Community Forum

Resolved
0 votes
Hello World,

I am currently having an issue with SMTP server. None of my users are able to connect. I receive invalid password. And when I disable SMTP authentication I receive the error connection refused. I am not running a firewall on this server.

Does anyone know why I have a user configured to use SMTP server but is unable to authenticate?

Thanks for all responses
In Mail
Saturday, April 07 2018, 04:30 AM
Share this post:
Responses (18)
  • Accepted Answer

    Friday, April 13 2018, 10:05 AM - #Permalink
    Resolved
    0 votes
    Trying to go through this logically. I assume you are trying to send an e-mail as user@yourdomain.com?

    From your e-mail client, can you configure the outgoing server as Comcast with STARTTLS, using your Xfinity username and password? Try sending an e-mail. If that works then try via postfix. Change the SMTP server in your client to the LAN IP of FQDN of your ClearOS LAN on port 25 with no Connection Security or Authentication. In the ClearOS SMTP server have Authentication disabled and your LAN as a trusted network.

    Post back with the output of "postconf -n" if it fails.

    If it failed, try sending an e-mail locally with the same set up to another_user@yourdomain.com who is also set up fully for e-mails.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, April 12 2018, 09:10 PM - #Permalink
    Resolved
    0 votes
    Setting up postfix to authenticate should not stop you users from authenticating, but please can you be clear. Where are your users authenticating to? To ClearOS or to the ISP.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, April 12 2018, 03:13 PM - #Permalink
    Resolved
    0 votes
    update,

    so I followed the following KB to setup mail relay - https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_smtp_authentication_to_isp

    and now i'm unable to authenticate any users. not even local users on my LAN can authenticate now.

    this shouldn't affect local users right?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 04:51 PM - #Permalink
    Resolved
    0 votes
    Ok. I'm going to stay away from 465 until further notice. I will be re-configuring and testing in a few.

    Again, thanks for the help.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 04:46 PM - #Permalink
    Resolved
    0 votes
    I've found my old postfix mailing list thread. Support for 465 was targeted for 2.12 or 3.0. As 2.12 never happened, it looks like we have to wait for postfix 3.0. Knowing RedHat, this means at least ClearOS v8 so it is a long way away. RedHat have not yet released EL8 into Beta.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 04:08 PM - #Permalink
    Resolved
    0 votes
    sendpulse uses the standard username and password. And they do not support 587 but they do support SSL 465. I will stay away from that for now.

    I will try using my ISP first. I will report back once I have it setup and test.

    Again, thank you soooo much for the assistance.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 03:04 PM - #Permalink
    Resolved
    0 votes
    Comcast may be a touch easier to set up but you risk them rewriting the e-mail headers.

    There will be some trial and error with Sendpulse as you have not said what security they require - but you could check it with an ordinary e-mail client. 2525 may just be user/pass like conventional port 25. Avoid 465 for the moment as I don't know if it works natively in postfix. I have had it working with an earlier version of postfix but I had to use stunnel as a helper program. I'd also ask Sendpulse if they use STARTTLS on 587 - or just try it from a desktop client
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 02:17 PM - #Permalink
    Resolved
    0 votes
    Oh WOW. Thank you for correcting me. I contacted their support and the guy said they do not. So would it be easier to setup the relay via my ISP and use my own domain or use the smtp server from sendpulse.

    here are sendpulse's smtp server settings.

    SMTP Server: smtp-pulse.com
    Port: 2525 (SSL port: 465)

    I'm all for using whatever is easiest and would work efficiently.

    Again, thank you for all your help.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 08:05 AM - #Permalink
    Resolved
    0 votes
    AFAIK, Comcast do allow SMTP relay ,but I don't know if you have to do it per sender or can do it once for all senders. Info is here and here.

    The instructions are pretty generic and work if your relay uses port 587 and are trivial to change to port 25. As I said before, I am not sure about port 465. If you search the internet there are instructions for sender dependent authentication which even allows you to send to different SMTP servers so can be used to relay, say, your GMail e-mail address via Gmail and your own domain's e-mails via another.com.

    I've had a look on Sendpulse and I can't find their SMTP settings anywhere. Have you found them?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 10 2018, 02:03 AM - #Permalink
    Resolved
    0 votes
    Thank you for your reply.

    Yes. My ISP ComCrap (Comcast) does not allow smtp relay. I signed up for an external SMTP server with sendpulse.

    I've reviewed the link you have provided for SMTP Authentication to ISP. Would this configuration also work for an external SMTP Server?

    Also, my emails are working internally.

    Thank you for all your assistance.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 08 2018, 04:18 PM - #Permalink
    Resolved
    0 votes
    Many SMTP servers will not allow traffic from a dynamic IP. Mine won't.

    The normal solution is to relay your SMTP traffic via an external SMTP server. I relay mine via my ISP's SMTP server which is fine and standard practice. It is also the purpose of the Relay Host setting. Unfortunately it only works if your ISP allows you to relay on port 25 without authentication. Many require authentication, often on STARTTLS/port 587 and some on SMTPS/port 465. Some allow authentication on port 25. You have to consult your ISP's settings.

