Connection problems...
 
Notifications
Clear all

Connection problems smtps ports 465 and 587

17 Posts
9 Users
2 Reactions
4,684 Views
(@almarulanda)
Joined: 2 years ago
Posts: 6
Topic starter  

Hi team
I have problems with the smtp connection after updating to version 23.3.0. We handle mail through a desktop client and through the mobile app. These options stopped working after performing the update. Please could you help me informing how I enable this option again

Regars


   
Quote
(@almarulanda)
Joined: 2 years ago
Posts: 6
Topic starter  

Test connection port 465:

Connecting to mail server.
Connected.
Forcing disconnection from SMTP server.
QUIT
Disconnected.

Error: Timeout.
Failed to send message


   
ReplyQuote
(@almarulanda)
Joined: 2 years ago
Posts: 6
Topic starter  

test conection port 587

Connecting to mail server.
Connected.
220 mail.hosp.co ESMTP Postfix
EHLO Sky
250-mail.hosp.co
250-PIPELINING
250-SIZE 40960000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
AUTH LOGIN
503 5.5.1 Error: authentication not enabled
Forcing disconnection from SMTP server.
QUIT
221 2.0.0 Bye
Disconnected.

Error: SMTP protocol error. 503 5.5.1 Error: authentication not enabled.
Failed to send message


   
ReplyQuote
(@almarulanda)
Joined: 2 years ago
Posts: 6
Topic starter  

zextras@correo:~$ zmprov getServer mail.hosp.co  | grep Auth
zimbraAuthTokenNotificationInterval: 60000
zimbraLowestSupportedAuthVersion: 2
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthPort: 7073
zimbraMtaAuthTarget: TRUE
zimbraMtaBrokenSaslAuthClients: yes
zimbraMtaSaslAuthEnable: yes
zimbraMtaSmtpSaslAuthEnable: no
zimbraMtaSmtpdClientAuthRateLimit: 0
zimbraMtaSmtpdSaslAuthenticatedHeader: no
zimbraMtaTlsAuthOnly: TRUE
zimbraShareNotificationMtaAuthRequired: FALSE

zextras@correo:~$ zmprov getServer mail.hosp.co  | grep Mode
zimbraBackupMode: Standard
zimbraCBPolicydBypassMode: tempfail
zimbraIPMode: ipv4
zimbraMailMode: http
zimbraMailReferMode: reverse-proxied
zimbraMailSSLClientCertMode: Disabled
zimbraOpenidConsumerStatelessModeEnabled: TRUE
zimbraReverseProxyClientCertMode: off
zimbraReverseProxyImapStartTlsMode: only
zimbraReverseProxyMailMode: https
zimbraReverseProxyPop3StartTlsMode: only
zextras@correo:~$

 

This post was modified 2 years ago by Almarulanda

   
ReplyQuote
(@dmitry)
Joined: 2 years ago
Posts: 7
 

I have the same problem. After the update, sending emails from external applications or services does not work. Receiving emails from external applications and services works well.


   
ReplyQuote
(@a-luciano)
Joined: 2 years ago
Posts: 11
 

Hello,
same problem on my servers. @zextras please help us to understand why we have this issue.


   
ReplyQuote
(@rlbrugnolli)
Joined: 2 years ago
Posts: 1
 
Hello

I just migrated from zimbra and some of my connections are not working, due to the same error.

   
ReplyQuote
(@stefanodavid)
Joined: 3 years ago
Posts: 227
 

Hi there, sorry for the late reply!

I understand that this problem is relevant to most of you, but I would like to ask for some more information, as : 

1) Is this problem limited using external application? In other words, does email sending from Carbonio mobile apps work? I give for granted that sending emails from Carbonio's IRIS interface works smoothly.

2) can you name a few of these external applications? Do log files of these applications (if available) mention any error/warning?

3) I know that delving into log files might be not the most pleasant of the tasks, but did you find some relevant error message?

4) Do you use some authentication/VPN/proxy/firewall/whatever that may interfere with normal Carbonio's working?


