basilmir

Q: OS X Server - Relay outgoing mail through ISP - Operation timed out

Hello,

 

I have my OS X Server setup but i can only receive mail. Because of my ISP i can't send, so i need to relay the mail through them.

I have a personal e-mail address

 

hostname: mail.ispmail.com with the ip XXX.XX.80.110

 

user:

myname@ispmail.com

 

password:

mypassword

 

I've entered them in the Relay outgoing mail through ISP field in OS X Server app and now i get an operation timed out?

 

Can't i use my account to relay mail through it? Does the isp relay have to have somekind of special settings?

 

Mar 6 21:48:46 server.mydomain.com postfix/smtp[6664]: 792DA5C5245: to=<destination@mail.ro>, relay=none, delay=30, delays=0.06/0.04/30/0, dsn=4.4.1, status=deferred (connect to XXX.XX.80.110[XXX.XX.80.110]:25: Operation timed out)

 

Am i doing something wrong?


Posted on Mar 6, 2013 12:06 PM

Close

Q: OS X Server - Relay outgoing mail through ISP - Operation timed out

  • All replies
  • Helpful answers

Previous Page 2
  • by UptimeJeff,

    UptimeJeff UptimeJeff Mar 12, 2013 4:21 PM in response to basilmir
    Level 4 (3,477 points)
    Mar 12, 2013 4:21 PM in response to basilmir

    PS. Can you elaborate as to why 465 will not work?

     

     

    Postfix supports TLS

         starts off without SSL then switches to SSL

     

    Post 465 is traditionally setup for implicit ssl

         the connections is SSL from the beginning

     

    postfix doesn't function as an implicit ssl smtp client without an addon.

     

    You could capture the conversation in more detail with tcpdump. something like

             sudo tcpdump -A port 587

    With that, you should see the attempted negotiation

     

    I'm about out of ideas for you.

  • by basilmir,

    basilmir basilmir Mar 12, 2013 11:00 PM in response to UptimeJeff
    Level 1 (76 points)
    Mar 12, 2013 11:00 PM in response to UptimeJeff

    Thank you for your help so far!

     

    Here is the dump, exact command you asked for me:

     

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes

    07:49:47.358016 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [S], seq 227513062, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 545134578 ecr 0,sackOK,eol], length 0

    E..@.K@.@...

    ..........................

    ~..........

    07:49:47.490355 IP mailout.easydns.com.submission > server.example.com.62607: Flags [S.], seq 1859218684, ack 227513063, win 5392, options [mss 1360,sackOK,TS val 2684869342 ecr 545134578,nop,wscale 7], length 0

    E..<.}..+..j@D..

    ..............P...

    .... ~......

    07:49:47.490478 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [.], ack 1, win 8256, options [nop,nop,TS val 545134710 ecr 2684869342], length 0

    E..4U.@.@...

    ...n.l... @.......

    ~.v....

    07:49:50.386634 IP mailout.easydns.com.submission > server.example.com.62607: Flags [P.], seq 1:40, ack 1, win 43, options [nop,nop,TS val 2684870066 ecr 545134710], length 39

    E..[.J..+..~@D..

    ......+.......

    .... ~.v220 mailout.easydns.com ESMTP Postfix

     

    07:49:50.386765 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [.], ack 40, win 8254, options [nop,nop,TS val 545137552 ecr 2684870066], length 0

    E..45K@.@...

    ...n.m$.. >.......

    ~#.....

    07:49:50.386939 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [P.], seq 1:33, ack 40, win 8254, options [nop,nop,TS val 545137552 ecr 2684870066], length 32

    E..T.O@.@...

    ...n.m$.. >.......

    ~#.....EHLO server.example.com

     

    07:49:50.520512 IP mailout.easydns.com.submission > server.example.com.62607: Flags [.], ack 33, win 43, options [nop,nop,TS val 2684870100 ecr 545137552], length 0

    E..4....+...@D..

    ......+-l.....

    .... ~#.

    07:49:50.521060 IP mailout.easydns.com.submission > server.example.com.62607: Flags [P.], seq 40:216, ack 33, win 43, options [nop,nop,TS val 2684870100 ecr 545137552], length 176

    E....x..+...@D..

    ......+.......

    .... ~#.250-mailout.easydns.com

    250-PIPELINING

    250-SIZE 26214400

    250-ETRN

    250-STARTTLS

    250-AUTH PLAIN LOGIN

    250-AUTH=PLAIN LOGIN

    250-ENHANCEDSTATUSCODES

    250-8BITMIME

    250 DSN

     

    07:49:50.521173 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [.], ack 216, win 8243, options [nop,nop,TS val 545137682 ecr 2684870100], length 0

    E..4.c@.@...

