGIN May 16 20:38:35 orange postfix/smtp[44738]: warning: SASL authentication failure: No worthy mechs found May 16 20:38:35 orange postfix/smtp[44738]: connect to subsystem private/defer May 16 20:38:35 orange postfix/smtp[44738]: send attr nrequest = 0 May 16 20:38:35 orange postfix/smtp[44738]: send attr flags = 0 May 16 20:38:35 orange postfix/smtp[44738]: send attr queue_id = 5ACCF33C1F May 16 20:38:35 orange postfix/smtp[44738]: send attr original_recipient = freebsd-test(a)freebsd.org May 16 20:38:35 orange postfix/smtp[44738]: send attr recipient = freebsd-test(a)freebsd.org May 16 20:38:35 orange postfix/smtp[44738]: send attr offset = 215 May 16 20:38:35 orange postfix/smtp[44738]: send attr dsn_orig_rcpt = May 16 20:38:35 orange postfix/smtp[44738]: send attr notify_flags = 0 May 16 20:38:35 orange postfix/smtp[44738]: send attr status = 4.7.0 May 16 20:38:35 orange postfix/smtp[44738]: send attr diag_type = x-sasl May 16 20:38:35 orange postfix/smtp[44738]: send attr diag_text = no mechanism a vailable May 16 20:38:35 orange postfix/smtp[44738]: send attr mta_type = May 16 20:38:35 orange postfix/smtp[44738]: send attr mta_mname = May 16 20:38:35 orange postfix/smtp[44738]: send attr action = delayed May 16 20:38:35 orange postfix/smtp[44738]: send attr reason = SASL authentication failed; cannot authenticate to server mail.zetnet.co.uk[64.29.151.40]: no mechanism available May 16 20:38:35 orange postfix/smtp[44738]: vstream_fflush_some: fd 14 flush 380 May 16 20:38:35 orange postfix/smtp[44738]: vstream_buf_get_ready: fd 14 got 10 May 16 20:38:35 orange postfix/smtp[44738]: private/defer socket: wanted attribute: status May 16 20:38:35 orange postfix/smtp[44738]: input attribute name: status May 16 20:38:35 orange postfix/smtp[44738]: input attribute value: 0 May 16 20:38:35 orange postfix/smtp[44738]: private/defer socket: wanted attribute: (list terminator) May 16 20:38:35 orange postfix/smtp[44738]: input attribute name: (end) May 16 20:38:35 orange postfix/smtp[44738]: 5ACCF33C1F: to=<freebsd-test(a)freebsd.org>, relay=mail.zetnet.co.uk[64.29.151.40]:25, delay=1.7, delays=0.01/0.01/1.7/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.zetnet.co.uk[64.29.151.40]: no mechanism available) May 16 20:38:35 orange postfix/smtp[44738]: flush_add: site freebsd.org id 5ACCF33C1F May 16 20:38:35 orange postfix/smtp[44738]: match_hostname: freebsd.org ~? orange.esperance-linux.co.uk May 16 20:38:35 orange postfix/smtp[44738]: match_hostname: freebsd.org ~? localhost.esperance-linux.co.uk May 16 20:38:35 orange postfix/smtp[44738]: match_hostname: freebsd.org ~? localhost May 16 20:38:35 orange postfix/smtp[44738]: match_hostname: freebsd.org ~? esperance-linux.co.uk May 16 20:38:35 orange postfix/smtp[44738]: match_hostname: freebsd.org ~? shute.org.uk May 16 20:38:35 orange postfix/smtp[44738]: match_list_match: freebsd.org: no match May 16 20:38:35 orange postfix/smtp[44738]: flush_add: site freebsd.org id 5ACCF33C1F status 4 May 16 20:38:35 orange postfix/smtp[44738]: > mail.zetnet.co.uk[64.29.151.40]:25: QUIT May 16 20:38:35 orange postfix/smtp[44738]: name_mask: resource May 16 20:38:35 orange postfix/smtp[44738]: name_mask: software May 16 20:38:35 orange postfix/smtp[44738]: vstream_fflush_some: fd 13 flush 6 May 16 20:38:35 orange postfix/smtp[44738]: disposing SASL state information Am I totally barking up the wrong tree? Or is my setup wrong? Many TIA. -- Frank Shute
