# smtp authentication [127.0.0.1]/143: Connection refused

## reup

Hello all,

I have been running a server for some years now, using postfix-courier-imap and squirrelmail for email

recently I discover that hotmail and yahoo reject all email that do not have smtp authentication, so I followed the howto : http://www.gentoo.org/doc/en/virt-mail-howto.xml

now, I can send to companies like cisco, or netapp, but still ot to hotmail and yahoo

below is the errors i get when I activate "smtpd_tls_auth_only = yes " in postfix

```

Apr  1 11:34:19 reup postfix/smtpd[8031]: connection established

Apr  1 11:34:19 reup postfix/smtpd[8031]: master_notify: status 0

Apr  1 11:34:19 reup postfix/smtpd[8031]: name_mask: resource

Apr  1 11:34:19 reup postfix/smtpd[8031]: name_mask: software

Apr  1 11:34:19 reup postfix/smtpd[8031]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)

Apr  1 11:34:19 reup postfix/smtpd[8031]: name_mask: noanonymous

Apr  1 11:34:19 reup postfix/smtpd[8031]: connect from reup.dereut.com[127.0.0.1]

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_list_match: reup.dereut.com: no match

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_list_match: 127.0.0.1: no match

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_list_match: reup.dereut.com: no match

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_list_match: 127.0.0.1: no match

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostname: reup.dereut.com ~? 77.248.88.0/24

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostaddr: 127.0.0.1 ~? 77.248.88.0/24

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostname: reup.dereut.com ~? 127.0.0.0/8

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8

Apr  1 11:34:19 reup postfix/smtpd[8031]: > reup.dereut.com[127.0.0.1]: 220 www.dereut.com ESMTP Postfix

Apr  1 11:34:19 reup postfix/smtpd[8031]: < reup.dereut.com[127.0.0.1]: ???

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_string: ??? ~? CONNECT

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_string: ??? ~? GET

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_string: ??? ~? POST

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_list_match: ???: no match

Apr  1 11:34:19 reup postfix/smtpd[8031]: > reup.dereut.com[127.0.0.1]: 502 5.5.2 Error: command not recognized

Apr  1 11:34:19 reup postfix/smtpd[8031]: < reup.dereut.com[127.0.0.1]: ???????????D??BN??v???]u-??

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_string: ???????????D??BN??v???]u-?? ~? CONNECT

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_string: ???????????D??BN??v???]u-?? ~? GET

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_string: ???????????D??BN??v???]u-?? ~? POST

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_list_match: ???????????D??BN??v???]u-??: no match

Apr  1 11:34:19 reup postfix/smtpd[8031]: > reup.dereut.com[127.0.0.1]: 502 5.5.2 Error: command not recognized

Apr  1 11:34:19 reup postfix/smtpd[8031]: smtp_get: EOF

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostname: reup.dereut.com ~? 77.248.88.0/24

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostaddr: 127.0.0.1 ~? 77.248.88.0/24

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostname: reup.dereut.com ~? 127.0.0.0/8

Apr  1 11:34:19 reup postfix/smtpd[8031]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8

Apr  1 11:34:19 reup postfix/smtpd[8031]: lost connection after UNKNOWN from reup.dereut.com[127.0.0.1]

Apr  1 11:34:19 reup postfix/smtpd[8031]: disconnect from reup.dereut.com[127.0.0.1]

Apr  1 11:34:19 reup postfix/smtpd[8031]: master_notify: status 1

Apr  1 11:34:19 reup postfix/smtpd[8031]: connection closed

