Solved

Cannot send email to external email adress using IMAP

Posted on 2007-11-23
26
732 Views
Last Modified: 2013-11-29
I have a clean install of Ubuntu Server 7.10 with the email server option checked.
Sending and receiving seems to work fine when using Squirrelmail (webmail) for my email server.

However, when configuring an email client to use IMAP with this account, I can receive emails, but I can only send to internal mail adresses. If I send to external adresses the log says;

RCPT from unknown[<MY_IP_ADRESS>]: 554 5.7.1
Relay access denied

I don't know if the problem is the IMAP (dovecot) config or the Postfix config, or maybe it's a port problem? I assume the Ubuntu Mail server will require SSL (by default). The current ports that are open and related to this are 993, 25 and 465.

Any suggestions?
0
Comment
Question by:Skjori
  • 16
  • 10
26 Comments
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
The problem is not with IMAP but with your SMTP server, i.e. Postfix.  IMAP doesn't send mail and your client needs to point to the SMTP service for sending mail.

You may need to use authentication (username and password) to send to other domains (external e-mail) as this is to stop spammers.  It is called relaying, and it is normally disabled when not authenticated.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Most email clients support this, and you can try your login username and password that you use to get access to your mailbox.
0
 

Author Comment

by:Skjori
Comment Utility
Ok,
I see, but as my email client seems to either send sucsessfully or unsucessfully disregarding the username/password setup for smtp, I guess I haven't enabled authentication on my smtp service?
Is there a simple approach to do this, or do I have to go through a lot of steps.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
e-mail servers do not require authentication to send internally, but only externally.  So I still think this is the behaviour you are seeing.

What e-mail client are you using?  It should be on the SMTP server configuration that you set the parameters.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
To clarify that comment.  I think your server is requiring authentication, but it doesn't prompt you, it just allows anonymous sending internally and disallows anonymous sending externally.
0
 

Author Comment

by:Skjori
Comment Utility
Your last comment seems to be the case yes. I've tried different clients (Windows Mail, Thunderbird) and setup username,password (and tried different port alternatives) in the smtp settings.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Have you had any success using the username and password that you use to collect your e-mail?

Try looking at http://products.secureserver.net/email/email_thunderbird.htm, and in particular point (10) where it lets you put a username for the SMTP server.
0
 

Author Comment

by:Skjori
Comment Utility
Collecting the email is not a problem, but even if I add username and password in my smtp configuration as you suggest, these seems to be ignored when sending email.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Ok, it looks like Postfix isn't allowing authentication remotely.

Have a look at this:

https://help.ubuntu.com/7.04/server/C/postfix.html
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Whether or not you require TLS for authentication depends on whether you want access from the Internet, and whether you have a decent firewall in the way.

If you do not use TLS and your SMTP server is visible to the Internet, you leave yourself open to someone hijacking your SMTP server to send e-mail.  So the TLS option is well-advised, if your firewall cannot block SMTP authentication separately.
0
 

Author Comment

by:Skjori
Comment Utility
I will have a look at the links you provided although I've already been reading some of this I think.
Even if I have a decent firewall, I guess I should use TLS or SSL. Is there a big difference between these two? What ports should be opened on the router then?

Thanks so far..!

0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Not a big difference.  TLS is essential SSLv4.  SSLv2 has some issues, but SSLv3 is fine.  SSLv1 should not be used.  Normally SMTP servers use port 25 for both unencrypted and TLS communications, as the protocol itself is not encrypted initially, but rather a command is passed to initiate secure communications.

So just port 25 on the router, as already the case.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Skjori
Comment Utility
Ok.

Now I have configured my postfix with the receipt you provided in the link above. But now I'm being promted for the password a million times before I get the popup box:

"Sending of message failed,
The message could not be sent bacause connecting to SMTP server <server> failed. The server
may be unavailable or is refusing smtp connections. Please verify that your SMTP server setting is
correct and try again, or else contact your network administrator"

No I use Thunderbird connection type
IMAP Mail Server port 143
SMTP server TLS/Port 25
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Have you told Thunderbird to use TLS?