From: John Peach on 16 May 2010 16:05 On Sun, 16 May 2010 20:52:54 +0100 Frank Shute <boyshute(a)googlemail.com> wrote: > Hi, > > My ISP suddenly started bouncing my mail. > > I phoned them up and they started saying "In profiles do...". I > pointed out at that point that I used > Unix and the tech took fright & said that he'd get somebody to ring me > back; nobody ever did. Maybe you should have listened to what he had to say; it's trivial to extrapolate the necessities once you know the windoze setup. > > I assume that they've added some sort of authentication scheme on > their mail server in addition > to IP based. Beforehand I could push mail to their server without any > special setup. > > They run Sendmail on Linux IIRC. > > I tried setting up cyrus-sasl with my Postfix running on FreeBSD-8-STABLE. > > This is what I did: > > added the lines: > > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd I also have: smtp_sasl_security_options = > > to main.cf > > put this in /usr/local/etc/postfix/sasl_passwd > > [mail.zetnet.co.uk] esperance.zetnet.co.uk:XXXXX > > since I've got a pop3 email address of: frank@. I would have expected the login to be frank(a)esperance.zetnet.co.uk not just esperance.zetnet.co.uk However, you really need to ask your ISP what mechanism they are using. [snip] -- John
From: Sahil Tandon on 16 May 2010 16:20 On Sun, 16 May 2010, Frank Shute wrote: > I tried setting up cyrus-sasl with my Postfix running on FreeBSD-8-STABLE. > > This is what I did: > > added the lines: > > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd > > to main.cf > > put this in /usr/local/etc/postfix/sasl_passwd > > [mail.zetnet.co.uk] esperance.zetnet.co.uk:XXXXX The RHS of this map should be in the form of username:password, as used to authenticate with mail.zetnet.co.uk. > mail.zetnet.co.uk[64.29.151.40]:25: SASL mechanisms PLAIN LOGIN > May 16 20:38:35 orange postfix/smtp[44738]: warning: SASL > authentication failure: No worthy mechs found This is because your ISP's mail server announces "AUTH PLAIN LOGIN" and by default: smtp_sasl_security_options = noplaintext, noanonymous You could lower the default security standards by removing 'noplaintext' from the above declaration, but that is not recommended. For more, check out the SASL_README. -- Sahil Tandon <sahil(a)FreeBSD.org>
From: Frank Shute on 16 May 2010 17:04 On Sun, May 16, 2010 at 9:20 PM, Sahil Tandon <sahil(a)freebsd.org> wrote: > On Sun, 16 May 2010, Frank Shute wrote: > >> I tried setting up cyrus-sasl with my Postfix running on FreeBSD-8-STABLE. >> >> This is what I did: >> >> added the lines: >> >> smtp_sasl_auth_enable = yes >> smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd >> >> to main.cf >> >> put this in /usr/local/etc/postfix/sasl_passwd >> >> [mail.zetnet.co.uk] esperance.zetnet.co.uk:XXXXX > > The RHS of this map should be in the form of username:password, as used > to authenticate with mail.zetnet.co.uk. > >> mail.zetnet.co.uk[64.29.151.40]:25: SASL mechanisms PLAIN LOGIN >> May 16 20:38:35 orange postfix/smtp[44738]: warning: SASL >> authentication failure: No worthy mechs found > > This is because your ISP's mail server announces "AUTH PLAIN LOGIN" and > by default: > > smtp_sasl_security_options = noplaintext, noanonymous > > You could lower the default security standards by removing 'noplaintext' > from the above declaration, but that is not recommended. For more, > check out the SASL_README. Sahil, like most FreeBSD users you are a genius ;) My O'Reilly book didn't mention smtp_sasl_security_options or more likely I missed it. I dropped the noplaintext declaration and I got "authentication failed" which is a big improvement. Despite using a variety of combos of my username & password, I got nowhere. So I decided to try pushing mail through my hosting provider and that worked! No more crappy webmail! I'll look at the README and see how I can tighten up the ship. Many thanks. -- Frank
From: Sahil Tandon on 16 May 2010 17:30
On Sun, 16 May 2010, Frank Shute wrote: > So I decided to try pushing mail through my hosting provider and that > worked! No more crappy webmail! If your hosting provider supports TLS, then you could safely send your username and password in plaintext over an encrypted session. -- Sahil Tandon <sahil(a)FreeBSD.org> |