```

and below is what I get when I do not use tls :

```

Apr  1 11:36:35 reup postfix/smtpd[8042]: connection established

Apr  1 11:36:35 reup postfix/smtpd[8042]: master_notify: status 0

Apr  1 11:36:35 reup postfix/smtpd[8042]: name_mask: resource

Apr  1 11:36:35 reup postfix/smtpd[8042]: name_mask: software

Apr  1 11:36:35 reup postfix/smtpd[8042]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)

Apr  1 11:36:35 reup postfix/smtpd[8042]: name_mask: noanonymous

Apr  1 11:36:35 reup postfix/smtpd[8042]: connect from reup.dereut.com[127.0.0.1]

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_list_match: reup.dereut.com: no match

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_list_match: 127.0.0.1: no match

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_list_match: reup.dereut.com: no match

Apr  1 11:36:35 reup postfix/smtpd[8045]: auto_clnt_close: disconnect private/tlsmgr stream

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_list_match: 127.0.0.1: no match

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostname: reup.dereut.com ~? 77.248.88.0/24

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostaddr: 127.0.0.1 ~? 77.248.88.0/24

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostname: reup.dereut.com ~? 127.0.0.0/8

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 220 www.dereut.com ESMTP Postfix

Apr  1 11:36:35 reup postfix/smtpd[8042]: < reup.dereut.com[127.0.0.1]: EHLO www.dereut.com

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-www.dereut.com

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-PIPELINING

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-SIZE 10240000

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-VRFY

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-ETRN

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-STARTTLS

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-AUTH LOGIN PLAIN

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_list_match: reup.dereut.com: no match

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_list_match: 127.0.0.1: no match

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-AUTH=LOGIN PLAIN

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-ENHANCEDSTATUSCODES

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250-8BITMIME

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 250 DSN

Apr  1 11:36:35 reup postfix/smtpd[8042]: < reup.dereut.com[127.0.0.1]: AUTH LOGIN

Apr  1 11:36:35 reup postfix/smtpd[8042]: xsasl_cyrus_server_first: sasl_method LOGIN

Apr  1 11:36:35 reup postfix/smtpd[8042]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:

Apr  1 11:36:35 reup postfix/smtpd[8042]: xsasl_cyrus_server_next: decoded response: XXXX

Apr  1 11:36:35 reup postfix/smtpd[8042]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:

Apr  1 11:36:35 reup saslauthd[7802]: auth_rimap: connect reup.dereut.com[127.0.0.1]/143: Connection refused

Apr  1 11:36:35 reup saslauthd[7802]: auth_rimap: couldn't connect to reup.dereut.com/143

Apr  1 11:36:35 reup saslauthd[7802]: do_auth         : auth failure: [user=XXXXX] [service=smtp] [realm=] [mech=rimap] [reason=[ALERT] Couldn't contact remote authentication server]

Apr  1 11:36:35 reup postfix/smtpd[8042]: xsasl_cyrus_server_next: decoded response: YYYYYYYYYYY

Apr  1 11:36:35 reup postfix/smtpd[8042]: warning: reup.dereut.com[127.0.0.1]: SASL LOGIN authentication failed: authentication failure

Apr  1 11:36:35 reup postfix/smtpd[8042]: > reup.dereut.com[127.0.0.1]: 535 5.7.0 Error: authentication failed: authentication failure

Apr  1 11:36:35 reup postfix/smtpd[8042]: smtp_get: EOF

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostname: reup.dereut.com ~? 77.248.88.0/24

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostaddr: 127.0.0.1 ~? 77.248.88.0/24

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostname: reup.dereut.com ~? 127.0.0.0/8

Apr  1 11:36:35 reup postfix/smtpd[8042]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8

Apr  1 11:36:35 reup postfix/smtpd[8042]: lost connection after AUTH from reup.dereut.com[127.0.0.1]

Apr  1 11:36:35 reup postfix/smtpd[8042]: disconnect from reup.dereut.com[127.0.0.1]

Apr  1 11:36:35 reup postfix/smtpd[8042]: master_notify: status 1

Apr  1 11:36:35 reup postfix/smtpd[8042]: connection closed

```

I have replace my user name by XXXX and passwd by YYYYYYY as they show in plain in the logs (weird no ??)

the think is that I have been trying to fix this for month now, but can send email only if smtp authentication is set to NONE, therefore, services like hotmail refuse my emails

any help ??

----------

## nativemad

Hello

I'm absolutely unshure, if i understand your problem correctly... but:

 *Quote:*   

> Apr  1 11:36:35 reup saslauthd[7802]: auth_rimap: connect reup.dereut.com[127.0.0.1]/143: Connection refused
> 
> Apr  1 11:36:35 reup saslauthd[7802]: auth_rimap: couldn't connect to reup.dereut.com/143
> 
> Apr  1 11:36:35 reup saslauthd[7802]: do_auth         : auth failure: [user=XXXXX] [service=smtp] [realm=] [mech=rimap] [reason=[ALERT] Couldn't contact remote authentication server] 

 

With the "-rimap" option for sasl-auth, it tries to contact the imap-server to verify the credentials... it seems that on your smtp-server isn't any imap server running... Either you change -rimap to some other sasl-mechanism, or setup imap on that Host (probably a port-forwarding for TCP 143 to your imap Server could be a solution).

But its strange, this has normally nothing to do with tls afaik!   :Shocked: 

----------

