# can't relay through external smtp via postfix [SOLVED]

## NotQuiteSane

I'm starting to go batty.

A friend setup an account for me.   should go my postfix--> his postfix --> his isp --> destination address

i relay through him because my isp won't

he uses tls.

i installed thunderbird, just to test, and it works fine.   then i try from the command line.  i get a bounce stating in part:

```
Final-Recipient: rfc822; deleted

Action: failed

Status: 5.0.0

Remote-MTA: dns; deleted

Diagnostic-Code: smtp; 554 <deleted>: Recipient address rejected:

    Relay access denied

```

i'm guessing i need to have postfix accept the ssl certificates, but how?

NQS

----------

## elgato319

Just because you use SSL or TLS, the other server won't let you relay mail.

I think you need to authentificate first on your friends mailserver and then you are able to send mails through it.

main.cf

```

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth

smtp_sasl_security_options = noanonymous

relayhost = smtp.somedomain.com

```

smtp_auth

```

somedomain.com   <username>:<password>

```

----------

## NotQuiteSane

 *elgato319 wrote:*   

> Just because you use SSL or TLS, the other server won't let you relay mail.
> 
> I think you need to authentificate first on your friends mailserver and then you are able to send mails through it.
> 
> main.cf
> ...

 

I have all that, with the exception of the file having a different name.

```
smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 

smtpd_use_tls=yes

smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/ssl/postfix/server.key

smtpd_tls_cert_file = /etc/ssl/postfix/server.crt

smtpd_tls_CAfile = /etc/ssl/postfix/server.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtp_sasl_password_maps = hash:/etc/postfix/saslpass

relayhost = mail.xxx.xxx.xxx

virtual_mailbox_base = 
```

```
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.pass,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

#

# remotehost user:password

mail.xxx.xxx.xxx     nqs:xxx
```

----------

## elgato319

Could you try to send an email via telnet with your username/password and see if it works?

Maybe the server won't authenticate you correctly.

----------

## NotQuiteSane

 *elgato319 wrote:*   

> Could you try to send an email via telnet with your username/password and see if it works?
> 
> Maybe the server won't authenticate you correctly.

 

I get:

```
[root@mike /root 19:24]# telnet xxx.xxx.xxx.xxx 25                                     

Trying 72.xxx.xxx.xxx...

Connected to mail.xxx.xxx.xxx.

Escape character is '^]'.

220 linus.xxx.xxx.xxx ESMTP Postfix

HELO nqs

250 linus.xxx.xxx.xxx

PASS xxx

502 Error: command not implemented

MAIL FROM: nqs

250 Ok

RCPT TO:nqs@nqs.is-a-geek.net

554 <nqs@nqs.is-a-geek.net>: Recipient address rejected: Relay access denied

QUIT

221 Bye

Connection closed by foreign host.
```

NQS

----------

## elgato319

 *Quote:*   

> 
> 
> PASS xxx
> 
> 502 Error: command not implemented 
> ...

 

you don't authenticate yourself, so the mailserver rejects your

try those smtp commands: http://www.artran.co.uk/computers/telnetSMTP.html

----------

## NotQuiteSane

Ok, thank's for the link.  I see what I was doing wrong with telnet.

Here's what I get this time:

```
[root@mike /root 19:52]# telnet linus.triad.ath.cx 25                                    

Trying 72.178.50.191...

Connected to linus.triad.ath.cx.

Escape character is '^]'.

220 linus.triad.ath.cx ESMTP Postfix

HELO mail.triad.ath.cx

250 linus.triad.ath.cx

HELO nqs

250 linus.triad.ath.cx

AUTH LOGIN

334 VXNlcm5hbWU6

bnFz

334 UGFzc3dvcmQ6

<deleted>

235 Authentication successful

MAIL FROM: <nqs@mail.triad.ath.cx>

250 Ok

RCPT TO: nqs@tigger.tmcom.com

250 Ok

DATA

354 End data with <CR><LF>.<CR><LF>

Subject: test from telnet

ubthigfui

.

250 Ok: queued as ED9C27BF53

QUIT

221 Bye

Connection closed by foreign host.

[root@mike /root 18:16]# 
```

haven't looked to see if it went through yet, fetchmail grabs from my external boxes every 15 minutes.

i'm gonnaa act on a hunch and remove saslpass.db and then recreate.

