SASL authentication failure: No worthy mechs found Relaying

[gittyhubbyfrankybobby]

I'm hosting at home and because I can't edit my reverse DNS I send all my outbound mail to dnsexit.com for them to send out for me.

I followed this to setup relaying to them http://www.dnsexit.com/support/mailrelay/postfix.html

get the below logs and a NDR.

mailserver | 2018-10-26T16:59:31.340653-04:00 mail postfix/submission/smtpd[1383]: connect from rainloop.http_network[172.27.0.8] mailserver | 2018-10-26T16:59:31.355608-04:00 mail postfix/submission/smtpd[1383]: Anonymous TLS connection established from rainloop.http_network[172.27.0.8]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) mailserver | 2018-10-26T16:59:31.452660-04:00 mail postfix/submission/smtpd[1383]: 6E7D17C04D0: client=rainloop.http_network[172.27.0.8], sasl_method=PLAIN, sasl_username=me@xxxdomain.net mailserver | 2018-10-26T16:59:31.500102-04:00 mail postfix/authclean/cleanup[1387]: 6E7D17C04D0: replace: header Received: from webmail.xxxdomain.net (rainloop.http_network [172.27.0.8])??(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))??(No client certificate requested)??(Authenticated s from rainloop.http_network[172.27.0.8]; from=me@xxxdomain.net to=dawesome@ouc.com proto=ESMTP helo=: Received: from authenticated-user (mail.xxxdomain.net [127.0.0.1])??(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))??(No client certificate requested)??(Authenticated sender: me@xxxdomain.net)??by mail.xxxdomain.net (Postfix) with ESMTPSA id 6E7D17C04D0??for dawesome@ouc.com; Fri, 26 Oct 2018 16:59:31 -0400 (EDT) mailserver | 2018-10-26T16:59:31.503160-04:00 mail postfix/authclean/cleanup[1387]: 6E7D17C04D0: message-id=4c9f4fe135db970d661cff42e3cf21b6@xxxdomain.net mailserver | 2018-10-26T16:59:31.537453-04:00 mail postfix/qmgr[628]: 6E7D17C04D0: from=me@xxxdomain.net, size=1258, nrcpt=1 (queue active) mailserver | 2018-10-26T16:59:31.541498-04:00 mail postfix/submission/smtpd[1383]: disconnect from rainloop.http_network[172.27.0.8] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 mailserver | 2018-10-26T16:59:31.825011-04:00 mail postfix/smtp[1388]: Untrusted TLS connection established to relay.dnsexit.com[64.182.102.186]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) mailserver | 2018-10-26T16:59:31.867739-04:00 mail postfix/smtp[1388]: warning: SASL authentication failure: No worthy mechs found mailserver | 2018-10-26T16:59:31.867752-04:00 mail postfix/smtp[1388]: 6E7D17C04D0: SASL authentication failed; cannot authenticate to server relay.dnsexit.com[64.182.102.186]: no mechanism available mailserver | 2018-10-26T16:59:32.199059-04:00 mail postfix/smtp[1388]: Untrusted TLS connection established to relay.dnsexit.com[64.182.102.185]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) mailserver | 2018-10-26T16:59:32.240199-04:00 mail postfix/smtp[1388]: warning: SASL authentication failure: No worthy mechs found mailserver | 2018-10-26T16:59:32.240407-04:00 mail postfix/smtp[1388]: 6E7D17C04D0: SASL authentication failed; cannot authenticate to server relay.dnsexit.com[64.182.102.185]: no mechanism available mailserver | 2018-10-26T16:59:32.628965-04:00 mail postfix/smtp[1388]: Untrusted TLS connection established to relaybackup.dnsexit.com[67.214.171.66]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) mailserver | 2018-10-26T16:59:32.756423-04:00 mail postfix/smtp[1388]: 6E7D17C04D0: to=dawesome@destinationdomainexample.com, relay=relaybackup.dnsexit.com[67.214.171.66]:25, delay=1.4, delays=0.17/0.02/1.1/0.08, dsn=5.7.1, status=bounced (host relaybackup.dnsexit.com[67.214.171.66] said: 550 5.7.1 dawesome@destinationdomainexample.com... Relaying denied. IP name possibly forged [24.x.x.x] (in reply to RCPT TO command)) mailserver | 2018-10-26T16:59:32.805614-04:00 mail postfix/cleanup[1393]: C485D7C0517: message-id=20181026205932.C485D7C0517@mail.xxxdomain.net mailserver | 2018-10-26T16:59:32.817972-04:00 mail postfix/qmgr[628]: C485D7C0517: from=<>, size=4881, nrcpt=1 (queue active) mailserver | 2018-10-26T16:59:32.822003-04:00 mail postfix/bounce[1392]: 6E7D17C04D0: sender non-delivery notification: C485D7C0517 mailserver | 2018-10-26T16:59:32.825779-04:00 mail postfix/qmgr[628]: 6E7D17C04D0: removed mailserver | 2018-10-26T16:59:32.845011-04:00 mail dovecot: lmtp(1395): Connect from local mailserver | 2018-10-26T16:59:32.865008-04:00 mail dovecot: lmtp(me@xxxdomain.net): HElcMjSA01tzBQAACWjHDg: sieve: msgid=20181026205932.C485D7C0517@mail.xxxdomain.net: stored mail into mailbox 'INBOX' mailserver | 2018-10-26T16:59:32.867132-04:00 mail postfix/lmtp[1394]: C485D7C0517: to=me@xxxdomain.net, relay=mail.xxxdomain.net[private/dovecot-lmtp], delay=0.07, delays=0.02/0.02/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0 me@xxxdomain.net HElcMjSA01tzBQAACWjHDg Saved) mailserver | 2018-10-26T16:59:32.869205-04:00 mail dovecot: lmtp(1395): Disconnect from local: Successful quit mailserver | 2018-10-26T16:59:32.869372-04:00 mail postfix/qmgr[628]: C485D7C0517: removed

