On 6 Sep 2018, at 22:06 (-0400), eaerhaerhaehae aehraerhaeha wrote:
I can send emails over port 465 using smtper.net just fine. It's the
clients (thunderbird, k-9,..) that cause an error when there is
supposed to be EHLO.
STARTTLS works perfectly for both, dovecot and postfix. TLS works
perfectly for dovecot. Only postfix TLS is giving me trouble.
What could be the problem here?
Thanks!
NOT WORKING CONNECTION FROM MY PC/PHONE ("Thunderbird failed to find
the settings for your email account.")
That sounds like a TBird problem. Postfix has nothing to do with
providing settings for TBird or any other MUA.
---------------------------------------------------------------------------------
Sep 7 02:42:49 myserver postfix/smtpd[20128]:
xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Sep 7 02:42:49 myserver postfix/smtpd[20128]:
xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Sep 7 02:42:49 myserver postfix/smtpd[20128]: < my.isp.com[1.2.3.4]:
???
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ??? ~? connect
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ??? ~? get
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ??? ~? post
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_list_match: ???:
no match
Sep 7 02:42:49 myserver postfix/smtpd[20128]: > my.isp.com[1.2.3.4]:
502 5.5.2 Error: command not recognized
Sep 7 02:42:49 myserver postfix/smtpd[20128]: < my.isp.com[1.2.3.4]:
??????
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ? ~? connect
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ? ~? get
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ? ~? post
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_list_match: ?:
no match
Sep 7 02:42:49 myserver postfix/smtpd[20128]: > my.isp.com[1.2.3.4]:
502 5.5.2 Error: command not recognized
Sep 7 02:42:49 myserver postfix/smtpd[20128]: < my.isp.com[1.2.3.4]:
?
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ? ~? connect
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ? ~? get
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_string:
smtpd_forbidden_commands: ? ~? post
Sep 7 02:42:49 myserver postfix/smtpd[20128]: match_list_match: ?:
no match
Sep 7 02:42:49 myserver dovecot: imap-login: Aborted login (no auth
attempts in 1 secs): user=<>, rip=1.2.3.4, lip=my.server.ip.here, TLS,
session=<2ZdzST117MJXe3ri>
This looks like one of 2 common problems:
1. The MUA is trying to use immediate TLS ("smtps" or "wrappermode" in
postfix-ese) on port 25 or 587, rather than on port 465, which is the
only place where it is usable.
2. You have a very dumb firewall (e.g. Cisco ASA or ancient Cisco PIX)
misconfigured to "protect" your mail server.
This looks MUCH more like (1) to me...
Solution: fix your client settings. Don't use wrappermode on anything
but port 465 *configured* for wrappermode.
WORKING CONNECTION FROM SMTPER
[...]
Sep 7 02:46:52 myserver postfix/smtpd[20169]: <
ns513574.ip-192-99-9.net[192.99.9.142]: AUTH login
ZW1haWxAbXktZW1haWwtc2VydmVyLmNvbQ==
Sep 7 02:46:52 myserver postfix/smtpd[20169]:
xsasl_dovecot_server_first: sasl_method login, init_response
ZW1haWxAbXktZW1haWwtc2VydmVyLmNvbQ==
Sep 7 02:46:52 myserver postfix/smtpd[20169]:
xsasl_dovecot_handle_reply: auth reply: CONT?1?UGFzc3dvcmQ6
Sep 7 02:46:52 myserver postfix/smtpd[20169]: >
ns513574.ip-192-99-9.net[192.99.9.142]: 334 UGFzc3dvcmQ6
Sep 7 02:46:52 myserver postfix/smtpd[20169]: <
ns513574.ip-192-99-9.net[192.99.9.142]: MTIzNDU=
Sep 7 02:46:52 myserver postfix/smtpd[20169]:
xsasl_dovecot_handle_reply: auth reply:
OK?1?user=em...@my-email-server.com?
---------------------------------------------------------------------------------
If you didn't munge the above to make it look like you use a supremely
bad password, you need to stop using such a supremely bad password...
For further assistance, you should provide the information noted in the
last section Postfix DEBUG_README documentation.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