   
ReplyQuote
(@a-luciano)
Joined: 2 years ago
Posts: 11
 

Hello Stefano,

let me try to answer you point by point:

1) This issue is visible only on the external application and is normal because the webmail talk internally with all the Carbonio component and probably this check is skipped because are part of MtaNetwork.

2) The application are Outlook, thunderbird, telnet etc etc. From Outlook I see the error message 503 5.5.1 Error: authentication not enabled. but this is an answer from Carbonio server and not an error in the application Outlook.

3) this are the log form Carbonio (of course I obscured sensible data):

Apr 20 21:09:56 mta01 postfix/submission/smtpd[1851091 Anonymous TLS connection established from xxxxxx[xx.xx.xxx.xx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 20 21:09:56 mta01 postfix/submission/smtpd[1851091 Anonymous TLS connection established from xxxxxx[xx.xx.xxx.xx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 20 21:09:57 mta01 saslauthd[85258]: zmauth: authenticating against elected url 'https://xxxxxxxx.xxxxx.xx:7071/service/admin/soap/' ...
Apr 20 21:09:57 mta01 saslauthd[85258]: zmpost: url='https://xxxxxxxx.xxxxx.xx:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="1037"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0000000000000000000000000000000000000000</authToken><lifetime>172799993</lifetime></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
Apr 20 21:09:57 mta01 postfix/submission/smtpd[1851091 NOQUEUE: filter: RCPT from  https://xxxxxxxx.xxxxx.xx:  <test@xxxx.xx>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@xxxx.xx> to=<yyyyyy@yyyy.yy> proto=ESMTP helo=<xxxxx>
Apr 20 21:09:57 mta01 saslauthd[85258]: auth_zimbra: test@xxxx.xx auth OK
Apr 20 21:09:57 mta01 postfix/submission/smtpd[1851091 NOQUEUE: filter: RCPT from xxxxxx[xx.xx.xxx.xx]: <test@xxxx.xx>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@xxxx.xx> to=<yyyyyy@yyyy.yy> proto=ESMTP helo=<xxxxx>
Apr 20 21:09:57 mta01 postfix/submission/smtpd[1851091 NOQUEUE: reject: RCPT from xxxxxx[xx.xx.xxx.xx]: 553 5.7.1 <test@xxxx.xx>: Sender address rejected: not owned by user test@xxxx.xx; from=<test@xxxx.xx> to=<yyyyyy@yyyy.yy> proto=ESMTP helo=<xxxxx>
Apr 20 21:09:57 mta01 postfix/submission/smtpd[1851091 NOQUEUE: reject: RCPT from xxxxxx[xx.xx.xxx.xx]: 553 5.7.1 <test@xxxx.xx>: Sender address rejected: not owned by user test@xxxx.xx; from=<test@xxxx.xx> to=<yyyyyy@yyyy.yy> proto=ESMTP helo=<xxxxx>
Apr 20 21:09:57 mta01 postfix/submission/smtpd[1851091 disconnect from xxxxxx[xx.xx.xxx.xx] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7
Apr 20 21:09:57 mta01 postfix/submission/smtpd[1851091 disconnect from xxxxxx[xx.xx.xxx.xx] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7


4) No, any of these component are interfering with Carbonio.

Let me add one thing, If I use outlook and in the configuration instead to use public IP I'm using private IP because I'm inside the local network of Carbonio (similar scenario to the webmail) the error does not appear and the sending goes smoothly.

Carbionio is installed on Rocky Linux release 8.7 (Green Obsidian) and Carbonio version is 23.4.0 but the issue started after the upgrade on 23.3.0
Now I hope all these details can help to investigate on this problem.


   
ReplyQuote
(@a-luciano)
Joined: 2 years ago
Posts: 11
 

Today I decided to do another test to exclude possible configuration error or issue caused by the upgrade. I installed from scratch new carbonio servers in a multi server scenario without applying customization on security’s settings etc and unfortunately the issue still present.


