Solved

Cannot send email to external email adress using IMAP

Posted on 2007-11-23
26
747 Views
Last Modified: 2013-11-29
I have a clean install of Ubuntu Server 7.10 with the email server option checked.
Sending and receiving seems to work fine when using Squirrelmail (webmail) for my email server.

However, when configuring an email client to use IMAP with this account, I can receive emails, but I can only send to internal mail adresses. If I send to external adresses the log says;

RCPT from unknown[<MY_IP_ADRESS>]: 554 5.7.1
Relay access denied

I don't know if the problem is the IMAP (dovecot) config or the Postfix config, or maybe it's a port problem? I assume the Ubuntu Mail server will require SSL (by default). The current ports that are open and related to this are 993, 25 and 465.

Any suggestions?
0
Comment
Question by:Skjori
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 10
26 Comments
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20339382
The problem is not with IMAP but with your SMTP server, i.e. Postfix.  IMAP doesn't send mail and your client needs to point to the SMTP service for sending mail.

You may need to use authentication (username and password) to send to other domains (external e-mail) as this is to stop spammers.  It is called relaying, and it is normally disabled when not authenticated.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20339389
Most email clients support this, and you can try your login username and password that you use to get access to your mailbox.
0
 

Author Comment

by:Skjori
ID: 20343538
Ok,
I see, but as my email client seems to either send sucsessfully or unsucessfully disregarding the username/password setup for smtp, I guess I haven't enabled authentication on my smtp service?
Is there a simple approach to do this, or do I have to go through a lot of steps.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20343601
e-mail servers do not require authentication to send internally, but only externally.  So I still think this is the behaviour you are seeing.

What e-mail client are you using?  It should be on the SMTP server configuration that you set the parameters.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20343604
To clarify that comment.  I think your server is requiring authentication, but it doesn't prompt you, it just allows anonymous sending internally and disallows anonymous sending externally.
0
 

Author Comment

by:Skjori
ID: 20343657
Your last comment seems to be the case yes. I've tried different clients (Windows Mail, Thunderbird) and setup username,password (and tried different port alternatives) in the smtp settings.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345077
Have you had any success using the username and password that you use to collect your e-mail?

Try looking at http://products.secureserver.net/email/email_thunderbird.htm, and in particular point (10) where it lets you put a username for the SMTP server.
0
 

Author Comment

by:Skjori
ID: 20345303
Collecting the email is not a problem, but even if I add username and password in my smtp configuration as you suggest, these seems to be ignored when sending email.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345406
Ok, it looks like Postfix isn't allowing authentication remotely.

Have a look at this:

https://help.ubuntu.com/7.04/server/C/postfix.html
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345407
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345412
Whether or not you require TLS for authentication depends on whether you want access from the Internet, and whether you have a decent firewall in the way.

If you do not use TLS and your SMTP server is visible to the Internet, you leave yourself open to someone hijacking your SMTP server to send e-mail.  So the TLS option is well-advised, if your firewall cannot block SMTP authentication separately.
0
 

Author Comment

by:Skjori
ID: 20345607
I will have a look at the links you provided although I've already been reading some of this I think.
Even if I have a decent firewall, I guess I should use TLS or SSL. Is there a big difference between these two? What ports should be opened on the router then?

Thanks so far..!

0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345616
Not a big difference.  TLS is essential SSLv4.  SSLv2 has some issues, but SSLv3 is fine.  SSLv1 should not be used.  Normally SMTP servers use port 25 for both unencrypted and TLS communications, as the protocol itself is not encrypted initially, but rather a command is passed to initiate secure communications.

So just port 25 on the router, as already the case.
0
 

Author Comment

by:Skjori
ID: 20345660
Ok.

Now I have configured my postfix with the receipt you provided in the link above. But now I'm being promted for the password a million times before I get the popup box:

"Sending of message failed,
The message could not be sent bacause connecting to SMTP server <server> failed. The server
may be unavailable or is refusing smtp connections. Please verify that your SMTP server setting is
correct and try again, or else contact your network administrator"

No I use Thunderbird connection type
IMAP Mail Server port 143
SMTP server TLS/Port 25
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345717
Have you told Thunderbird to use TLS?

