Difference between revisions of "Set up your mail server for sending"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
 
Line 72: Line 72:
 
  64 bytes from '''''suse-256''''' (109.167.135.66): icmp_seq=1 ttl=64 time=0.031 ms
 
  64 bytes from '''''suse-256''''' (109.167.135.66): icmp_seq=1 ttl=64 time=0.031 ms
 
In this case you ping to ''mail.domain.de'', but the answer comes from the server ''suse-256''.
 
In this case you ping to ''mail.domain.de'', but the answer comes from the server ''suse-256''.
;Solution: At your IP address' provider, set the reverse DNS entry to deliver the correct hostname, in this example ''mail.domain.de''. Here is an example for RackSpace: http://www.rackspace.com/knowledge_center/article/rackspace-cloud-essentials-6-creating-a-reverse-dns-record
+
;Solution: At your IP address' provider, set the reverse DNS entry to deliver the correct hostname, in this example ''mail.domain.de''. Here is an example for RackSpace: http://www.rackspace.com/knowledge_center/article/rackspace-cloud-essentials-6-creating-a-reverse-dns-record Some things can go wrong here. For example I had the respective IP address in /etc/hosts and as name server I was using my [[Fritz!Box]] that cached the DNS record.
  
 
= TroubleShooting =
 
= TroubleShooting =

Latest revision as of 15:59, 28 November 2015

Overview

When you have set up a mail server you can by default send mails within your own domain (e.g. linuxintro.org) but not to the outside. What you probably want is that internet users can connect via a mail client, e.g. Thunderbird to your mail server. If they know a valid username and password, they are allowed to read and send mails.

Configure it

Authentication is done by saslauthd. So install saslauthd, in this case for SUSE Linux:

yast -i cyrus-sasl-saslauthd

Start the service:

/etc/init.d/saslauthd start

Make sure your authentication service is running:

/etc/init.d/saslauthd status 

has to deliver

running

Make sure the service starts on boot

chkconfig saslauthd on

In /etc/postfix/main.cf, set

smtpd_sasl_auth_enable = yes

In /etc/postfix/main.cf, add permit_sasl_authenticated to smtpd_recipient_restrictions. The resulting line may look like this:

smtpd_recipient_restrictions = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               check_policy_service inet:127.0.0.1:60000

Restart Postfix

/etc/init.d/postfix restart

Test it

To test it, find out your plain authentication string. To do this, open a console and do a base64 encoding of your username (myuser in this example) and your password (mypassword in this example):

# perl -MMIME::Base64 -e 'print encode_base64("myuser\0myuser\0mypassword");'

You get a string that we will need again soon, it looks like

bXl1c2VyAG15dXNlcgBteXBhc3N3b3Jk

Now connect to your mail server (in this example linuxintro.org):

# telnet linuxintro.org 25

The server responds:

Trying 108.166.126.74...
Connected to linuxintro.org.
Escape character is '^]'.
220 mail.linuxintro.org ESMTP Postfix

If you are missing the response "Connected to...", your internet provider is probably blocking port 25. In this case read setting up a mail server on port 587. Otherwise you write

EHLO hostname

Now the server responds like

250-mail.linuxintro.org
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Now you write

AUTH PLAIN bXl1c2VyAG15dXNlcgBteXBhc3N3b3Jk

The server writes

235 2.7.0 Authentication successful

This means it has worked. So write

QUIT

And you see the response

221 2.0.0 Bye
Connection closed by foreign host.

mail is refused

Sometimes it happens that you get mails like this one:

Delayed Mail (still being retried)
[...]
 <name@domain.net>: host mail.domain.com[87.16.52.149] said: 450 4.7.1 Client host
    rejected: cannot find your hostname, [109.167.135.66] (in reply to RCPT TO
    command)

This means sending of your mail worked but the receiving mail server refuses to accept it. This is most probably because your mail server name resolves to an IP address, but this IP address does not resolve to your mail server name:

# ping mail.domain.de
PING mail.domain.de (109.167.135.66) 56(84) bytes of data.
64 bytes from suse-256 (109.167.135.66): icmp_seq=1 ttl=64 time=0.031 ms

In this case you ping to mail.domain.de, but the answer comes from the server suse-256.

Solution
At your IP address' provider, set the reverse DNS entry to deliver the correct hostname, in this example mail.domain.de. Here is an example for RackSpace: http://www.rackspace.com/knowledge_center/article/rackspace-cloud-essentials-6-creating-a-reverse-dns-record Some things can go wrong here. For example I had the respective IP address in /etc/hosts and as name server I was using my Fritz!Box that cached the DNS record.

TroubleShooting

Authentication not enabled

Symptom

You get

Sending failed: Your SMTP server does not support authentication. The server responded: "5.5.1 Error: authentication not enabled"
Solution

You will need to modify /etc/postfix/main.cf, set

smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes

and restart postfix:

/etc/init.d/postfix restart

generic failure

Symptom

You get

Sending failed. Most likely the password is wrong. The server responded: "5.7.8 Error: authentication failed: generic failure"
Solution

You need to make sure your authentication service has been started:

/etc/init.d/saslauthd status

has to deliver

running

no authentication mechanism available

Symptom

You get

Sending failed: Your SMTP server does not support The server responded: "5.7.8 Error: authentication failed: no mechanism available"
Reson

You may have

  • plain
  • digest-md5
  • cram-md5

as authentication method in kmail.

Solution

Change this to Login.

no worthy mechanisms found

Symptom

You get

Sending failed: An error occurred during authentication: SASL(-4):no mechanism available: No worthy mechs found
Reason

You may have

  • GSSAPI

as authentication method in kmail.

Solution

Change this to Login.

no mail is sent

Symptom

Nothing happens and no mail is sent

Reason

You may have

  • NTLM

as authentication method in kmail.

Solution

Change this to Login.

See also