• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 764
  • Last Modified:

Cannot send email to external email adress using IMAP

I have a clean install of Ubuntu Server 7.10 with the email server option checked.
Sending and receiving seems to work fine when using Squirrelmail (webmail) for my email server.

However, when configuring an email client to use IMAP with this account, I can receive emails, but I can only send to internal mail adresses. If I send to external adresses the log says;

RCPT from unknown[<MY_IP_ADRESS>]: 554 5.7.1
Relay access denied

I don't know if the problem is the IMAP (dovecot) config or the Postfix config, or maybe it's a port problem? I assume the Ubuntu Mail server will require SSL (by default). The current ports that are open and related to this are 993, 25 and 465.

Any suggestions?
0
Skjori
Asked:
Skjori
  • 16
  • 10
1 Solution
 
SteveH_UKCommented:
The problem is not with IMAP but with your SMTP server, i.e. Postfix.  IMAP doesn't send mail and your client needs to point to the SMTP service for sending mail.

You may need to use authentication (username and password) to send to other domains (external e-mail) as this is to stop spammers.  It is called relaying, and it is normally disabled when not authenticated.
0
 
SteveH_UKCommented:
Most email clients support this, and you can try your login username and password that you use to get access to your mailbox.
0
 
SkjoriAuthor Commented:
Ok,
I see, but as my email client seems to either send sucsessfully or unsucessfully disregarding the username/password setup for smtp, I guess I haven't enabled authentication on my smtp service?
Is there a simple approach to do this, or do I have to go through a lot of steps.
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
SteveH_UKCommented:
e-mail servers do not require authentication to send internally, but only externally.  So I still think this is the behaviour you are seeing.

What e-mail client are you using?  It should be on the SMTP server configuration that you set the parameters.
0
 
SteveH_UKCommented:
To clarify that comment.  I think your server is requiring authentication, but it doesn't prompt you, it just allows anonymous sending internally and disallows anonymous sending externally.
0
 
SkjoriAuthor Commented:
Your last comment seems to be the case yes. I've tried different clients (Windows Mail, Thunderbird) and setup username,password (and tried different port alternatives) in the smtp settings.
0
 
SteveH_UKCommented:
Have you had any success using the username and password that you use to collect your e-mail?

Try looking at http://products.secureserver.net/email/email_thunderbird.htm, and in particular point (10) where it lets you put a username for the SMTP server.
0
 
SkjoriAuthor Commented:
Collecting the email is not a problem, but even if I add username and password in my smtp configuration as you suggest, these seems to be ignored when sending email.
0
 
SteveH_UKCommented:
Ok, it looks like Postfix isn't allowing authentication remotely.

Have a look at this:

https://help.ubuntu.com/7.04/server/C/postfix.html
0
 
SteveH_UKCommented:
0
 
SteveH_UKCommented:
Whether or not you require TLS for authentication depends on whether you want access from the Internet, and whether you have a decent firewall in the way.

If you do not use TLS and your SMTP server is visible to the Internet, you leave yourself open to someone hijacking your SMTP server to send e-mail.  So the TLS option is well-advised, if your firewall cannot block SMTP authentication separately.
0
 
SkjoriAuthor Commented:
I will have a look at the links you provided although I've already been reading some of this I think.
Even if I have a decent firewall, I guess I should use TLS or SSL. Is there a big difference between these two? What ports should be opened on the router then?

Thanks so far..!

0
 
SteveH_UKCommented:
Not a big difference.  TLS is essential SSLv4.  SSLv2 has some issues, but SSLv3 is fine.  SSLv1 should not be used.  Normally SMTP servers use port 25 for both unencrypted and TLS communications, as the protocol itself is not encrypted initially, but rather a command is passed to initiate secure communications.

So just port 25 on the router, as already the case.
0
 
SkjoriAuthor Commented:
Ok.

Now I have configured my postfix with the receipt you provided in the link above. But now I'm being promted for the password a million times before I get the popup box:

"Sending of message failed,
The message could not be sent bacause connecting to SMTP server <server> failed. The server
may be unavailable or is refusing smtp connections. Please verify that your SMTP server setting is
correct and try again, or else contact your network administrator"

No I use Thunderbird connection type
IMAP Mail Server port 143
SMTP server TLS/Port 25
0
 
SteveH_UKCommented:
Have you told Thunderbird to use TLS?

