Problem:
unable to send email from my (SOHO) server while on the Comcast network.
Disclaimer :
i'm sure there are better/proper ways to solve this problem. This is what i was able to put together after getting slowly mad over the 6 hours today.
You must have comcast username/password. Yes, you must register on comcast.net. Good part - it is free after service purchase.
Solution:
I'm running Scientific Linux 6.4 (aka RH) with postfix.
Out of the box setup didn't work:
connect to gmail-smtp-in.l.google.com[64.233.185.27]: Connection timed out (port 25)
Comcast closed port 25 on the public network and all smtp connections should use 587 -
http://customer.xfinity.com/help-and...xfinity-email/
The following configuration should address following errors:
Code:
Feb 17 18:49:33 server postfix/smtp[12723]: 53D2F6248D: to=<XXXX@gmail.com>, relay=smtp.comcast.net[68.87.20.6]:587, delay=5903, delays=5903/0.08/0.31/0.08, dsn=5.1.0, status=bounced (host smtp.comcast.net[68.87.20.6] said: 550 5.1.0 <dbabo@server.home> sender rejected : invalid sender domain (in reply to MAIL FROM command))
Feb 17 19:07:08 server postfix/local[13143]: 88ABE62475: to=<XXXXX@gmail.com>, relay=local, delay=0.18, delays=0.11/0.01/0/0.06, dsn=5.1.1, status=bounced (unknown user: "XXXX")
Feb 17 19:18:34 server postfix/smtp[13480]: warning: SASL authentication failure: No worthy mechs found
Feb 17 19:18:34 server postfix/smtp[13480]: 1CB9F62475: to=<alpine-count@patches.freeiz.com>, relay=smtp.comcast.net[96.114.157.81]:587, delay=0.77, delays=0.15/0.04/0.57/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.comcast.net[96.114.157.81]: no mechanism available
Feb 17 19:33:19 server postfix/smtp[13717]: 6207E62493: to=<XXXX@server.home>, relay=smtp.comcast.net[96.114.157.81]:587, delay=0.79, delays=0.03/0/0.48/0.28, dsn=5.1.1, status=bounced (host smtp.comcast.net[96.114.157.81] said: 550 5.1.1 <XXXX@server.home> recipient invalid domain (in reply to RCPT TO command))
Feb 17 19:39:04 server postfix/smtp[13912]: connect to smtp.comcast.net[68.87.20.6]:587: Connection timed out
Final result:
Code:
Feb 17 21:48:17 server postfix/smtp[15279]: 97EC162475: to=<XXXX@gmail.com>, relay=smtp.comcast.net[96.114.157.81]:587, delay=0.99, delays=0.09/0.01/0.46/0.43, dsn=2.0.0, status=sent (250 2.0.0 KeoG1s00M4ZxyZj01eoHZW mail accepted for delivery)
There are 2 major parts to this :
a. allow outbound traffic to the stmp server on iptables:
Code:
#MAIL
$IPT -A OUTPUT -p TCP -o eth0 --dport 587 -m state --state NEW -j ACCEPT
b. Configure postfix to work with smtp.comcast.net as relay server:
1. you need to enable SSL auth by adding cyrus-sasl packages and configuring main.cf. Since i didn't want to look into which one i need and which ones i don't - i just installed them all. I quickly learned that cyrus-sasl-sql (at the time of this writing - cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64) is causing issues.
2. Configure main.cf:
Code:
smtp_generic_maps = hash:/etc/postfix/generic
inet_protocols = ipv4
relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
c. Convince comcast server that you are legit user aka - you have a legit domain ( even though you are running off dynamic IP and (probably) do not have a legit registered domain):
change "generic" file to map you local username to some email you use to communicate with the world.
mine:
Code:
oracle@server.home some_email@gmail.com
d. Once you made the above changes to main.cf run the postmap to convert the sasl_passwd and "generic" files to their db:
Code:
postmap generic
postmap hash:/etc/postfix/sasl_passwd
restart postfix and you should be good.