On 2014-09-07 19:56, vhpd wrote:
>
> My provider wants me to start submitting email via SMTP with SSL
> encryption. I used to simply submit email via postfix to
> mr01.hansenet.de:465 like this:
>
> main.cf:
>
> Code:
> --------------------
> relayhost = mr01.hansenet.de
> --------------------
This means that ALL your email sent out by your postfix will be sent
over to “mr01.hansenet.de” for processing and sending.
> sender_canonical:
>
> Code:
> --------------------
> foth kilianfoth@alice-dsl.de
> --------------------
This means that mail sent by your local machine user “foth” will have
the from field changed to “kilianfoth@alice-dsl.de”.
>
>
> Both these are heavily obsolete, since those products/companies don’t
> exist anymore and everything is “O2” now, but so far it kept working,
> and I didn’t want to meddle with a working set-up.
I don’t know what is “O2”?
> Now the provider has started rejecting emails sent like this to other
> “alice.de” users (“Local senders are prohibited to send to local
> recipients without authentication”), and their support told me to switch
> to a new relay host; I’m afraid that old relay will be eventually
> switched off, so I should make the switch.
Mmm… rings and old bell.
I had an email like “me@somefriendofmine.org”. When using that host to
send to “someone@gmail.com” all when well. When sending to
“foo@somefriendofmine.org”, it failed with a message like the one you
get. If I set the from to “me@gmail.com”, and sent to
“foo@somefriendofmine.org”, it would work just fine - and I was not
using any relay, I was sending direct. That is, I was acting as MAIL
SERVER, not client.
This is BUG in the configuration of the “somefriendofmine.org” smtp
server, plain simple: mail sent to a destination hosted by that machine
can not request any authentication. It is against the rules.
It goes like this: if you send to a user local to that machine, you need
no authentication, that’s how email is supposed to work. If I work at
opensuse.org I can not have an authentication for redhat.org,
ubuntu.org, debian.org, etc. It is absurd, I can not have an
authentication for each destination. So, of course, it is not asked.
If I have an account at “somefriendofmine.org”, and I want to send an
email to “opensuse.org”, of course they are entitled to ask for
authentication, because I’m asking some one to relay my email to
somebody else.
So far, so good.
The problem is when “me@somefriendofmine.org” wants to send to
“you@somefriendofmine.org”. The rule to apply is the first one, no
authentication. The server has a BUG because it applies rule two. It
does not detect that I’m not relaying.
It is impossible to fight this dumb-ass configuration. Use a different
server/provider.
Notice that the problem will likely be the same even if you change the
smarthost setting… because it triggers because you send as
“kilianfoth@alice-dsl.de” to “someone@alice.de”. Changing the relayhost
will probably not help. And it is out of your control, because it is
“mr01.hansenet.de” who does the talking, not you. Even if postfix has
some configuration to handle the above described dumb-ass situation, it
does nothing: you are not doing the mail sending, it is the relayhost
who does.
If mr01.hansenet.de are a different people than alice.de, talk to them;
they may be able to do something. If they are the same people… sigh 
> Unfortunately this means submitting SMTP email with SSL, and I’m failing
> at getting this to work. Having read advice from people on the internet
> who had the same problem, I tried these additional settings:
I can try help changing your relayhost, but I’m unsure it will help.
> main.cf:
>
> Code:
> --------------------
> relayhost = smtp.o2mail.de:465
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_sasl_password_maps = hash:/etc/postfix/password
> smtpd_sasl_auth_enable = no
> smtp_use_tls = yes
> --------------------
I use :
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Both smtp_use_tls and smtpd_use_tls are obsolete settings, might not
work. Instead, I have this:
smtp_tls_security_level = may
smtp_tls_loglevel = 1
sender_canonical:
Code:
foth [email]kilianfoth@o2mail.de[/email]
That means that your sender address for user “foth” will be replaced by
“kilianfoth@o2mail.de”.
master.cf:
Code:
tlsmgr unix - - n 1000? 1 tlsmgr
Ok.
password:
Code:
smtp.o2mail.de:465 [email]kilianfoth@o2mail.de[/email]:MYPASSWORD
Ok.
But I can’t get any mail through - /var/log/mail says
Code:
postfix/smtp[8960]: CLIENT wrappermode (port smtps/465) is unimplemented
postfix/smtp[8960]: instead, send to (port submission/587) with STARTTLS
postfix/smtp[8960]: connect to new.maila.net[204.45.2.141]:465: Connection timed out
postfix/smtp[8960]: 5361332C0732: to=kilianfoth@meetingsphere.com, relay=none, delay=30, delays=0.11/0.01/30/0, dsn=4.4.1, status=deferred (connect to new.maila.net[204.45.2.141]:465: Connection timed out)
Therefore I tried using STARTTLS by talking to port 587:
main.cf:
Code:
relayhost = smtp.o2mail.de:587
That takes care of the first problem, but I’m still timing out:
That particular problem is unfamiliar to me.
Code:
postfix/smtp[9016]: connect to new.maila.net[204.45.2.141]:587: Connection timed out
postfix/smtp[9016]: 14FAE32C0731: to=kilianfoth@meetingsphere.com, relay=none, delay=528, delays=498/0.01/30/0, dsn=4.4.1, status=deferred (connect to new.maila.net[204.45.2.141]:587: Connection timed out)
Now, I can reach smtp.o2mail.de fine via telnet, both on port 465 and
587, but not new.maila.net. Why would postfix talk to new.maila.net
(204.45.2.141) instead of smtp.o2mail.de (91.136.8.189), and what can I
do to prevent timing out?
Try:
relayhost = [smtp.o2mail.de]:587
That impedes postfix checking DNS for it. Look:
cer@Telcontar:~> host smtp.o2mail.de
smtp.o2mail.de has address 91.136.8.189
smtp.o2mail.de mail is handled by 10 new.maila.net.
cer@Telcontar:~>
And you may have to adapt the password entry.
I would try first
relayhost = [smtp.o2mail.de]:465
for curiosity sake… O:-)
HTH.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)