mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
9.09k stars 1.19k forks source link

Relayhost; using by mailcow UI - Failure #660

Closed roswitina closed 7 years ago

roswitina commented 7 years ago

I have entered a relayhost in Mailcow admin -> Configuration -> Relayhost. I registered this relayhost in Mailcow admin -> Edit object -> Edit domain at a domain. If I send only one mail with this domain, the relayhost will NOT be used. What am I doing wrong?

Rosi

andryyy commented 7 years ago

Have you previously used a customized main.cf?

Am 09.10.2017 um 14:55 schrieb roswitina notifications@github.com:

I have entered a relayhost in Mailcow admin -> Configuration -> Relayhost. I registered this relayhost in Mailcow admin -> Edit object -> Edit domain at a domain. If I send only one mail with this domain, the relayhost will NOT be used. What am I doing wrong?

Rosi

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

roswitina commented 7 years ago

I had a custom main. cf. I replaced the main. cf of github master. After that I just reactivated the anonymization of the header. I test the Relayhost.

Relayhost test result: Connection: opening to bsmtp.a1.net:25, timeout=300, options=array ( ) Connection: opened SERVER -> CLIENT: 220 bsmtp7.bon.at ESMTP (1) CLIENT -> SERVER: EHLO mailcow.intra.lokal SERVER -> CLIENT: 250-bsmtp7.bon.at ↪ 250-PIPELINING ↪ 250-SIZE 104857600 ↪ 250-ETRN ↪ 250-STARTTLS ↪ 250-ENHANCEDSTATUSCODES ↪ 250 8BITMIME CLIENT -> SERVER: STARTTLS SERVER -> CLIENT: 220 2.0.0 Ready to start TLS CLIENT -> SERVER: EHLO mailcow.intra.lokal SERVER -> CLIENT: 250-bsmtp7.bon.at ↪ 250-PIPELINING ↪ 250-SIZE 104857600 ↪ 250-ETRN ↪ 250-AUTH PLAIN LOGIN ↪ 250-AUTH=PLAIN LOGIN ↪ 250-ENHANCEDSTATUSCODES ↪ 250 8BITMIME CLIENT -> SERVER: AUTH LOGIN SERVER -> CLIENT: 334 VXNlcm5hbWU6 CLIENT -> SERVER: dC1rYUBwb2xpemVpLmF0 SERVER -> CLIENT: 334 UGFzc3dvcmQ6 CLIENT -> SERVER: cG91ejN6 SERVER -> CLIENT: 235 2.7.0 Authentication successful CLIENT -> SERVER: MAIL FROM:relay@example.org SERVER -> CLIENT: 250 2.1.0 Ok CLIENT -> SERVER: RCPT TO:null@hosted.mailcow.de SERVER -> CLIENT: 250 2.1.5 Ok CLIENT -> SERVER: DATA SERVER -> CLIENT: 354 End data with . CLIENT -> SERVER: Date: Mon, 9 Oct 2017 16:26:23 +0200 CLIENT -> SERVER: To: Joe Null null@hosted.mailcow.de CLIENT -> SERVER: From: Mailer relay@example.org CLIENT -> SERVER: Subject: A subject for a SMTP test CLIENT -> SERVER: Message-ID: 08e407ca3328f1f643b228cbf0f33942@mailcow.intra.lokal CLIENT -> SERVER: X-Mailer: PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer) CLIENT -> SERVER: MIME-Version: 1.0 CLIENT -> SERVER: Content-Type: text/plain; charset=iso-8859-1 CLIENT -> SERVER: CLIENT -> SERVER: This is our test body CLIENT -> SERVER: CLIENT -> SERVER: . SERVER -> CLIENT: 250 2.0.0 Ok: queued as 3y9jGl3RsPz5tlC CLIENT -> SERVER: QUIT SERVER -> CLIENT: 221 2.0.0 Bye Connection: closed

I have activated the relayhost in the respective domain.

