# smtp authentication does not work with outlook [solved]

## mariourk

I have been following this howto to get smtp authentication working with Cyrus-sasl.

This allows me to send emails through my mailserver, even if I'm somewhere else.

The problem is that it doesn't work with outlook. Evolution and Thunderbird go fine,

but outlook refuses to authenticate. I configured the outgoing mail settings in outlook

the authenticate (using TLS) with the smtp-server. But when I try to send an email,

I get a relay access denied error, because outlook does not authenticate.

Does someone have experience with this (very strange) problem?   :Confused: 

----------

## magic919

Might be worth breaking it down a bit.  Can you just smtp-auth without the TLS?

----------

## mariourk

Without TLS, outlook still does't authenticate.

----------

## magic919

When you telnet to port 25 and give it an EHLO do you get all the smtp-auth options?

----------

## schally

 *mariourk wrote:*   

> 
> 
> ...because outlook does not authenticate...
> 
> 

 

why do you use outlook anyway when thunderbird is doing fine?

----------

## mariourk

 *Quote:*   

> 
> 
> why do you use outlook anyway when thunderbird is doing fine?
> 
> 

 

Ah, that is a very good question   :Wink: 

The server I'm referring to, is the mailserver of our company.

I'm using Evolution myself. And when I'm working in a windows environment

(sometimes it cannot be avoided...   :Sad:  ) I use Thunderbird. So far , so good.

Unfortunately most of the users here, use Outlook for their email. In this case,

the laptop users, it's all of them, who use outlook. So...

If it was up to me, I would have abandoned windows a long time ago.

Unfortunately, this is easier said than done.   :Evil or Very Mad: 

----------

## schally

hm,... why you don't make the first step and bann outlock/outlook??

----------

## elgato319

main.cf:

debug_peer_level = 5

debug_peer_list = 10.x.x.x (ip from the outlook client)

if the outlook client connects again you should see more output in your logfiles.

----------

## mariourk

Sorry for the late respons, I've been busy this weekend.

I've used your advise to get some more detailed info from the logs.

There is a difference between outlook and Evolution. But I can't figure out

why there is a difference. Here is the output from the logs.

Download the logfile from outlook here

Download the logfile from Evolution here

I noticed a difference at the beginning of the logs

Outlook

```

Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-STARTTLS

Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-ENHANCEDSTATUSCODES

Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-8BITMIME

Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250 DSN

Jul 23 10:02:19 mail postfix/smtpd[32585]: watchdog_pat: 0x80cb610

Jul 23 10:02:19 mail postfix/smtpd[32585]: vstream_fflush_some: fd 18 flush 133

Jul 23 10:02:19 mail postfix/smtpd[32585]: vstream_buf_get_ready: fd 18 got 36

Jul 23 10:02:19 mail postfix/smtpd[32585]: < uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: MAIL FROM: <mario@famtennapel.com>

```

Evolution

```

Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-STARTTLS

Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-ENHANCEDSTATUSCODES

Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-8BITMIME

Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250 DSN

Jul 23 10:07:00 mail postfix/smtpd[32605]: watchdog_pat: 0x80cb610

Jul 23 10:07:00 mail postfix/smtpd[32605]: vstream_fflush_some: fd 18 flush 133

Jul 23 10:07:00 mail postfix/smtpd[32605]: vstream_buf_get_ready: fd 18 got 10

Jul 23 10:07:00 mail postfix/smtpd[32605]: < uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: STARTTLS

Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 220 2.0.0 Ready to start TLS

```

However, I couldn't figure out why there is a difference.

I hope someone can shed some light on this.

----------

## mariourk

I think I solved the problem. In outlook I had to enable to use SSL when contacting the SMTP-server.

I tried this before, but that led to another problem. The email returned with this error:

```

504 5.5.2 <mario>: Helo command rejected: need fully-qualified hostname

```

It turned out this was caused by my postfix configuration in /etc/postfix/main.cf

I had to edit the smtpd_recipient_restrictions option and move permit_mynetworks and

permit_sasl_authenticated to the top of the list. (well, almost the top) It now looks like this:

```

smtpd_recipient_restrictions =

   check_client_access hash:/etc/postfix/helo_client_exceptions,

   check_sender_access    hash:/etc/postfix/sender_checks,

   permit_mynetworks,

   permit_sasl_authenticated,

   reject_invalid_hostname,

   reject_non_fqdn_hostname,

   reject_non_fqdn_sender,

   reject_non_fqdn_recipient,

   reject_unknown_sender_domain,

   reject_unknown_recipient_domain,

   reject_unauth_destination,

   check_policy_service inet:127.0.0.1:10030

```

I hope this will help someone.   :Very Happy: 

----------

## Mr.C.

Make sure that both files listed here:

```
check_client_access hash:/etc/postfix/helo_client_exceptions,

check_sender_access    hash:/etc/postfix/sender_checks,
```

do *not* have OK results listed, or you have created an open relay.

MrC

----------

## mariourk

I will keep an eye on it. Thank you for pointing it out   :Very Happy: 

----------