NQS

----------

## NotQuiteSane

 *NotQuiteSane wrote:*   

> i'm gonnaa act on a hunch and remove saslpass.db and then recreate.
> 
> NQS

 

Nope.  that didn't work.

NQS

----------

## elgato319

```

250 Ok: queued as ED9C27BF53 

```

at least the external mailserver did accept the mail this time.

now we just have to get postfix to authenticate

----------

## sven_sol

 *Quote:*   

> main.cf
> 
> ```
> 
> smtp_sasl_auth_enable = yes
> ...

 

Did you do a postmap /etc/postfix/smtp_auth ?

Not sure if it'll make much difference, you would have seen something in your logs.

Just a though, thats all.

----------

## NotQuiteSane

ok, I've made some "progress"  and gotten really pissed off at postfix.

first off, i'm getting a new error: 

```
<nqs@tigger.tmcom.com>: SASL authentication failed; server

    linus.triad.ath.cx[72.178.50.191] said: 535 Error: authentication failed
```

I just sshed into linus, so I know my password is good.  

but as I see the error, it's saying bad password or name.

here's what i'm using to login (minus password, of course)

```
[root@mike postfix 21:45]# cat smtp_auth

linus.triad.ath.cx nqs:<deleted>

[root@mike postfix 21:45]#
```

again, I can ssh in with those same credentials.

oh, and why postfix is pissing me off?   I mentioned above I'd deleted saslpass.db, and re-run postmap to re-create it.   I just changed in main.cf the line to read smtp_auth, re-named the file, and re-ran postmap.

NQS

----------

## elgato319

 *Quote:*   

> 
> 
> ```
> smtp_auth:
> 
> ...

 

are you sure this password is correct?

smtp auth and ssh login can(and should be) be two diffrent types of passwords

----------

## NotQuiteSane

 *elgato319 wrote:*   

>  *Quote:*   
> 
> ```
> smtp_auth:
> 
> ...

 

Just confirmed it is the correct password

it maybe on his end:

```
(22:09:13) Mac: i'm getting this problem

(22:09:14) Mac: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory 

May 22 23:11:25 linus postfix/smtpd[22133]: warning: SASL authentication failure: no secret in database 

May 22 23:11:25 linus postfix/smtpd[22133]: warning: 65-100-1-106.eugn.qwest.net[65.100.1.106]: SASL DIGEST-MD5 authentication failed 

May 22 23:11:25 linus postfix/smtpd[22133]: > 65-100-1-106.eugn.qwest.net[65.100.1.106]: 535 Error: authentication failed 

May 22 23:11:25 linus postfix/smtpd[22133]: watchdog_pat: 0x80b8778 

May 22 23:11:25 linus postfix/smtpd[22133]: < 65-100-1-106.eugn.qwest.net[65.100.1.106]: QUIT 

May 22 23:11:25 linus postfix/smtpd[22133]: > 65-100-1-106.eugn.qwest.net[65.100.1.106]: 221 Bye 

May 22 23:11:25 linus postfix/smtpd[22133]: disconnect from 65-100-1-106.eugn.qwest.net[65.100.1.106] 

(22:13:04) joe: hmm.  are you missing /etc/sasldb2?

(22:13:20) Mac: yes

(22:13:26) Mac: trying to fix that now

(22:13:59) joe: that could be our problem.  let me know.  if i've gone to bed i'll send a test message in the morning.

(22:14:13) Mac: password?

(22:14:31) joe: you mean mine?  for linus?

(22:14:34) Mac: yes

(22:14:58) joe: <deleted>

(22:18:38) Mac: try now

(22:23:19) Mac: i created the database file, your username and password are the only entries

(22:31:47) joe: sent

(22:33:07) joe: bounced.
```

NQS

----------

## NotQuiteSane

Well the problem is "solved"

I broke down and looked up how to use gmail to relay through.  not my perfered choice, but it'll have to do until i get a static ip or buy a relay service.

Thanks for the help

NQS

----------