Log from Postfix: Trusted TLS connection established to mail.name.lokal[5.1.76.202]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) E3D12C12B7: to=Vorname@Nachname.online, relay=mail.name.lokal[5.1.76.202]:25, delay=2.6, delays=0.21/0.03/2.3/0, dsn=4.7.8, status=deferred (SASL authentication failed; server mail.name.lokal[5.1.76.202] said: 535 5.7.8 Error: authentication failed: )

Without Relayhost I can send normally.

Rosi

roswitina commented 7 years ago

main.cf

biff = no append_dot_mydomain = no smtpd_tls_cert_file = /etc/ssl/mail/cert.pem smtpd_tls_key_file = /etc/ssl/mail/key.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [fd4d:6169:6c63:6f77::]/64 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all bounce_queue_lifetime = 1d broken_sasl_auth_clients = yes disable_vrfy_command = yes maximal_backoff_time = 1800s maximal_queue_lifetime = 1d message_size_limit = 26214400 milter_default_action = accept milter_protocol = 6 minimal_backoff_time = 300s plaintext_reject_code = 550 postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr, tcp:127.0.0.1:10027 postscreen_bare_newline_enable = no postscreen_blacklist_action = drop postscreen_cache_cleanup_interval = 24h postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.27 dnsbl.inps.de=127.0.0.27 bl.mailspike.net=127.0.0.25 bl.mailspike.net=127.0.0.[10;11;12]4 dnsbl.sorbs.net=127.0.0.108 dnsbl.sorbs.net=127.0.0.56 dnsbl.sorbs.net=127.0.0.73 dnsbl.sorbs.net=127.0.0.82 dnsbl.sorbs.net=127.0.0.62 dnsbl.sorbs.net=127.0.0.92 zen.spamhaus.org=127.0.0.[10;11]8 zen.spamhaus.org=127.0.0.[4..7]6 zen.spamhaus.org=127.0.0.34 zen.spamhaus.org=127.0.0.23 hostkarma.junkemailfilter.com=127.0.0.23 hostkarma.junkemailfilter.com=127.0.0.41 hostkarma.junkemailfilter.com=127.0.1.21 wl.mailspike.net=127.0.0.[18;19;20]-2 hostkarma.junkemailfilter.com=127.0.0.1*-2 postscreen_dnsbl_threshold = 8 postscreen_dnsbl_ttl = 5m postscreen_greet_action = enforce postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 2d postscreen_greet_wait = 3s postscreen_non_smtp_command_enable = no postscreen_pipelining_enable = no proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps queue_run_delay = 300s relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_cert_file = /etc/ssl/mail/cert.pem smtp_tls_key_file = /etc/ssl/mail/key.pem smtp_tls_loglevel = 1 smtp_dns_support_level = dnssec smtp_tls_security_level = dane smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_error_sleep_time = 10s smtpd_hard_error_limit = ${stress?1}${stress:5} smtpd_helo_required = yes smtpd_proxy_timeout = 600s smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = inet:dovecot:10001 smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain smtpd_soft_error_limit = 3 smtpd_tls_auth_only = yes smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL smtpd_tls_loglevel = 1 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_protocols = !SSLv2, !SSLv3 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 lmtp_tls_protocols = !SSLv2, !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_security_level = may tls_ssl_options = NO_COMPRESSION tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail/ virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 104 virtual_transport = lmtp:inet:dovecot:24 virtual_uid_maps = static:5000 smtpd_milters = inet:rspamd:9900 non_smtpd_milters = inet:rspamd:9900 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} mydestination = localhost.localdomain, localhost

content_filter=zeyple

Prefere IPv4, useful for v4-only envs

smtp_address_preference = ipv4 smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps.cf smtp_sasl_security_options = smtp_sasl_mechanism_filter = plain, login

Anonymize Headers

https://mailcow.github.io/mailcow-dockerized-docs/u_e-postfix-anonym_headers/

smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre

andryyy commented 7 years ago

In case you want to relay over hosted mailcow de, that will only work on port 587. 👍

roswitina commented 7 years ago

my relayhost goes to bsmtp. a1. net

andryyy commented 7 years ago

I need the full/more logs then, the above log says it is relaying over 5.1.76.202.

