Closed roswitina closed 7 years ago
Have you previously used a customized main.cf?
Am 09.10.2017 um 14:55 schrieb roswitina notifications@github.com:
I have entered a relayhost in Mailcow admin -> Configuration -> Relayhost. I registered this relayhost in Mailcow admin -> Edit object -> Edit domain at a domain. If I send only one mail with this domain, the relayhost will NOT be used. What am I doing wrong?
Rosi
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
I had a custom main. cf. I replaced the main. cf of github master. After that I just reactivated the anonymization of the header. I test the Relayhost.
Relayhost test result:
Connection: opening to bsmtp.a1.net:25, timeout=300, options=array (
)
Connection: opened
SERVER -> CLIENT: 220 bsmtp7.bon.at ESMTP (1)
CLIENT -> SERVER: EHLO mailcow.intra.lokal
SERVER -> CLIENT: 250-bsmtp7.bon.at
↪ 250-PIPELINING
↪ 250-SIZE 104857600
↪ 250-ETRN
↪ 250-STARTTLS
↪ 250-ENHANCEDSTATUSCODES
↪ 250 8BITMIME
CLIENT -> SERVER: STARTTLS
SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
CLIENT -> SERVER: EHLO mailcow.intra.lokal
SERVER -> CLIENT: 250-bsmtp7.bon.at
↪ 250-PIPELINING
↪ 250-SIZE 104857600
↪ 250-ETRN
↪ 250-AUTH PLAIN LOGIN
↪ 250-AUTH=PLAIN LOGIN
↪ 250-ENHANCEDSTATUSCODES
↪ 250 8BITMIME
CLIENT -> SERVER: AUTH LOGIN
SERVER -> CLIENT: 334 VXNlcm5hbWU6
CLIENT -> SERVER: dC1rYUBwb2xpemVpLmF0
SERVER -> CLIENT: 334 UGFzc3dvcmQ6
CLIENT -> SERVER: cG91ejN6
SERVER -> CLIENT: 235 2.7.0 Authentication successful
CLIENT -> SERVER: MAIL FROM:relay@example.org
SERVER -> CLIENT: 250 2.1.0 Ok
CLIENT -> SERVER: RCPT TO:null@hosted.mailcow.de
SERVER -> CLIENT: 250 2.1.5 Ok
CLIENT -> SERVER: DATA
SERVER -> CLIENT: 354 End data with
I have activated the relayhost in the respective domain.
Log from Postfix: Trusted TLS connection established to mail.name.lokal[5.1.76.202]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) E3D12C12B7: to=Vorname@Nachname.online, relay=mail.name.lokal[5.1.76.202]:25, delay=2.6, delays=0.21/0.03/2.3/0, dsn=4.7.8, status=deferred (SASL authentication failed; server mail.name.lokal[5.1.76.202] said: 535 5.7.8 Error: authentication failed: )
Without Relayhost I can send normally.
Rosi
main.cf
biff = no append_dot_mydomain = no smtpd_tls_cert_file = /etc/ssl/mail/cert.pem smtpd_tls_key_file = /etc/ssl/mail/key.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [fd4d:6169:6c63:6f77::]/64 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all bounce_queue_lifetime = 1d broken_sasl_auth_clients = yes disable_vrfy_command = yes maximal_backoff_time = 1800s maximal_queue_lifetime = 1d message_size_limit = 26214400 milter_default_action = accept milter_protocol = 6 minimal_backoff_time = 300s plaintext_reject_code = 550 postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr, tcp:127.0.0.1:10027 postscreen_bare_newline_enable = no postscreen_blacklist_action = drop postscreen_cache_cleanup_interval = 24h postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.27 dnsbl.inps.de=127.0.0.27 bl.mailspike.net=127.0.0.25 bl.mailspike.net=127.0.0.[10;11;12]4 dnsbl.sorbs.net=127.0.0.108 dnsbl.sorbs.net=127.0.0.56 dnsbl.sorbs.net=127.0.0.73 dnsbl.sorbs.net=127.0.0.82 dnsbl.sorbs.net=127.0.0.62 dnsbl.sorbs.net=127.0.0.92 zen.spamhaus.org=127.0.0.[10;11]8 zen.spamhaus.org=127.0.0.[4..7]6 zen.spamhaus.org=127.0.0.34 zen.spamhaus.org=127.0.0.23 hostkarma.junkemailfilter.com=127.0.0.23 hostkarma.junkemailfilter.com=127.0.0.41 hostkarma.junkemailfilter.com=127.0.1.21 wl.mailspike.net=127.0.0.[18;19;20]-2 hostkarma.junkemailfilter.com=127.0.0.1*-2 postscreen_dnsbl_threshold = 8 postscreen_dnsbl_ttl = 5m postscreen_greet_action = enforce postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 2d postscreen_greet_wait = 3s postscreen_non_smtp_command_enable = no postscreen_pipelining_enable = no proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps queue_run_delay = 300s relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_cert_file = /etc/ssl/mail/cert.pem smtp_tls_key_file = /etc/ssl/mail/key.pem smtp_tls_loglevel = 1 smtp_dns_support_level = dnssec smtp_tls_security_level = dane smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_error_sleep_time = 10s smtpd_hard_error_limit = ${stress?1}${stress:5} smtpd_helo_required = yes smtpd_proxy_timeout = 600s smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = inet:dovecot:10001 smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain smtpd_soft_error_limit = 3 smtpd_tls_auth_only = yes smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL smtpd_tls_loglevel = 1 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_protocols = !SSLv2, !SSLv3 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 lmtp_tls_protocols = !SSLv2, !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_security_level = may tls_ssl_options = NO_COMPRESSION tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail/ virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 104 virtual_transport = lmtp:inet:dovecot:24 virtual_uid_maps = static:5000 smtpd_milters = inet:rspamd:9900 non_smtpd_milters = inet:rspamd:9900 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} mydestination = localhost.localdomain, localhost
smtp_address_preference = ipv4 smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps.cf smtp_sasl_security_options = smtp_sasl_mechanism_filter = plain, login
smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre
In case you want to relay over hosted mailcow de, that will only work on port 587. 👍
my relayhost goes to bsmtp. a1. net
I need the full/more logs then, the above log says it is relaying over 5.1.76.202.