    ...n.m... 3.......

    ~$.....

    07:49:50.535503 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [P.], seq 33:39, ack 216, win 8243, options [nop,nop,TS val 545137696 ecr 2684870100], length 6

    E..:y.@.@...

    ...n.m... 3.......

    ~$ ....QUIT

     

    07:49:50.535511 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [F.], seq 39, ack 216, win 8243, options [nop,nop,TS val 545137696 ecr 2684870100], length 0

    E..4..@.@...

    n.m... 3.......

    ~$ ....

    07:49:50.667685 IP mailout.easydns.com.submission > server.example.com.62607: Flags [P.], seq 216:231, ack 39, win 43, options [nop,nop,TS val 2684870137 ecr 545137696], length 15

    E..C....+.{.@D..

    ...+.......

    .... ~$ 221 2.0.0 Bye

     

    07:49:50.667755 IP mailout.easydns.com.submission > server.example.com.62607: Flags [F.], seq 231, ack 39, win 43, options [nop,nop,TS val 2684870137 ecr 545137696], length 0

    E..4.f..+.k.@D..

    ...++......

    .... ~$

    07:49:50.667778 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [R], seq 227513101, win 0, length 0

    E..(B]..@...

    ....P.......

    07:49:50.667784 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [R], seq 227513101, win 0, length 0

    E..(N...@...

    ....P.......

    07:49:50.668098 IP mailout.easydns.com.submission > server.example.com.62607: Flags [.], ack 40, win 43, options [nop,nop,TS val 2684870137 ecr 545137696], length 0

    E..4kD..+...@D..

    ......++......

    .... ~$

    07:49:50.668199 IP server.example.com.62607 > mailout.easydns.com.submission: Flags [R], seq 227513102, win 0, length 0

    E..(Y=..@...

    .......P.......

     

     

    With the verbose flag -v turned on:

     

    tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes

    07:58:00.853798 IP (tos 0x0, ttl 64, id 61650, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->3611)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [S], cksum 0x1407 (incorrect -> 0x1a09), seq 3293289800, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 545623935 ecr 0,sackOK,eol], length 0

    E..@..@.@...

    ...@D...<.K.K.H.......................

    ...........

    07:58:00.986539 IP (tos 0x0, ttl 43, id 6040, offset 0, flags [none], proto TCP (6), length 60)

        mailout.easydns.com.submission > server.example.com.62780: Flags [S.], cksum 0xd7a5 (correct), seq 996714090, ack 3293289801, win 5392, options [mss 1360,sackOK,TS val 2684992715 ecr 545623935,nop,wscale 7], length 0

    E..<....+.dP@D..

    ....K.<;h.j.K.I...........P...

    .          .. .......

    07:58:00.986671 IP (tos 0x0, ttl 64, id 13705, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->f166)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [.], cksum 0x13fb (incorrect -> 0xfa64), ack 1, win 8256, options [nop,nop,TS val 545624056 ecr 2684992715], length 0

    E..45.@.@...

    ...@D...<.K.K.I;h.k.. @.......

    ....          ..

    07:58:01.121725 IP (tos 0x0, ttl 43, id 9860, offset 0, flags [none], proto TCP (6), length 91)

        mailout.easydns.com.submission > server.example.com.62780: Flags [P.], cksum 0xed3b (correct), seq 1:40, ack 1, win 43, options [nop,nop,TS val 2684992748 ecr 545624056], length 39

    E..[&...+.UE@D..

    ....K.<;h.k.K.I...+.;.....

    .          .. ...220 mailout.easydns.com ESMTP Postfix

     

    07:58:01.121847 IP (tos 0x0, ttl 64, id 38384, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->90ff)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [.], cksum 0x13fb (incorrect -> 0xf998), ack 40, win 8254, options [nop,nop,TS val 545624190 ecr 2684992748], length 0

    E..4..@.@...

    ...@D...<.K.K.I;h.... >.......

    ..~.          ..

    07:58:01.122020 IP (tos 0x0, ttl 64, id 49038, offset 0, flags [DF], proto TCP (6), length 84, bad cksum 0 (->6741)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [P.], cksum 0x141b (incorrect -> 0x60d1), seq 1:33, ack 40, win 8254, options [nop,nop,TS val 545624190 ecr 2684992748], length 32

    E..T..@.@...

    ...@D...<.K.K.I;h.... >.......