Edit. Can you check the output of docker-compose exec postfix-mailcow postmap -q example.com mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf? Where example.com is your local mailcow domain.

roswitina commented 7 years ago

I restart the postfix container. Ich use vorname.nachname@gmx.at. i activate relayhost bsmtp.a1.net for @gmx.at. I send mail to vorname@nachname.com with sogo webmail.

Her ist the log: 2017-10-09 15:42:05,110 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2017-10-09 15:42:05,110 INFO supervisord started with pid 1 2017-10-09 15:42:06,112 INFO spawned: 'postfix' with pid 10 2017-10-09 15:42:06,114 INFO spawned: 'syslog-ng' with pid 11 Oct 9 15:42:06 mailcow syslog-ng[11]: syslog-ng starting up; version='3.8.1' Oct 9 15:42:06 mailcow postfix[249]: Postfix is running with backwards-compatible default settings Oct 9 15:42:06 mailcow postfix[249]: See http://www.postfix.org/COMPATIBILITY_README.html for details Oct 9 15:42:06 mailcow postfix[249]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload" Oct 9 15:42:06 mailcow postfix/postfix-script[336]: starting the Postfix mail system Oct 9 15:42:06 mailcow postfix/master[338]: daemon started -- version 3.1.4, configuration /opt/postfix/conf 2017-10-09 15:42:07,827 INFO success: postfix entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2017-10-09 15:42:07,827 INFO success: syslog-ng entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) Oct 9 15:43:07 mailcow postfix/smtpd[343]: connect from mailcowdockerized_sogo-mailcow_1.mailcowdockerized_mailcow-network[172.22.1.252] Oct 9 15:43:08 mailcow postfix/smtpd[343]: 21251C08BC: client=mailcowdockerized_sogo-mailcow_1.mailcowdockerized_mailcow-network[172.22.1.252], sasl_method=PLAIN, sasl_username=vorname.nachname@gmx.at Oct 9 15:43:08 mailcow postfix/cleanup[348]: 21251C08BC: message-id=c3-59db9900-5-1183ef6@79420433 Oct 9 15:43:08 mailcow postfix/qmgr[340]: 21251C08BC: from=vorname.nachname@gmx.at, size=1139, nrcpt=1 (queue active) Oct 9 15:43:08 mailcow postfix/smtpd[343]: disconnect from mailcowdockerized_sogo-mailcow_1.mailcowdockerized_mailcow-network[172.22.1.252] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 Oct 9 15:43:08 mailcow postfix/smtp[349]: Trusted TLS connection established to mail.nachname.com[81.19.xx.xx]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) Oct 9 15:43:08 mailcow postfix/smtp[349]: 21251C08BC: to=vorname@nachname.com, relay=mail.nachname.com[81.19.xx.xx]:25, delay=0.4, delays=0.19/0.03/0.18/0, dsn=4.0.0, status=deferred (SASL authentication failed; server mail.nachname.com[81.19.xx.xx] said: 535 Incorrect authentication data)

Rosi

andryyy commented 7 years ago

Does this show you the correct credentials? =>

source mailcow.conf
docker-compose exec mysql-mailcow mysql -uroot -p${DBROOT} ${DBNAME} -e "SELECT * FROM relayhosts";
andryyy commented 7 years ago

And even more important: Any ":" or other "special characters" in your password?

roswitina commented 7 years ago

The password are only letters and Numbers. Im out of office.

roswitina commented 7 years ago

source mailcow.conf docker-compose exec mysql-mailcow mysql -uroot -p${DBROOT} ${DBNAME} -e "SELECT * FROM relayhosts";

this show the correct credentials.

I have also made attempts without the header anonymization.

Without the relayhost setting in the domain I could send the mails without any problems. With the relayhost setting I did not succeed. It is only noticeable that I do NOT have any entries in the log file concerning the configured relayhost.

andryyy commented 7 years ago

Can you please run ./update.sh to update images and code? It is possible you are on an older image version. It would also be very helpful to see the full uncensored logs. Can you send them to me? info@servercow.de

roswitina commented 7 years ago

I sent it all.

roswitina commented 7 years ago

I have completely re-installed and tested Mailcow. Works. Somehow, I guess it was because of my old installation.