Edit. Can you check the output of docker-compose exec postfix-mailcow postmap -q example.com mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
? Where example.com is your local mailcow domain.
I restart the postfix container. Ich use vorname.nachname@gmx.at. i activate relayhost bsmtp.a1.net for @gmx.at. I send mail to vorname@nachname.com with sogo webmail.
Her ist the log: 2017-10-09 15:42:05,110 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2017-10-09 15:42:05,110 INFO supervisord started with pid 1 2017-10-09 15:42:06,112 INFO spawned: 'postfix' with pid 10 2017-10-09 15:42:06,114 INFO spawned: 'syslog-ng' with pid 11 Oct 9 15:42:06 mailcow syslog-ng[11]: syslog-ng starting up; version='3.8.1' Oct 9 15:42:06 mailcow postfix[249]: Postfix is running with backwards-compatible default settings Oct 9 15:42:06 mailcow postfix[249]: See http://www.postfix.org/COMPATIBILITY_README.html for details Oct 9 15:42:06 mailcow postfix[249]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload" Oct 9 15:42:06 mailcow postfix/postfix-script[336]: starting the Postfix mail system Oct 9 15:42:06 mailcow postfix/master[338]: daemon started -- version 3.1.4, configuration /opt/postfix/conf 2017-10-09 15:42:07,827 INFO success: postfix entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2017-10-09 15:42:07,827 INFO success: syslog-ng entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) Oct 9 15:43:07 mailcow postfix/smtpd[343]: connect from mailcowdockerized_sogo-mailcow_1.mailcowdockerized_mailcow-network[172.22.1.252] Oct 9 15:43:08 mailcow postfix/smtpd[343]: 21251C08BC: client=mailcowdockerized_sogo-mailcow_1.mailcowdockerized_mailcow-network[172.22.1.252], sasl_method=PLAIN, sasl_username=vorname.nachname@gmx.at Oct 9 15:43:08 mailcow postfix/cleanup[348]: 21251C08BC: message-id=c3-59db9900-5-1183ef6@79420433 Oct 9 15:43:08 mailcow postfix/qmgr[340]: 21251C08BC: from=vorname.nachname@gmx.at, size=1139, nrcpt=1 (queue active) Oct 9 15:43:08 mailcow postfix/smtpd[343]: disconnect from mailcowdockerized_sogo-mailcow_1.mailcowdockerized_mailcow-network[172.22.1.252] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 Oct 9 15:43:08 mailcow postfix/smtp[349]: Trusted TLS connection established to mail.nachname.com[81.19.xx.xx]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) Oct 9 15:43:08 mailcow postfix/smtp[349]: 21251C08BC: to=vorname@nachname.com, relay=mail.nachname.com[81.19.xx.xx]:25, delay=0.4, delays=0.19/0.03/0.18/0, dsn=4.0.0, status=deferred (SASL authentication failed; server mail.nachname.com[81.19.xx.xx] said: 535 Incorrect authentication data)
Rosi
Does this show you the correct credentials? =>
source mailcow.conf
docker-compose exec mysql-mailcow mysql -uroot -p${DBROOT} ${DBNAME} -e "SELECT * FROM relayhosts";
And even more important: Any ":" or other "special characters" in your password?
The password are only letters and Numbers. Im out of office.
source mailcow.conf docker-compose exec mysql-mailcow mysql -uroot -p${DBROOT} ${DBNAME} -e "SELECT * FROM relayhosts";
this show the correct credentials.
I have also made attempts without the header anonymization.
Without the relayhost setting in the domain I could send the mails without any problems. With the relayhost setting I did not succeed. It is only noticeable that I do NOT have any entries in the log file concerning the configured relayhost.
Can you please run ./update.sh to update images and code? It is possible you are on an older image version. It would also be very helpful to see the full uncensored logs. Can you send them to me? info@servercow.de
I sent it all.
I have completely re-installed and tested Mailcow. Works. Somehow, I guess it was because of my old installation.
I have entered a relayhost in Mailcow admin -> Configuration -> Relayhost. I registered this relayhost in Mailcow admin -> Edit object -> Edit domain at a domain. If I send only one mail with this domain, the relayhost will NOT be used. What am I doing wrong?
Rosi