LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-15-2004, 02:29 AM   #1
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Rep: Reputation: 15
E-Mail pb with postfix


Since few days I've got some strange (to me) messages when I send e-mails.
I've got a Linux box with Postfix configured.
When I send mail to recipients sometimes I've got this return messages :

This is the Postfix program at host mydomain.com.
>
> I'm sorry to have to inform you that the message returned below could
> not be delivered to one or more destinations.
>
> For further assistance, please send mail to <postmaster>
>
> If you do so, please include this problem report. You can delete your
> own text from the message returned below.
>
> The Postfix program
>
> <xxxxx@noos.fr>: host mx.noos.fr[xxxxx] said: 550
> <APuteaux-xxx-1-1-16.w217-xxx.abo.wanadoo.fr[xxxxxx]>:
> Client host
> rejected: Utilisez le serveur smtp de votre FAI (in reply to RCPT TO
> command)

>

The message in French says : Use the SMTP server of your ISP (in reply to RCPT TO command)

Some @ which was OK last month are not OK this month. I wonder if it is not antispams or something like this.

If someone got an idea of what happen... and how to bypass this problem ?
 
Old 07-17-2004, 08:34 AM   #2
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
No idea
 
Old 07-17-2004, 09:20 AM   #3
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
That error message is pretty clear, isn't it? It tells you to use your ISP's smtp server rather than your own. This is common practice on most all well configured mail servers: They do not accept mail from dial-up IPs. They do a reverse lookup of your IP address and find it in the range of some dhcp pool. That's reason enough to not accept mail from it.

Configure you postfix to use your ISP mail server as a relay and you'll be fine.
 
Old 07-17-2004, 11:22 AM   #4
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by demian

Configure you postfix to use your ISP mail server as a relay and you'll be fine.
Thank's for your answer, but I try this (relayhost=smtp.wanadoo.fr) but I then got messages like : "relaying not allowed".

Is it the right command (relayhost=smtp.wanadoo.fr) in main.cf configuration file or is there another configuration to add ?

Other thing, my Linux box is a server with fixed IP address, postfix as mail server, a DNS with an MX record in it. So I don't understand why it goes wrong on certain smtp server only (club-internet for example).

thank's in advance
 
Old 07-17-2004, 11:41 AM   #5
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
The reverse lookup apparently gives APuteaux-xxx-1-1-16.w217-xxx.abo.wanadoo.fr which to me looks like dial-up. Static IP or not. Just because you run a DNS server on your box doesn't mean the whole internet can see it. Your ISP most certainly doesn't forward DNS queries to its customer's computers. You will have to contact your ISP if you think that your contract with them includes DNS MX entries and the such.

As for the relaying not working: They probably use smtp auth. I don't know the config option to authenticate to the relayhost in postfix but I'm sure it's possible. exim does it.
 
Old 07-17-2004, 02:01 PM   #6
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by demian
The reverse lookup apparently gives APuteaux-xxx-1-1-16.w217-xxx.abo.wanadoo.fr which to me looks like dial-up. Static IP or not. Just because you run a DNS server on your box doesn't mean the whole internet can see it. Your ISP most certainly doesn't forward DNS queries to its customer's computers. You will have to contact your ISP if you think that your contract with them includes DNS MX entries and the such.

As for the relaying not working: They probably use smtp auth. I don't know the config option to authenticate to the relayhost in postfix but I'm sure it's possible. exim does it.
Thank's another times, what can I search in postfix help to find the solution ? smtp auth is not known and I dont know sufficently postfix to find. If you can help me once more ....

Thank's in advance
 
Old 07-17-2004, 02:47 PM   #7
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
Quote:
Originally posted by jmcollin92
Thank's another times, what can I search in postfix help to find the solution ? smtp auth is not known and I dont know sufficently postfix to find. If you can help me once more ....

Thank's in advance
I don't mean to patronize you but this is exactly the reason why mail servers generally don't accept mail from dial-up addresses: You should know this when you run your own mail server. You could very well be running an open relay without knowing it. Really, a mail server at home has it's educational value but please everybody, do make sure that you know what you're doing before letting it lose on the internet.

Ok, now for something that's actually helpful:
THE major resource for postfix is, of course, www.postfix.org. They've got good docs there and a mailng list.

smtp auth is a way of authenticating a client at smtp time. It was slapped on the smtp protocol description when the internet turned from a geek playground into a seriously hostile environment and spam became a problem. Just as with pop or imap you provide a username and password before the server accepts your connection. Every MUA (mail user agent like kmail, evolution, etc) is capable of this protocol extension. Now in your setup postfix acts as a mail client requesting to send mail to a server.

Now how does postfix do that? Mind you that I don't use postfix. So what follows is just what I gathered by skimming through the docs.

The relayhost config option is ok what you need is to tell postfix to supply a username and password when talking to that relayhost. To do this enable smtp auth (in main.cf):

smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd

The file /etc/postfix/smtp_passwd could look like this:

smtp.isp.org username:password

Run postmap /etc/postfix/smtp_passwd after you crated the password file. (And you might want to set the permission to 600 and make the postfix user the owner of that file since it contains clear text passwords.) To have your own subnet be able to send mail through this server without authenticating be sure to add it to the mynetworks variable. Now you have to probably reload postfix and maybe it works.
 