   
ReplyQuote
(@yuriy)
Joined: 2 years ago
Posts: 4
 

I have the same problem on my server. Some clients do not send mail. In the server and client logs "Sender address rejected: not owned by user". The username and email of the sender match. I enabled the user to send mail from any address, but this did not solve the problem.


   
ReplyQuote
(@yarii)
Joined: 2 years ago
Posts: 1
 

Hello,

I have the same problem too.

>>3) I know that delving into log files might be not the most pleasant of the tasks, but did you find some relevant error message?

When i send mail from any mail application or mailer-script in logs I see:

Apr 24 23:12:28 qmail postfix/submission/smtpd[1395593]: NOQUEUE: filter: RCPT from unknown[xxx.xxx.xxx.xxx]: <test1@samedomain.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test1@samedomain.com> to=<test2@samedomain.com> proto=ESMTP helo=<hp>
Apr 24 23:12:28 qmail postfix/submission/smtpd[1395593]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 553 5.7.1 <test1@samedomain.com>: Sender address rejected: not owned by user test1@samedomain.com; from=<test1@samedomain.com> to=<test2@samedomain.com> proto=ESMTP helo=<hp>

 

 

From web-interface sending mail works ok. Issue started after the upgrade on 23.3.0.

Carbonio Release 23.4.0

Server versions:

version 23.4.0
commit 37b6a20c4877f579a027d479560d9717596ed512
system_type carbonio
product Carbonio
zal_version 3.21.0
zal_commit 050d0cc2e00e924c9286706b1a7ea6d6687ce926


   
ReplyQuote
(@yuriy)
Joined: 2 years ago
Posts: 4
 

Viewed the logs on the server. There are the following entries:

Apr 21 12:25:39 pm mail postfix/submission/smtpd[2253918]: connect from unknown[10.130.29.11]
Apr 21 12:25:39 mail postfix/submission/smtpd[2253918]: Anonymous TLS connection established from unknown[10.130.29.11]: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 21 12:25:39 PM mail saslauthd[6181]: zmauth: authenticating against elected url 'https://mail.example.com:7071/service/admin/soap/' ...
Apr 21 12:25:39 pm mail slapd[1476]: slap_get_csn: conn=1022 op=120594 generated new csn=20230421072539.913386Z#000000#000#000000 manage=1
Apr 21 12:25:39 pm
Apr 21 12:25:39 pm mail slapd[1476]: slap_graduate_commit_csn: removing 0x7f000ca0d940 20230421072539.913386Z#000000#000#000000
Apr 21 12:25:39 pm mail saslauthd[6181]: zmpost: url='https://mail.example.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns: soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="310"/></context> </soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_c99544f49719978a71e4141f43f22b82ed24d86a_69643d33363a39613561626233652d3366376642d3461 636235623333339383661363b6578703d31333a313638323233343733393931323b747970653d363a7a696d6272613b753d313a613b7469643d393a313135Token3 time>172799996</lifetime></AuthResponse></soap:Body></soap :Envelope>', hti->error=''
Apr 21 12:25:39 pm mail saslauthd[6181]: auth_zimbra: tech@example.com auth OK
Apr 21 12:25:39 PM mail postfix/submission/smtpd[2253918]: NOQUEUE: filter: RCPT from unknown[10.130.29.11]: <tech@example.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1 ]:10026; from=<tech@example.com> to=<test-03hsjo9ky@srv1.mail-tester.com> proto=ESMTP helo=<localhost>
Apr 21 12:25:39 PM mail postfix/submission/smtpd[2253918]: NOQUEUE: reject: RCPT from unknown[10.130.29.11]: 553 5.7.1 <tech@example.com>: Sender address rejected: not owned by user tech@example.com from=<tech@example.com> to=<test-03hsjo9ky@srv1.mail-tester.com> proto=ESMTP helo=<localhost>
Apr 21 12:25:39 mail postfix/submission/smtpd[2253918]: lost connection after DATA from unknown[10.130.29.11]

On the client in the logs (Client is a website):

user = tech@example.com from = tech@example.com
Apr 21 12:25:40 host=10.130.29.26 tls=on auth=on user=tech@example.com from=tech@example.com recipients=test-03hsjo9ky@srv1.mail-tester.com smtpstatus=553 smtpmsg= '553 5.7.1 <tech@example.com>: Sender address rejected: not owned by user tech@example.com' errormsg='recipient address test-03hsjo9ky@srv1.mail-tester.com not accepted by the server' exitcode =EX_DATAERR

More log entries from the server (already another client, the mozilla thunderbird client):

Apr 21 15:06:53 mail saslauthd[6181]: zmauth: authenticating against elected url 'https://mail.example.com:7071/service/admin/soap/' ...
Apr 21 15:06:53 mail slapd[1476]: slap_get_csn: conn=1013 op=121114 generated new csn=20230421100653.640789Z#000000#000#000000 manage=1
Apr 21 15:06:53 mail slapd[1476]: slap_queue_csn: queuing 0x7f0007e0d180 20230421100653.640789Z#000000#000#000000
Apr 21 15:06:53 mail slapd[1476]: slap_graduate_commit_csn: removing 0x7f0007e0d180 20230421100653.640789Z#000000#000#000000
Apr 21 15:06:53 mail saslauthd[6181]: zmpost: url='https://mail.example.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns: soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="4686"/></context> </soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_43ad377d2a3f44852961d5ed8b81e9d67ac0829d_69643d33363a62316435353234332d3237664302d2338646 646666313535396561353b6578703d31333a313638323234343431333633393b747970653d363a7a696d6272613b753d313a613b7469643d31303a333bau3634 ><lifetime>172799996</lifetime></AuthResponse></soap:Body></soap :Envelope>', hti->error=''
Apr 21 15:06:53 mail saslauthd[6181]: auth_zimbra: gpetrushel@example.com auth OK
Apr 21 15:06:53 mail postfix/smtps/smtpd[2403455]: NOQUEUE: filter: RCPT from unknown[10.130.11.98]: <gpetrushel@example.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1 ]:10026; from=<gpetrushel@example.com> to=<yuyurin@example.com> proto=ESMTP helo=<[10.130.11.98]>
Apr 21 15:06:53 mail postfix/smtps/smtpd[2403455]: NOQUEUE: reject: RCPT from unknown[10.130.11.98]: 553 5.7.1 <gpetrushel@example.com>: Sender address rejected: not owned by user gpetrushel@example.com; from=<gpetrushel@example.com> to=<yuyurin@example.com> proto=ESMTP helo=<[10.130.11.98]>
Apr 21 15:06:53 mail postfix/smtps/smtpd[2403455]: lost connection after RCPT from unknown[10.130.11.98]

When connecting to a VPN server, no proxy is used. Firewall set up correctly access to 465, 587 ports is open.


   
ReplyQuote
(@a-luciano)
Joined: 2 years ago
Posts: 11
 

Hello, I found why we have this behavior and how to fix it.
Zextras developers introduce in the code directive on MTA side reject_sender_login_mismath

so to solve it you can go here /opt/zextras/conf/zmconfigd/smtpd_sender_restrictions.cf and delete reject_sender_login_mismath.

%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zextras/conf/postfix_reject_sender%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zextras/common/conf/tag_as_originating.re%%
permit_mynetworks
permit_sasl_authenticated
permit_tls_clientcerts
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zextras/common/conf/tag_as_foreign.re%%


Here the discussion on github https://github.com/Zextras/carbonio-mta/pull/2 where I have already reported what I found.

I am sorry that the developers have not properly checked the behavior after this change and also that they have not written on the forum.


   
ReplyQuote
(@yuriy)
Joined: 2 years ago
Posts: 4
 

@a-luciano It's not entirely safe. Server users get the opportunity to send mail with any email sender. Let's take for example. The user will correct his sender's email in the letter to the boss's email and write whatever he wants. You can also change the email of another domain, gmail.com for example.


   
ReplyQuote
Page 1 / 2