    ..~.          ..EHLO server.example.com

     

    07:58:01.254622 IP (tos 0x0, ttl 43, id 46244, offset 0, flags [none], proto TCP (6), length 52)

        mailout.easydns.com.submission > server.example.com.62780: Flags [.], cksum 0x196a (correct), ack 33, win 43, options [nop,nop,TS val 2684992782 ecr 545624190], length 0

    E..4....+..K@D..

    ....K.<;h...K.i...+.j.....

    .          .. ..~

    07:58:01.255017 IP (tos 0x0, ttl 43, id 48330, offset 0, flags [none], proto TCP (6), length 228)

        mailout.easydns.com.submission > server.example.com.62780: Flags [P.], cksum 0x8ae8 (correct), seq 40:216, ack 33, win 43, options [nop,nop,TS val 2684992782 ecr 545624190], length 176

    E.......+..u@D..

    ....K.<;h...K.i...+.......

    .          .. ..~250-mailout.easydns.com

    250-PIPELINING

    250-SIZE 26214400

    250-ETRN

    250-STARTTLS

    250-AUTH PLAIN LOGIN

    250-AUTH=PLAIN LOGIN

    250-ENHANCEDSTATUSCODES

    250-8BITMIME

    250 DSN

     

    07:58:01.255106 IP (tos 0x0, ttl 64, id 52726, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->58f9)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [.], cksum 0x13fb (incorrect -> 0xf82e), ack 216, win 8243, options [nop,nop,TS val 545624321 ecr 2684992782], length 0

    E..4..@.@...

    ...@D...<.K.K.i;h.B.. 3.......

    ....          ..

    07:58:01.269489 IP (tos 0x0, ttl 64, id 45046, offset 0, flags [DF], proto TCP (6), length 58, bad cksum 0 (->76f3)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [P.], cksum 0x1401 (incorrect -> 0x5060), seq 33:39, ack 216, win 8243, options [nop,nop,TS val 545624334 ecr 2684992782], length 6

    E..:..@.@...

    ...@D...<.K.K.i;h.B.. 3.......

    ....          ..QUIT

     

    07:58:01.269515 IP (tos 0x0, ttl 64, id 32167, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->a948)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [F.], cksum 0x13fb (incorrect -> 0xf81a), seq 39, ack 216, win 8243, options [nop,nop,TS val 545624334 ecr 2684992782], length 0

    E..4}.@.@...

    ...@D...<.K.K.o;h.B.. 3.......

    ....          ..

    07:58:01.402133 IP (tos 0x0, ttl 43, id 62865, offset 0, flags [none], proto TCP (6), length 67)

        mailout.easydns.com.submission > server.example.com.62780: Flags [P.], cksum 0x7092 (correct), seq 216:231, ack 39, win 43, options [nop,nop,TS val 2684992819 ecr 545624334], length 15

    E..C....+..O@D..

    ....K.<;h.B.K.o...+p......

    .          .3 ...221 2.0.0 Bye

     

    07:58:01.402257 IP (tos 0x0, ttl 64, id 18386, offset 0, flags [none], proto TCP (6), length 40, bad cksum 0 (->1f2a)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [R], cksum 0x13ef (incorrect -> 0x42c9), seq 3293289839, win 0, length 0

    E..(G...@...

    ...@D...<.K.K.o....P.......

    07:58:01.402405 IP (tos 0x0, ttl 43, id 50603, offset 0, flags [none], proto TCP (6), length 52)

        mailout.easydns.com.submission > server.example.com.62780: Flags [F.], cksum 0x17ee (correct), seq 231, ack 40, win 43, options [nop,nop,TS val 2684992819 ecr 545624334], length 0

    E..4....+..D@D..

    ....K.<;h.Q.K.p...+.......

    .          .3 ...

    07:58:01.402468 IP (tos 0x0, ttl 64, id 27815, offset 0, flags [none], proto TCP (6), length 40, bad cksum 0 (->fa54)!)

        server.example.com.62780 > mailout.easydns.com.submission: Flags [R], cksum 0x13ef (incorrect -> 0x42c8), seq 3293289840, win 0, length 0

    E..(l...@...

    ...@D...<.K.K.p....P.......


  • by basilmir,

    basilmir basilmir Mar 13, 2013 12:00 AM in response to UptimeJeff
    Level 1 (76 points)
    Mar 13, 2013 12:00 AM in response to UptimeJeff

    I found a interesting fact... if i execute

     

    sudo postconf -e smtp_sasl_mechanism_filter=login

     

    and then check /Library/Server/Mail/Config/postfix/main.cf to see if it has added the option on the LAST line of the file all i see is

     

    smtp_sasl_mechanism_filter = plain

     

    No matter how many times i execute the command it will not replace that line, even tried

     

    sudo postconf -e smtp_sasl_mechanism_filter=

     

    I did a

     

    sudo postfix reload after each try and then manually viewed the /Library/Server/Mail/Config/postfix/main.cf in Textedit

     

    PS.