Old 07-17-2004, 02:51 PM   #8
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
I try this immediatly.

Thank's a lot
 
Old 07-17-2004, 03:32 PM   #9
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by demian
I
The relayhost config option is ok what you need is to tell postfix to supply a username and password when talking to that relayhost. To do this enable smtp auth (in main.cf):

smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd

The file /etc/postfix/smtp_passwd could look like this:

smtp.isp.org usernameassword

Run postmap /etc/postfix/smtp_passwd after you crated the password file. (And you might want to set the permission to 600 and make the postfix user the owner of that file since it contains clear text passwords.) To have your own subnet be able to send mail through this server without authenticating be sure to add it to the mynetworks variable. Now you have to probably reload postfix and maybe it works.
The result is not good :
<jm.collin@laposte.net>: host smtp.wanadoo.fr[193.252.22.81] said: 550
<jm.collin@laposte.net>: Recipient address rejected: Relaying not allowed
(in reply to RCPT TO command)


There is no mistake in main.cf configuration file, and no errors in /var/log/messages. The login/passwd in smtp_passwd file is the login and password of a valid account in the smtp server of wanadoo.


What about pop_before_smtp ? I've read that it could be a solution, but I don't know how to tell postfix to do a pop before each smtp request. If you can help me.....
 
Old 07-17-2004, 03:35 PM   #10
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
For information :

My main.cf :
# 17/07/2004 - JMC test de relaying
relayhost = smtp.wanadoo.fr
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd

My smtp_passwd :

smtp.wanadoo.fr mylogin:mypassword
 
Old 07-17-2004, 04:00 PM   #11
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
I just checked: smtp.wanadoo.fr doesn't support smtp auth:

Code:
demian@dirac:~$ telnet smtp.wanadoo.fr 25
Trying 193.252.22.82...
Connected to smtp.wanadoo.fr.
Escape character is '^]'.
220 mwinf0504.wanadoo.fr ESMTP **************************
EHLO mylinbox.kick-ass.org
250-mwinf0504.wanadoo.fr
250-PIPELINING
250-SIZE 10485760
250 8BITMIME
quit
221 Bye
One of the lines startin with 250 should read AUTH PLAIN LOGIN MD5... So, that's out. pop before smtp might be an option but that's even worse a hack than smtp auth is. A search on the postfix site turns up a few hits but it seems that you will need to install add on software for that. So you might want to check with your ISP what they actually DO support and how you are supposed to send mail through their servers.

Can you send it directly from your MUA when you enter smtp.wanadoo.fr as smtp server?
 
Old 07-17-2004, 04:05 PM   #12
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by demian

Can you send it directly from your MUA when you enter smtp.wanadoo.fr as smtp server?
Yes, it does.

The problem is that this is a (small) enterprise server not for my personnal use. And I'm supposed to be the administrator....

I will check if there is a solution with my (fucking) ISP.

Thank's a lot for all your time ...
 
Old 07-18-2004, 04:45 AM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Well if you're not sending mail as @wanadoo.fr (for instance, if you're using @mydomain) then smtp.wanadoo.fr will not relay it of course (it's not their domain name so that would be an open relay!).

Now, the reverse DNS check is extremely stupid since there are several reasons why even well-configured and standards-complying servers would be sending from a domain that doesn't match their reverse DNS. Chief among those reasons is that the DNS structure will only allow one PTR record for each IP, but a single SMTP server can handle thousands of e-mail domains. What you can do in this case (assuming you have only one domain) is to call your ISP and ask them to change the PTR for your IP to be *.yourdomain or at least somehost.yourdomain.

Another thing to do would be to do a whois lookup on each of the domains that is rejecting your e-mail and get the phone number and/or e-mail address of their technical contact. Get in contact with the administrator on the other side and let them know that using simple reverse DNS checks to block e-mail results in a massive amount of false positives. Tell them there are plenty of commercial and free solutions that will both do a much better job of stopping spam, and block far, far less good e-mail.
 
Old 07-18-2004, 05:41 AM   #14
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Thank's for all informations.
I will try to contact the admin of smtp mail server doing reverse DNS check.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix send mail problem(In RH9, kernal 2.4.20, postfix 2.1.5) minor Linux - General 6 09-23-2019 10:09 PM
Postfix mail transfer agent not sending mail locally or to other servers sketelsen Linux - Software 3 02-09-2006 11:16 AM
problem receiving pop3 mail from postfix mail server GEN_Electric Linux - Software 2 02-14-2005 02:43 PM
Postfix $HOME/mail/inbox instead of /var/spool/mail ramram29 Linux - Software 3 08-08-2004 01:28 AM
Postfix mail server not accepting incoming mail from the external interface rexmundi Linux - Networking 7 12-22-2003 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration