0

I have just moved my server to OVH Dedicated server and now having a problem with SMTP, which I need a bit of help with.

SMTP is set on port 25, but when I am setting up my email client (MS Outlook 2010 or Android Email Client) I have notification "server does not support authentication"

I can receive emails on all of the email clients and can send email but only via webmail.

here is an update:

220 myserver.net ESMTP Postfix
EHLO iamuser
250-myserver.net
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DNS

Also if I enable TLS on Outlook the it works, but it does not work on android even with TLS.

Please help!!!

AlexB
  • 2,164
  • 6
  • 27
  • 61
  • I've check your main.cf and found "smtpd_tls_auth_only = yes" it setting forbid authentification on non-secure port 25. You can just change it to "no", or try using secure port 465 in Android Mail Client. – Oleg Neumyvakin May 29 '15 at 05:10

1 Answers1

1

Server doesn't provide auth, it may be because of "smtpd_tls_auth_only = yes" in /etc/postfix/main.cf.

"smtpd_tls_auth_only = yes" forbid authentication on non-secure connection like port 25. You can just change it to "no", or try using secure port 465 in Android Mail Client.

It's quite easy to check your SMTP server auth methods. On Windows you need telnet client:

CMD> telnet yourserver.name 25
SERVER> 220 deb7x64-plesk12-1.local ESMTP Postfix (Debian/GNU)
CLIENT> EHLO iamuser
SERVER> 250-deb7x64-plesk12-1.local
SERVER> 250-PIPELINING
SERVER> 250-SIZE 10240000
SERVER> 250-ETRN
SERVER> 250-STARTTLS
SERVER> 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
SERVER> 250-ENHANCEDSTATUSCODES
SERVER> 250-8BITMIME
SERVER> 250 DSN
CLIENT> quit
SERVER> 221 2.0.0 Bye

Where "DIGEST-MD5", "CRAM-MD5", "PLAIN", "LOGIN" it's an authentication methods.

I've checked that "Android Email Client" is replaced with google's Gmail application and it working fine with provided auth methods.

Oleg Neumyvakin
  • 9,706
  • 3
  • 58
  • 62
  • There a lot of guides or I can advise you. But first of all you need to enumerate them and make sure that you have connect on the right server and right port. – Oleg Neumyvakin May 28 '15 at 15:16
  • I have checked with OVH host and the say that port 25 is open on all of my IPs, but that message keeps appearing and there is nothing I could do about it at all. I have no idea how to configure the Postfix installed on the server. – AlexB May 28 '15 at 15:46
  • As I said, try to connect to your server on port 25 via telnet and gather server auth methods. It's quite difficult to "fix something" without any info. You can configure Postfix by connection to server over SSH with PuTTY application. – Oleg Neumyvakin May 28 '15 at 16:08
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/79047/discussion-between-alexb-and-oleg-neumyvakin). – AlexB May 28 '15 at 17:39
  • 1
    I have just posted all content of the main.cf file in the chat – AlexB May 28 '15 at 17:41
  • I am not sure if this makes any difference at all but the system that I am on is using both IPv4 and IPv6 and postfix version 2.10.1 – AlexB May 28 '15 at 19:22
  • I have just changed "smtpd_tls_auth_only = yes" to "smtpd_tls_auth_only = no" and "smtpd_sasl_security_options = noplaintext" to "smtpd_sasl_security_options = noanonymous" and everything started to work. Thanks Oleg – AlexB May 29 '15 at 09:01
  • Pay attention that authentication via non-secure port it is not secure :) – Oleg Neumyvakin May 29 '15 at 09:23
  • So how should I secure it? – AlexB May 29 '15 at 09:36
  • Actually it's just a question for android client. Try to set up android client to use TLS on port 465 or startTLS on port 25. – Oleg Neumyvakin May 29 '15 at 12:44
  • I don't know about Android Mail client, but Gmail app(5.2.93937770) can work with StartTLS and SSL/TLS. If you have self-signed certificate you have to choose StartTLS(accept all certificates) or SSL/TLS(accept all certificates). – Oleg Neumyvakin May 29 '15 at 12:51