basilmir

Q: OS X Server - Relay outgoing mail through ISP - Operation timed out

Hello,

 

I have my OS X Server setup but i can only receive mail. Because of my ISP i can't send, so i need to relay the mail through them.

I have a personal e-mail address

 

hostname: mail.ispmail.com with the ip XXX.XX.80.110

 

user:

myname@ispmail.com

 

password:

mypassword

 

I've entered them in the Relay outgoing mail through ISP field in OS X Server app and now i get an operation timed out?

 

Can't i use my account to relay mail through it? Does the isp relay have to have somekind of special settings?

 

Mar 6 21:48:46 server.mydomain.com postfix/smtp[6664]: 792DA5C5245: to=<destination@mail.ro>, relay=none, delay=30, delays=0.06/0.04/30/0, dsn=4.4.1, status=deferred (connect to XXX.XX.80.110[XXX.XX.80.110]:25: Operation timed out)

 

Am i doing something wrong?


Posted on Mar 6, 2013 12:06 PM

Close

Q: OS X Server - Relay outgoing mail through ISP - Operation timed out

  • All replies
  • Helpful answers

Page 1 Next
  • by iToaster,

    iToaster iToaster Mar 6, 2013 9:36 PM in response to basilmir
    Level 3 (739 points)
    Mar 6, 2013 9:36 PM in response to basilmir

    Ask your ISP

  • by basilmir,

    basilmir basilmir Mar 6, 2013 11:11 PM in response to iToaster
    Level 1 (76 points)
    Mar 6, 2013 11:11 PM in response to iToaster

    I did... they gave me a guide on how configure my e-mail client with the same settings.

     

    Is there any difference in the way a client sends mail and the way server relays mail... Do i need somekind of specific support?

  • by UptimeJeff,

    UptimeJeff UptimeJeff Mar 7, 2013 10:23 AM in response to basilmir
    Level 4 (3,477 points)
    Mar 7, 2013 10:23 AM in response to basilmir

    Maybe you need to use a different port (587, 465)? Your ISP should tell you.

     

    Try to send mail from your mail client using your ISP.

    Whatever user/pass/port combination that works in your client should work from the server.

  • by basilmir,

    basilmir basilmir Mar 7, 2013 10:24 AM in response to UptimeJeff
    Level 1 (76 points)
    Mar 7, 2013 10:24 AM in response to UptimeJeff

    How do i specify a port in the OS X Server interface...

     

    I have hostname, user and password. Should i use hostname:587 for example?

  • by UptimeJeff,

    UptimeJeff UptimeJeff Mar 7, 2013 10:26 AM in response to basilmir
    Level 4 (3,477 points)
    Mar 7, 2013 10:26 AM in response to basilmir

    figure it out with your client app first (easier)

    try port 25 with your user/pw, does it work?

    try port 587, does it work?

     

    Once you have a combination that works, we'll look at how to match it with the server.

  • by Johan Ekenberg,

    Johan Ekenberg Johan Ekenberg Mar 7, 2013 2:51 PM in response to basilmir
    Level 1 (10 points)
    Mar 7, 2013 2:51 PM in response to basilmir

    It all comes down to the exact details of the required connection to your ISP.

     

    1. Use telnet to check that you can connect to the ISP's host. Try ports 587, 25 or sometimes 26:

     

    $ telnet isphost 587

     

    If you cannot get a TCP connection through telnet, there is a network/firewall issue that needs resolving before you can continue.

     

    2. If you can connect but there are other issues, try installing Swaks which is available through Homebrew:

     

    $ brew install swaks

     

    Swaks has a lot of options. This is from the manual page with an added port-option as an example:

     

    $ swaks --port 587 --to user@example.com --from me@example.com --auth CRAM-MD5 --auth-user me@example.com

     

    So - take it one step at a time, starting with network connectivity and moving on to the SMTP transaction.

  • by basilmir,

    basilmir basilmir Mar 11, 2013 12:27 PM in response to Johan Ekenberg
    Level 1 (76 points)
    Mar 11, 2013 12:27 PM in response to Johan Ekenberg

    I'm begining to think there is something "special" with the Server App.

     

     

     

     

    I even bought and Outbound SMTP service so i can relay my mail through them.

     

    If i configure Apple Mail to send the e-mail using:

     

    mailout.easydns.com

    port: 465 (SSL)

    user: myuser

    password: my password

     

    Authentication method: Password

     

    (Question-Answer MD5 does not work, none of the others do either)

     

    I can send mail AS any "sender" i want and it works.

     

    However when i write the exact same data in the server app.

    sters.png

     

    My e-mails all bounce:

     

    DFB1F5D09DF: to=<destination@example.com>, relay=mailout.easydns.com[64.68.200.141]:465, delay=1515, delays=1204/10/300/0, dsn=4.4.2, status=deferred (conversation with mailout.easydns.com[64.68.200.141] timed out while receiving the initial server greeting)

     

    What does "timed out while receiving the initial server greeting" mean?