    Also found this thread that is remarcably similar to my issues. This http://www.zimbra.com/forums/installation/1240-cannot-sasl-authenticate-server.h tml and i think it's the solution to my problem but because of the above i can't seem to apply it. I remember reading something about OS X Server will not allow somekind of almost cleartext logins but it had to do with changing passwords when not under a SSL connection.

  • by UptimeJeff,

    UptimeJeff UptimeJeff Mar 13, 2013 5:28 AM in response to basilmir
    Level 4 (3,477 points)
    Mar 13, 2013 5:28 AM in response to basilmir

    If you issue:

    postcont -e <anything>

    it will edit the wrong config file (/etc/postfix/main.cf)

     

    you need to point it to the correct config directory with the -c switch

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=login" 


    Or just manually enter the correct config.

     

     

    Doesn't your ISP provide an SMTP relay? Most do.

  • by basilmir,Solvedanswer

    basilmir basilmir Mar 13, 2013 1:12 PM in response to UptimeJeff
    Level 1 (76 points)
    Mar 13, 2013 1:12 PM in response to UptimeJeff

    EUREKA!!!

     

    It works!

     

    I'm using 587.

    What i've learned:

    1. Postfix relay does not work on 465 unless you add some kind of add-on. (i don't know what this means but i was advised to try 587)

    So SSL in a no go.

     

     

    2. On 587 i'll give you my GUT feeling about the issue. I'm using OS X Server Mountain Lion and it has many out of the box limitations, when you are trying to authenticate it OR to it. In short, unless you are using SSL, authenticating in cleartext is banned, as long as you use their interface. To do this they use "smtp_sasl_mechanism_filter=" to ban certain auth mechanisms.

     

     

    CONCLUSION: 1 + 2 means postfix can't use SSL for relay (out of the box) AND since you are not using SSL all cleartext auth mechanisms get banned.

     

     

    To get around this you have to:

     

     

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter="

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_security_filter=" (this second one might not be needed since i think it's an old setting and is no longer in use) 

     

    then

     

    sudo postfix reload

    sudo postsuper -r ALL

     

     

    SO the fix is not actually a fix, you just disable all the filters to let postfix try the "normal" auth methods first.

     

    Hope i'm making sense here since i lost Screenshare connection with the server and i'm out of the office right now.

     

     

    PS. From my experience in the OS X Server interface under Mail -> Authentication - when you use OpenDirectory out of the box you have the authentication options enabled: Kerberos, Digest (CRAM-MD5) and Digest-MD5

     

    My issue is that OS X Server security is doing what is supposed to do, essentially not letting shoot your own foot off, and expose passwords in cleartext to sniffers, as long as you use their interface.

     

    The two others Cleartext, is used for compatibility with Active Directory (if you use one in the network) and APOP (which is for POP) and come disabled.

    Not only that, but purposefully written here in there in certain configuration files so the setting is system wide. My guess is that once you set the inbound authentication mechanisms, the interface just propagates this as a system wide choice, and all outbound postfix (in this case relay authentication get the same treatment, on second throught this might just pe postfix doing its thing)

  • by basilmir,

    basilmir basilmir Apr 16, 2013 6:38 AM in response to basilmir
    Level 1 (76 points)
    Apr 16, 2013 6:38 AM in response to basilmir

    I recently reDID the entire OS X Server install and found out the answer is incomplete. Luckily there were others on the same path as I.

     

    https://discussions.apple.com/thread/3341871?start=0&tstart=0

     

    The corrent commands are:

     

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_security_options = noanonymous"

     

    then

     

    sudo postfix reload

    sudo postsuper -r ALL

     

     

    More details in this thread

    https://discussions.apple.com/thread/3341871?start=0&tstart=0


  • by basilmir,

    basilmir basilmir Apr 16, 2013 6:41 AM in response to basilmir
    Level 1 (76 points)
    Apr 16, 2013 6:41 AM in response to basilmir

    Anyone know how i can mark the new reply as the correct answer?

     

    I recently reDID the entire OS X Server install and found out the answer is incomplete. Luckily there were others on the same path as I.

     

    https://discussions.apple.com/thread/3341871?start=0&tstart=0

     

    The corrent commands are:

     

    sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_security_options = noanonymous"

     

    then

     

    sudo postfix reload

    sudo postsuper -r ALL

     

     

    More details in this thread

    https://discussions.apple.com/thread/3341871?start=0&tstart=0

Previous Page 2