Classification

Please delete options that are not relevant.

• [] Question
• [x ] Deliverability issue
• [ ] Crash/Hang/Data loss
• [ ] Serious bug
• [ ] Minor bug
• [ ] Vulnerability
• [ ] Feature/Enhancement
• [ ] Documentation

Reproducibility

Please delete options that are not relevant.

• [X] Always
• [ ] Sometimes
• [ ] Rarely
• [ ] Unable
• [ ] I didn’t try
• [ ] Not applicable

Docker information

docker info
docker images hardware/mailserver --digests --filter "dangling=false"

Description

Briefly describe the problem you are having in a few lines.

Steps to reproduce

1. 2. 3.

Expected results

Actual results

Debugging information

docker logs mailserver

Configuration (docker-compose.yml, traefik.toml...etc)

[gittyhubbyfrankybobby]

docker info:

test@u18:/mnt/docker/mail$ docker info Containers: 40 Running: 19 Paused: 0 Stopped: 21 Images: 53 Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e runc version: 69663f0bd4b60df09991c08812a60108003fa340 init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 4.15.0-32-generic Operating System: Ubuntu 18.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 7.767GiB Name: u18 ID: KWKX:2WBG:RPSQ:LGXJ:JQUD:HWYS:T62X:ZFBO:ATMV:YTOD:KMTW:GLBQ Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: No swap limit support

test@u18:/mnt/docker/mail$ docker images hardware/mailserver --digests --filter "dangling=false" REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE hardware/mailserver 1.1-stable sha256:f5098c8126f0608236fc62b7250a371007f77dd10bfa536d6a2e496687e4fa35 b89c3b338d62 2 months ago 378MB

[denji]

Duplicate issues #237

[gittyhubbyfrankybobby]

Found my issue, need to add smtp_sasl_security_options = noanonymous to my custom.conf

This overrides the noplaintext default. Answer found here: https://serverfault.com/questions/181578/postfix-sasl-authentication-failure-no-worthy-mechs-found