The Mail Settings app and postfix (SMTP server) are separate apps and serve different purposes. You can see from your postfix settings you have no Relay Host configured and, from your log extract, you can see docker/clearglass is using postfix. Try setting up a Relay Host or check the documentation of you need to use authentication.

You will see a Trusted Network of 172.16.0.0/12 set up. Don't delete it. It can be cut down to cover the two /16 networks for Docker and Clearglass, but any Clearglass update will reset it. I am not happy with it and have proposed an alternative method compatible with the webconfig, but it has fallen on deaf ears.

This is being relayed through our ISP (CenturyLink) which is configured in System > Settings > Mail Settings on the Management Page of ClearOS GUI.

All email should be going through smtp.centurylink.net and using the username/password provided by CenturyLink. We know it works as our Pfsense firewall send alerts the same way using the same settings, and those go through with NO issue.

Does ClearGlass Community use the settings already placed in System > Settings > Mail Settings ? or does it use something else or setting that should be placed elsewhere?

I am not sure contacting AWS will help. I think the message is saying your IP is on a blacklist. If you have a dynamic IP you may need to set up mail relaying through postfix via your ISP (or perhaps AWS). Your "postconf -n" output does not suggest you are doing any relaying via smtp.centurylink.net.

Do you have the equivalent from your maillog? Also have you done any anti-spam tinkering with your postfix set up? What is the output to "postconf -n"?

Ah ha! Thanks for pointing that nugget out..... looking at the below:

Nov 12 14:33:08 bebclrglssvrp1 postfix/smtp[17899]: 3AFA03748DA: to=<bbonnell@bebconsultingservices.com>, relay=inbound-smtp.us-west-2.amazonaws.com[54.240.248.234]:25, delay=0.52, delays=0.07/0.01/0.28/0.15, dsn=5.7.1, status=bounced (host inbound-smtp.us-west-2.amazonaws.com[54.240.248.234] said: 550 5.7.1 IP address blacklisted by recipient (in reply to RCPT TO command))
Nov 12 14:33:08 bebclrglssvrp1 postfix/cleanup[17894]: C413E3748D9: message-id=<20181112213308.C413E3748D9@bebclrglssvrp1.pvg.bebconsultingservices.com>
Nov 12 14:33:08 bebclrglssvrp1 postfix/bounce[17900]: 3AFA03748DA: sender non-delivery notification: C413E3748D9
Nov 12 14:33:08 bebclrglssvrp1 postfix/qmgr[3115]: C413E3748D9: from=<>, size=3567, nrcpt=1 (queue active)
Nov 12 14:33:08 bebclrglssvrp1 postfix/qmgr[3115]: 3AFA03748DA: removed
Nov 12 14:33:09 bebclrglssvrp1 postfix/smtp[17899]: C413E3748D9: to=<team@clear.glass>, relay=inbound-smtp.us-east-1.amazonaws.com[176.32.101.207]:25, delay=0.44, delays=0.03/0/0.24/0.17, dsn=5.7.1, status=bounced (host inbound-smtp.us-east-1.amazonaws.com[176.32.101.207] said: 550 5.7.1 IP address blacklisted by recipient (in reply to RCPT TO command))
Nov 12 14:33:09 bebclrglssvrp1 postfix/qmgr[3115]: C413E3748D9: removed


It looks like our mail service AWS, is blocking email from clear.glass domain......looks like I need to open a case with AWS about getting this whitelisted somehow if at all possible.

Well that sort of explains it all.....

I posted above the mail logs, have not done anything with spam. We use a AWS Hosted Mail Service. So there is no tickering to be done.

We also use the ISP's mail server as a smarthost on the ClearGlass server itself. That is:smtp.centurylink.net

So we are sending ClearGlass emails through smtp.centurylink.net which is our ISP, through to bbonnell@bebconsultingservices.com, that is hosted by AWS.


Here is the posconf -n from the ClearGlass Server itself.

root@bebclrglssvrp1 log]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 6h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = mailprefilter
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $alias_maps $virtual_alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 102400000
mailbox_transport = mailpostfilter
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = server.lan
myhostname = bebclrglssvrp1.pvg.bebconsultingservices.com
mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128, 172.16.0.0/12
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps =


I can attach a screenshot of System > Settings > Mail Settings if that will help, just let me know....

Well I have tried the process laid out here:

https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_smtp_authentication_to_isp


But I am now getting this error in the maillog:

Nov 25 11:32:43 bebclrglssvrp1 postfix/smtp[32398]: C25B76E41B: to=<team@clear.glass>, relay=smtp.centurylink.net[206.152.134.66]:587, delay=0.25, delays=0.02/0/0.11/0.13, dsn=5.7.1, status=bounced (host smtp.centurylink.net[206.152.134.66] said: 554 5.7.1 [R8] Authentication Failed, must login. (in reply to RCPT TO command))


I have the user name setup properly based on the above KB instructions, however it appears that ClearOS/ClearGlass is NOT logging in to CenturyLink's servers.

It is finally using the right relay/smarthost, Is there a setting I am missing somewhere to allow for login?

Google searches pull up this to be added into main.cf, before I pull the trigger on this is this what I am missing?

smtp_sasl_mechanism_filter = login

(FYI....not a postfix/sendmail expert here....LOL)

Sometimes when I just want to stand up a demo of ClearGLASS I install app-smtp and the set up a relay destination to a bogus LAN IP. That way the email gets stuck in the queue. Then I run the following to look for the mail ID

mailq

Then I read out the contents and simply copy and paste the url to my browser:

postcat -qv 76A6E893

Where 76A6E893 is the mail id