-3

I have been trying to configure Postfix to use SMTP authentication. When I telnet on port 587, I appear to be authenticating correctly, but the mail fails to reach its destination and instead comes back as 553 rejected by Spamhaus because my IP is on the PBL. When I read the documentation on Spamhaus, I am told that being on the PBL is not a block, I just need to ensure that I authenticate correctly (https://www.spamhaus.org/faq/section/Spamhaus%20PBL#253).

I have searched extensively, but have not found a way to ensure mail is delivered successfully from this server.

Would anyone know what I might be missing here?

Here is the result of my telnet test:

ubuntu@dev-server:~$ telnet api.mijnvitalefuncties.com 587
Trying 192.168.0.11...
Connected to api.mijnvitalefuncties.com.
Escape character is '^]'.
220 dev-server ESMTP Postfix (Ubuntu)
ehlo api.mijnvitalefuncties.com
250-dev-server
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
***
334 UGFzc3dvcmQ6
***
235 2.7.0 Authentication successful
MAIL FROM:<someone@api.mijnvitalefuncties.com>
250 2.1.0 Ok
RCPT TO:<someone@example.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
.
250 2.0.0 Ok: queued as B70A764235
quit
221 2.0.0 Bye
Connection closed by foreign host.

Here is the email I receive informing me that the mail cannot be delivered:

This is the mail system at host dev-server.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

               The mail system

<someone@example.com>: host cluster5.eu.messagelabs.com[193.109.255.99]
said: 553-mail rejected because your IP is in the PBL. See 553
http://www.spamhaus.org/pbl (in reply to RCPT TO command)

Here is the error I get when I try to disable port 25 so as to force mail through submission (port 587).

Jan 27 11:53:26 dev-server postfix/qmgr[16821]: warning: connect to transport private/smtp: Connection refused
Jan 27 11:53:26 dev-server postfix/error[16841]: 5137E64232: to=<peter.heylin@ie.fujitsu.com>, relay=none, delay=19, delays=19/0/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
galtech
  • 3
  • 4

2 Answers2

3

The log shows that authentication is properly configured and working 

235 2.7.0 Authentication successful

but the reply says you are getting blocked

553-mail rejected because your IP is in the PBL. See 553 http://www.spamhaus.org/pbl (in reply to RCPT TO command)

Go to spamhaus web site and follow the link to get unblocked

Blocked? To check, get info and resolve listings go to Blocklist Removal Center

Ra_
  • 677
  • 4
  • 9
  • I've checked the spamhaus website. See the link in the question that leads to page stating that authentication is turned on, but I am still blocked. – galtech Jan 27 '17 at 10:09
  • @galtech authentication isn't transitive; it applies only to a single SMTP hop. You're authenticating to `api.mijnvitalefuncties.com` just fine, and delivering your email to it. But when it tries to hand it onto messagelabs, messagelabs refuses to accept it because api.mijnvitalefuncties.com's IP is in an RBL. It may be that SMTP AUTH would help with that step (if, eg, messagelabs were your outbound email provider) but if so, we don't currently know anything about the authentication of *that* step, and that's the problem you need to look at. – MadHatter Jan 27 '17 at 10:44
  • I am not sure if I am sending email correctly through port 587. If I reconfigure Postfix to stop listening on port 25 (as suggested by Spamhaus), I get a mail transport error. Any advice to solve this? – galtech Jan 27 '17 at 10:57
  • Could you paste the mail transport error? – Ra_ Jan 27 '17 at 11:31
  • I have edited the question above to include the mail transport error. – galtech Jan 27 '17 at 12:03
  • I'm affraid that listening on port 25 has nothing to do with sending email. IMHO you should read something about how SMTP works, then elaborate your question providing some MTA configuration details. – Ra_ Feb 03 '17 at 13:55
1

Proving that authentication is working is not the same thing as proving that unauthenticated requests are blocked. However that's not relevant to the problem you are having (unable to deliver email to remote systems).

when I try to disable port 25

It's rather worrying that you think this has any part in a solution to your problem. You've also not provided any details of how your MTA is configured.(a diff of the main.cf and any other config files you have modified are pretty essential to understanding what's going on here).

When I read the documentation on Spamhaus, I am told that being on the PBL is not a block, I just need to ensure that I authenticate correctly

You seem to have the drawn the wrong conclusions from the information provided there. Here authentication solves the problem where your MTA is rejecting messages from your MUA. While your problem is that the messagelabs MTA is not accepting mail from your MTA.

If you have a formal arrangement with messagelabs whereby they provide you with a login to their MTA, and you configure your MTA to use that account when passing mail to their servers then you would be able to get your email forwarded by them. But such an approach is just silly - messagelabs are not interested in maintaining such relationships with all the people who might want to send their customers email.

Read "What if I want to run a mail server on dynamic IPs listed in the PBL?" carefully.

You need to get a static IP address (in a static range) or use a smart relay which already has such a IP.

symcbean
  • 21,009
  • 1
  • 31
  • 52