Try using telnet to access your SMTP server and see if it responds as per the example in the https://help.ubuntu.com/7.10/server/C/postfix.html link.

Let me know if it has a different output...
0
 
SteveH_UKCommented:
Note, if you turn off SMTP authentication you should still be able to send internal mail, as per your original configuration.
0
 
SteveH_UKCommented:
Try also http://forums.rimuhosting.com/forums/showthread.php?t=260

Are you using a virtual user configuration.  This is where the mailboxes do not correspond to individual Linux user accounts.

Perhaps you could review the log files in /var/log (system, messages and mail are good candidates).  These may give more detail on the particular error that is occurring when Thunderbird attempts to authenticate you.
0
 
SkjoriAuthor Commented:
The output from telnet is as expected here.
I'm not using a virtual user. The user is an actual user on this ubuntu server.

However, I've been looking into /var/log/mail.log while trying to send a mail in Thunderbird, and the output is as follows when prompted for password, and after entered password;


postfix/smtpd[4546]: TLS connection established from unknown[<ip_adress>]: TLSv1 with cipher <cipher> (256/256 bits)
postfix/smtpd[4546]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
postfix/smtpd[4546]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[4546]: warning: unknown[<ip_adress>]: SASL PLAIN authentication failed: generic failure
postfix/smtpd[4546]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied


I don't know why it won't accept my password,, but I see that I use TLSv1. Is that a problem?
0
 
SteveH_UKCommented:
TLSv1 is fine.  It looks more like sasl is either not installed or not accepting queries from postfix.

Can you do a

   ps -A |grep saslauthd

to check saslauthd is running.

Also, check the /etc/postfix/sasl/smtpd.conf file as per the instructions in the Ubuntu help linked earlier (see the section SMTP Authentication).

Try restarting your Ubuntu server if you can, as this is the easiest way to make sure everything is using up-to-date configurations.  You can tell processes to restart manually, but you need to make sure you catch everything!
0
 
SteveH_UKCommented:
Basically, what is happening is this:

1.  Thunderbird connects to Postfix and initiates TLS
2.  Thunderbird supplies credentials
3.  Postfix asks SASL to authenticate you
4.  SASL ignores or refuses Postfix
5.  Postfix cannot authenticate you and denies access
0
 
SkjoriAuthor Commented:
Output from ps -A |grep saslauthd;

 4638 ?        00:00:00 saslauthd
 4639 ?        00:00:00 saslauthd
 4640 ?        00:00:00 saslauthd
 4643 ?        00:00:00 saslauthd
 4644 ?        00:00:00 saslauthd

I've checked /etc/postfix/sasl/smtpd.conf and it's according to the desciption provided above.

One thing I noticed is that the file /etc/default/saslauthd on my system have some additional arguments not mentioned here https://help.ubuntu.com/7.10/server/C/postfix.html. Maybe that's causing some problems?

I've restarted the server and the same result seem to apply still.

0
 
SkjoriAuthor Commented:
The file /etc/postfix/sasl/smtpd.conf looks like this;



#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"


# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
0
 
SteveH_UKCommented:
I'm afraid I'm off to bed now, but I'll give some more time to this as I am able.

The steps will basically be to look at each configuration file in turn, and to compare with the behaviour in the logs.

It is clear to me that the problem is that Postfix is not communicating correctly with SASL.

In the meantime, see if https://bugs.launchpad.net/ubuntu-doc/+bug/128182 helps.
0
 
SkjoriAuthor Commented:
Actually the final link you provided made the whole difference!

After adding user postfix to group sasl everything seems to be working :)!
I've also successfully configured the iPhone mail client with this mail server (using IMAP).

Thanks a lot for all your effort Steve! Wish I had more than 500 points for you.


0
 
SkjoriAuthor Commented:
My best experience with Experts Exchange until today!
0
 
SteveH_UKCommented:
You're welcome.

Glad it worked, and hopefully you are much more confident with this mail server now!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 16
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now