Try using telnet to access your SMTP server and see if it responds as per the example in the https://help.ubuntu.com/7.10/server/C/postfix.html link.

Let me know if it has a different output...
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345720
Note, if you turn off SMTP authentication you should still be able to send internal mail, as per your original configuration.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20345735
Try also http://forums.rimuhosting.com/forums/showthread.php?t=260

Are you using a virtual user configuration.  This is where the mailboxes do not correspond to individual Linux user accounts.

Perhaps you could review the log files in /var/log (system, messages and mail are good candidates).  These may give more detail on the particular error that is occurring when Thunderbird attempts to authenticate you.
0
 

Author Comment

by:Skjori
ID: 20346599
The output from telnet is as expected here.
I'm not using a virtual user. The user is an actual user on this ubuntu server.

However, I've been looking into /var/log/mail.log while trying to send a mail in Thunderbird, and the output is as follows when prompted for password, and after entered password;


postfix/smtpd[4546]: TLS connection established from unknown[<ip_adress>]: TLSv1 with cipher <cipher> (256/256 bits)
postfix/smtpd[4546]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
postfix/smtpd[4546]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[4546]: warning: unknown[<ip_adress>]: SASL PLAIN authentication failed: generic failure
postfix/smtpd[4546]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied


I don't know why it won't accept my password,, but I see that I use TLSv1. Is that a problem?
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20346622
TLSv1 is fine.  It looks more like sasl is either not installed or not accepting queries from postfix.

Can you do a

   ps -A |grep saslauthd

to check saslauthd is running.

Also, check the /etc/postfix/sasl/smtpd.conf file as per the instructions in the Ubuntu help linked earlier (see the section SMTP Authentication).

Try restarting your Ubuntu server if you can, as this is the easiest way to make sure everything is using up-to-date configurations.  You can tell processes to restart manually, but you need to make sure you catch everything!
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20346629
Basically, what is happening is this:

1.  Thunderbird connects to Postfix and initiates TLS
2.  Thunderbird supplies credentials
3.  Postfix asks SASL to authenticate you
4.  SASL ignores or refuses Postfix
5.  Postfix cannot authenticate you and denies access
0
 

Author Comment

by:Skjori
ID: 20346748
Output from ps -A |grep saslauthd;

 4638 ?        00:00:00 saslauthd
 4639 ?        00:00:00 saslauthd
 4640 ?        00:00:00 saslauthd
 4643 ?        00:00:00 saslauthd
 4644 ?        00:00:00 saslauthd

I've checked /etc/postfix/sasl/smtpd.conf and it's according to the desciption provided above.

One thing I noticed is that the file /etc/default/saslauthd on my system have some additional arguments not mentioned here https://help.ubuntu.com/7.10/server/C/postfix.html. Maybe that's causing some problems?

I've restarted the server and the same result seem to apply still.

0
 

Author Comment

by:Skjori
ID: 20346757
The file /etc/postfix/sasl/smtpd.conf looks like this;



#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"


# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 500 total points
ID: 20346977
I'm afraid I'm off to bed now, but I'll give some more time to this as I am able.

The steps will basically be to look at each configuration file in turn, and to compare with the behaviour in the logs.

It is clear to me that the problem is that Postfix is not communicating correctly with SASL.

In the meantime, see if https://bugs.launchpad.net/ubuntu-doc/+bug/128182 helps.
0
 

Author Comment

by:Skjori
ID: 20347138
Actually the final link you provided made the whole difference!

After adding user postfix to group sasl everything seems to be working :)!
I've also successfully configured the iPhone mail client with this mail server (using IMAP).

Thanks a lot for all your effort Steve! Wish I had more than 500 points for you.


0
 

Author Closing Comment

by:Skjori
ID: 31410645
My best experience with Experts Exchange until today!
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20348546
You're welcome.

Glad it worked, and hopefully you are much more confident with this mail server now!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question