Try using telnet to access your SMTP server and see if it responds as per the example in the https://help.ubuntu.com/7.10/server/C/postfix.html link.

Let me know if it has a different output...
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Note, if you turn off SMTP authentication you should still be able to send internal mail, as per your original configuration.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Try also http://forums.rimuhosting.com/forums/showthread.php?t=260

Are you using a virtual user configuration.  This is where the mailboxes do not correspond to individual Linux user accounts.

Perhaps you could review the log files in /var/log (system, messages and mail are good candidates).  These may give more detail on the particular error that is occurring when Thunderbird attempts to authenticate you.
0
 

Author Comment

by:Skjori
Comment Utility
The output from telnet is as expected here.
I'm not using a virtual user. The user is an actual user on this ubuntu server.

However, I've been looking into /var/log/mail.log while trying to send a mail in Thunderbird, and the output is as follows when prompted for password, and after entered password;


postfix/smtpd[4546]: TLS connection established from unknown[<ip_adress>]: TLSv1 with cipher <cipher> (256/256 bits)
postfix/smtpd[4546]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
postfix/smtpd[4546]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[4546]: warning: unknown[<ip_adress>]: SASL PLAIN authentication failed: generic failure
postfix/smtpd[4546]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied


I don't know why it won't accept my password,, but I see that I use TLSv1. Is that a problem?
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
TLSv1 is fine.  It looks more like sasl is either not installed or not accepting queries from postfix.

Can you do a

   ps -A |grep saslauthd

to check saslauthd is running.

Also, check the /etc/postfix/sasl/smtpd.conf file as per the instructions in the Ubuntu help linked earlier (see the section SMTP Authentication).

Try restarting your Ubuntu server if you can, as this is the easiest way to make sure everything is using up-to-date configurations.  You can tell processes to restart manually, but you need to make sure you catch everything!
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Basically, what is happening is this:

1.  Thunderbird connects to Postfix and initiates TLS
2.  Thunderbird supplies credentials
3.  Postfix asks SASL to authenticate you
4.  SASL ignores or refuses Postfix
5.  Postfix cannot authenticate you and denies access
0
 

Author Comment

by:Skjori
Comment Utility
Output from ps -A |grep saslauthd;

 4638 ?        00:00:00 saslauthd
 4639 ?        00:00:00 saslauthd
 4640 ?        00:00:00 saslauthd
 4643 ?        00:00:00 saslauthd
 4644 ?        00:00:00 saslauthd

I've checked /etc/postfix/sasl/smtpd.conf and it's according to the desciption provided above.

One thing I noticed is that the file /etc/default/saslauthd on my system have some additional arguments not mentioned here https://help.ubuntu.com/7.10/server/C/postfix.html. Maybe that's causing some problems?

I've restarted the server and the same result seem to apply still.

0
 

Author Comment

by:Skjori
Comment Utility
The file /etc/postfix/sasl/smtpd.conf looks like this;



#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"


# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 500 total points
Comment Utility
I'm afraid I'm off to bed now, but I'll give some more time to this as I am able.

The steps will basically be to look at each configuration file in turn, and to compare with the behaviour in the logs.

It is clear to me that the problem is that Postfix is not communicating correctly with SASL.

In the meantime, see if https://bugs.launchpad.net/ubuntu-doc/+bug/128182 helps.
0
 

Author Comment

by:Skjori
Comment Utility
Actually the final link you provided made the whole difference!

After adding user postfix to group sasl everything seems to be working :)!
I've also successfully configured the iPhone mail client with this mail server (using IMAP).

Thanks a lot for all your effort Steve! Wish I had more than 500 points for you.


0
 

Author Closing Comment

by:Skjori
Comment Utility
My best experience with Experts Exchange until today!
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
You're welcome.

Glad it worked, and hopefully you are much more confident with this mail server now!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now