    Port 465 is possible but a hassle to set up as it possibly needs an extra service (postfix has an update around v2.10 which allows SMTPS natively). SMTPS/587 is straightforward. See this HowTo. It also allows you to relay out to other SMTP servers such as Gooogle, but google rewrite the headers of e-mails to the user who authenticates. It is possible to set up sender dependent relaying, but you need everyone's password. There are also commercial service who provide SMTP relaying. Just search "smtp relay service".

    If you have set up your smtp server to receive e-mails, port 25 is not available at the moment either. I've just checked, but it could be that you have not set it up.

    First of all try sending a message internally as I suggested earlier.

    If that works, research your ISP's SMTP server settings and hope he allows it via port 25, preferably without authentication.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 08 2018, 02:44 PM - #Permalink
    Resolved
    0 votes
    Hi,

    Thank you for your response.

    I have a dynamic IP address and I'm using NOip to workaround that issue. The mail hostname is my NOip DNS name which points back to my IP.

    Now are you saying I will not and/or may not be able to send email to external addresses like YAHOO and AOL from my sawhite2.club domain?

    Again, thank you for your assistance.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 08 2018, 08:42 AM - #Permalink
    Resolved
    0 votes
    You can remove your "Destination Domain" from your settings. It is the same as your Mail Domain. Otherwise your settings look fine for a basic un-authenticated set up.

    For internal testing can you send an e-mail from user1@sawhite2.club to user2@sawhite2.club if I have read your domain correctly. When you are testing, you must be sending as something@sawhite2.club. It will not may not work if you try sending using a Yahoo or AOL sending address as you are not a permitted sender for those domains.

    Do you have a static or dynamic IP address and does your ISP allow you to send mail out directly?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 07 2018, 11:49 PM - #Permalink
    Resolved
    0 votes
    Thank you for your response.

    I am trying to send directly thus bypassing my ISP. And yes I am sending mail externally to my yahoo and AOL address for testing purposes.
    I've tried both internally and externally but the user does not authenticate regardless of what combination of settings I am using.

    Again, Thank you for your assistance
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 07 2018, 11:22 PM - #Permalink
    Resolved
    0 votes
    Thank you for your response.

    I am trying to send directly thus bypassing my ISP. And yes I am sending mail externally to my yahoo and AOL address for testing purposes.
    I've tried both internally and externally but the user does not authenticate regardless of what combination of settings I am using.

    Again, Thank you for your assistance
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 07 2018, 04:37 PM - #Permalink
    Resolved
    0 votes
    That is a v5 document and not for the SMTP server. Use the document link on the SMTP settings screen. You'll end up here.

    Are you trying to send your mail internally to another user or externally? Can you try internally first?

    If you are trying to send externally, are you trying to relay via your ISP or are you sending directly?

    Can you paste a screenshot of your settings?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 07 2018, 04:18 PM - #Permalink
    Resolved
    0 votes
    Thank you kindly for your reply.

    So here is my setup. I am trusting my entire local LAN. 1.1.1.1/24 in the trusted networks field.

    I've disabled "block-plain-text password" and "smtp authentication". When I attempt to connect the server refuses the connection. when I turn back on SMTP authentication the error changes to incorrect password. I have created a test user and the user is enabled for pop and imap server as well as smtp server user.

    Am i missing any steps?

    Here is the document I used to setup the smtp server. If another document exist I'd definitely give it a shot.

    https://www.clearos.com/resources/documentation/clearos/content:en_us:5_pop_and_imap_server#server_configuration

    Lastly, are their any password requirements like length or combinations? i'm just asking since once I turn on smtp authentication i immediately receive invalid password

    Thanks for the help.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 07 2018, 07:49 AM - #Permalink
    Resolved
    0 votes
    If you have SMTP authentication disabled, you should set up Trusted Networks to cover your LAN subnet.

    For authentication to work, initially just allow it but leave "Block Plain-Text Passwords" disabled. In the User set up, the user must be enabled as an "SMTP Server User". You should then be able to authenticate on port 25. In Thunderbird it would be with the "Password, transmitted insecurely" method. You can also use SMTPS (aka SSL/TLS) on port 465 irrespective of the SMTP Authentication Policy. My suggestion would be that if you ever wanted your users to connect externally and send e-mails via your server (think mobile phones and laptops outside your facility), set them up with SMTPS/465 and not SMTP/25. Have a little read of the documentation for the SMTP server.

    I have never really used password encryption. The one time I tried it, I had issues with it but it may be the client I'm using.

    If you use Outlook as a client, it is harder to set up if ClearOS is Standalone on your LAN, but you may want to install Let's Encrypt certificates, then there is a HowTo for how to use them in the mail apps.

    [edit]
    As a new user your first couple of posts get moderated so don't appear immediately. I'm deleting your other post.
    [/edit]
    The reply is currently minimized Show
Your Reply