     

     

     

     

     

     

     

    A couple of days later my e-mail just returns to me the sender.

     

    This is the mail system at host server.example.com.

     

     

    I'm sorry to have to inform you that your message could not

    be delivered to one or more recipients. It's attached below.

     

     

    For further assistance, please send mail to postmaster.

     

     

    If you do so, please include this problem report. You can

    delete your own text from the attached returned message.

     

     

                      The mail system

     

     

    <destination@example.com>: conversation with

       mailout.easydns.com[64.68.200.141] timed out while receiving the initial

       server greeting

  • by UptimeJeff,Helpful

    UptimeJeff UptimeJeff Mar 11, 2013 6:31 PM in response to basilmir
    Level 4 (3,477 points)
    Mar 11, 2013 6:31 PM in response to basilmir

    I don't think the server app is going to create an upstream smtp config using port 465.

    465 is an SSL connection.  Ports 25 and 587 start with non-ssl then enable it with STARTTLS

     

    Does your SMTP provider allow 587 or another TLS port ?

    They often have a few non-standard ports you can use to get around when common mail ports are blocked.

     

    Next time, don't wait days to find out if the mail went out or not.

    Watch the logs and/or check the statu of your outbound mailq with this command in terminal:

         sudo mailq

  • by basilmir,

    basilmir basilmir Mar 12, 2013 12:32 AM in response to UptimeJeff
    Level 1 (76 points)
    Mar 12, 2013 12:32 AM in response to UptimeJeff

    All ports are open. Tried 587. Sent an e-mail, everything ok. Then checked Logs SMTP to see if it relays allright.

    Here is what it says:

     

    Mar 12 09:23:32 server.example.com postfix/qmgr[8422]: 6DD8C5EF621: from=<contact@example.com>, size=1053, nrcpt=1 (queue active)

    Mar 12 09:23:33 server.example.com postfix/smtp[9470]: warning: SASL authentication failure: No worthy mechs found

    Mar 12 09:23:33 server.example.com postfix/smtp[9470]: 6DD8C5EF621: to=<destination@email.com>, relay=mailout.easydns.com[64.68.200.141]:587, delay=1.9, delays=0.85/0.03/1/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

    Mar 12 09:23:34 server.example.com postfix/smtp[9415]: 6F9005EF5E7: to=<destination@email.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=74, delays=0.52/0.09/21/52, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6DD8C5EF621)

    Mar 12 09:23:34 server.example.com postfix/qmgr[8422]: 6F9005EF5E7: removed

     

     

    Any thoughts?

    Normally i should be able to "relay" via any smtp that i can send e-mail from? I tried the mail app and i can send as any user i want, but when i try to relay i get this.

  • by basilmir,

    basilmir basilmir Mar 12, 2013 12:35 AM in response to UptimeJeff
    Level 1 (76 points)
    Mar 12, 2013 12:35 AM in response to UptimeJeff

    sudo mailq prints this

     

    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

    6DD8C5EF621     1053 Tue Mar 12 09:23:31  contact@example.com

    (SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

                                             destination1@example1.com

     

     

    71FF95D0B61     1052 Fri Mar  8 11:43:18  contact@example.com

    (conversation with mailout.easydns.com[64.68.200.141] timed out while receiving the initial server greeting)

                                             destination1@example1.com

     

     

    DFB1F5D09DF     1046 Fri Mar  8 11:38:29  contact@example.com

    (conversation with mailout.easydns.com[64.68.200.141] timed out while receiving the initial server greeting)

                                             destination@gmail.com

                                             destination1@example1.com

     

     

    EDAB15CD070     1090 Thu Mar  7 20:33:55  contact@example.com

    (SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

                                             destination@gmail.com

     

     

    -- 6 Kbytes in 4 Requests.

  • by UptimeJeff,Helpful

    UptimeJeff UptimeJeff Mar 12, 2013 9:44 AM in response to basilmir
    Level 4 (3,477 points)
    Mar 12, 2013 9:44 AM in response to basilmir

    Sounds like the server is trying to use a non-supported auth method.

     

    Post the output of:

         sudo postconf -n -c /Library/Server/Mail/Config/postfix/

  • by basilmir,

    basilmir basilmir Mar 12, 2013 12:01 PM in response to UptimeJeff
    Level 1 (76 points)
    Mar 12, 2013 12:01 PM in response to UptimeJeff

    Here it is:

     

    biff = no

    command_directory = /usr/sbin

    config_directory = /Library/Server/Mail/Config/postfix

    content_filter = smtp-amavis:[127.0.0.1]:10024

    daemon_directory = /usr/libexec/postfix

    data_directory = /Library/Server/Mail/Data/mta

    debug_peer_level = 2

    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

    dovecot_destination_recipient_limit = 1

    enable_server_options = yes

    header_checks = pcre:/Library/Server/Mail/Config/postfix/custom_header_checks

    html_directory = /usr/share/doc/postfix/html

    imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

    inet_interfaces = all

    inet_protocols = all

    mail_owner = _postfix

    mailbox_size_limit = 0

    mailbox_transport = dovecot

    mailq_path = /usr/bin/mailq

    manpage_directory = /usr/share/man

    maps_rbl_domains =

    message_size_limit = 10485760

    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

    mydomain = MYDOMAIN.com

    mydomain_fallback = localhost

    myhostname = server.MYDOMAIN.com

    mynetworks = 127.0.0.0/8, [::1]/128

    newaliases_path = /usr/bin/newaliases

    postscreen_dnsbl_sites = zen.spamhaus.org*2

    queue_directory = /Library/Server/Mail/Data/spool

    readme_directory = /usr/share/doc/postfix

    recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps

    recipient_delimiter = +

    relayhost = mailout.easydns.com:587

    sample_directory = /usr/share/doc/postfix/examples

    sendmail_path = /usr/sbin/sendmail

    setgid_group = _postdrop

    smtp_sasl_auth_enable = yes

    smtp_sasl_password_maps = hash:/Library/Server/Mail/Config/postfix/sasl/passwd

    smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit

    smtpd_enforce_tls = no

    smtpd_helo_required = yes

    smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname

    smtpd_pw_server_security_options = cram-md5,digest-md5,gssapi

    smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit

    smtpd_sasl_auth_enable = yes

    smtpd_sasl_local_domain = server.tofan-arkitect.com

    smtpd_tls_CAfile = /etc/certificates/server.MYDOMAIN.com.E92783059AEE749D3A7411E74DD22282CB6781CC. chain.pem

    smtpd_tls_cert_file = /etc/certificates/server.MYDOMAIN.com.E92783059AEE749D3A7411E74DD22282CB6781CC. cert.pem

    smtpd_tls_ciphers = medium

    smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

    smtpd_tls_key_file = /etc/certificates/server.MYDOMAIN.com.E92783059AEE749D3A7411E74DD22282CB6781CC. key.pem

    smtpd_use_pw_server = yes

    smtpd_use_tls = yes

    tls_random_source = dev:/dev/urandom

    unknown_local_recipient_reject_code = 550

    use_sacl_cache = yes

    virtual_alias_maps = $virtual_maps

  • by UptimeJeff,

    UptimeJeff UptimeJeff Mar 12, 2013 12:17 PM in response to basilmir
    Level 4 (3,477 points)
    Mar 12, 2013 12:17 PM in response to basilmir

    OK. make sure you are using 587 (465 won't work)

     

    Try forcing specific auth methods

    You can copy/paste these each block and paste all 3 lines to Terminal at the same time.

     

    In each case, watch the logs and see if it works.

     

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=login"
    sudo postfix reload
    sudo postsuper -r ALL
    

     

    or

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=plain"
    sudo postfix reload
    sudo postsuper -r ALL
    

     

    or

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=cram-md5"
    sudo postfix reload
    sudo postsuper -r ALL
    

     

     

     

    If you needed to revert that setting

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter="
    sudo postfix reload
    
  • by basilmir,

    basilmir basilmir Mar 12, 2013 12:46 PM in response to UptimeJeff
    Level 1 (76 points)
    Mar 12, 2013 12:46 PM in response to UptimeJeff

    "login" produces

     

    Mar 12 21:26:45 server.MYDOMAIN.com postfix/error[5934]: A0B955F4189: to=<me@gmail.com>, relay=none, delay=53, delays=51/2.5/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

     

     

     

    "plain"

     

    Mar 12 21:29:53 server.MYDOMAIN.com postfix/smtp[5985]: C2A8E5F424A: to=<me@gmail.com>, relay=mailout.easydns.com[64.68.200.141]:587, delay=1.5, delays=0/0/1.5/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

    Mar 12 21:29:58 server.MYDOMAIN.com postfix/smtp[6011]: warning: SASL authentication failure: No worthy mechs found

     

     

     

     

    "cram-md5"

     

    Mar 12 21:32:23 server.MYDOMAIN.com postfix/smtp[6093]: warning: mailout.easydns.com[64.68.200.141]:587 offered no supported AUTH mechanisms: 'PLAIN LOGIN'

    Mar 12 21:32:23 --- last message repeated 1 time ---

    Mar 12 21:32:23 server.MYDOMAIN.com postfix/smtp[6093]: 825225F4353: to=<me@gmail.com>, relay=mailout.easydns.com[64.68.200.141]:587, delay=1.4, delays=0/0.02/1.3/0, dsn=4.7.0, status=deferred (SASL authentication failed: server mailout.easydns.com[64.68.200.141] offered no compatible authentication mechanisms for this type of connection security)

     

     

    PS. Can you elaborate as to why 465 will not work?

Page 1 Next