Enabling Outbound SMTP Mail Relaying (SASL)

Rafal:

I have to add these commands to my main.cf to get email to relay properly. I wish Apple would add the necessay configuration options to the server configuration program to enable and configure these options without having to manually edit the main.cf file.

Dennis

Thanks for posting this

I guess this is the problem with osx server, the removal or exclusion setting in order for it to be easier/ simpler for home user.

Hi i have some questions Rafal

i set up email server in osx server and unfortunately i'm on residential internet line

verizon is blocking port 25

so i tried to use a relay outgoing mail through ISP

i have verizon email

it works if i use it with mail client

but it does not work with the relay

do you have any sugestions how can i get it to work?

also is there a way to use services like no-ip.com or dydns with mail server

I'm going to guess that this is a different question; that your mail server is relaying on port 25 and getting blocked.

You'll need to have relayhost set, including the submission port.

Use the following command to view the current relayhost setting:

postconf -n

If it's not already set, then something akin to the following will set the relay to TCP port 587 on host mail.example.com. (Alter the TCP port and host name appropriately for your mail server.)

sudo postconf -e "relayhost = mail.example.com:587"

sudo postfix reload

This addresses outbound mail.

You'll also probably need to acquire a mail hop service in order to receive email at your domain, if you're at a dynamic address (and if your ISP terms of service allow mail servers, obviously). This because dynamic IP service tiers have mismatched DNS records.

Better still, acquire static IP service from your ISP, and set up your public DNS with a DNS A (machine) record for the host referenced in the DNS MX record for your domain. (This proper DNS configuration is necessary to avoid other mail servers classifying your server as a spam engine, and simply dropping your outbound and variously also inbound mail. Dynamic IP service tiers almost inherently have mismatched DNS records, which is why this stuff is used by other servers for spam filtering.)

Beyond blocking outbound TCP port 25 — common best-practices networking — it's also possible for an ISP to blacklist a range of IP addresses, which would mean that inbound and outbound relays are required. (Or static IP, or hosted email services, of course.)

Hello and thank you for very exhausting reply 😉

however i have to point out that i am novice in server administration and mac mini is my first server ever that i started learning to use. Administration is very demanding and apple has very few resources in that field and discussions are the best. Anyway this is what i did so far.

I highly doubt that i'm allowed to run any server on my residential line but its for personal use only with very little trafic if none in most cases.

However i try to learn and need to pratice and test real enviroment even if it needs few extra steps to make it work 😉 and on residential line is more then few then extra steps.

So i went to noip.com and got Email Alternate port smtp service and set aup the relay with port 587

works great

i did as you sugested postconf -n but i can not read that info and did not find anything like relayhost =

in there.

Moreover i have new problem now 😉

it seems to work with Server Client only , so i assigned email setting inside Server Mail Client and i can send and recive emails to that server but only on server side.

if i enter identical settings on my OSX Laptop Mail Client it shows account offline all the time and no matter what i do i cant get it to work , Recive/Send emails. even on the same network.

But Server client works with no problem.

perhaps i have messed up MX settings somwhere

here is the client connection doctor reports:

domainname SMTP Trying to log in to this SMTP account failed. Veryfiy that the username and the password are correct.

on outgoing and reciving

but they are correct.

my mx server record name is doman.com however i see in many tutorials that people use mail.domainname.com coud my mx settings be messed up and they only work on server because they not properly set for access from other clients?

some as simple as possible instructions to how to troubleshoot it would be welcome.

Thanks

Here are some of my previous postings on checking DNS services MX records and mail servers using Terminal.app: see here and here.

Here is how to configure the OS X Server DNS server; the general information posted there is valid for 10.8, and the settings do apply to Server.app 10.8 after you enable the advanced settings within Server.app to access the zone settings. Your OS X Server box would usually be configured to provide DNS for your local network, and there'd be no references to other DNS servers located off your network.

For other resources, Apple has some fairly thin manuals for OS X Server 10.8 if you've not already skimmed those, and the OS X Server 10.6 manuals are still posted and are rather more detailed.

FWIW, if your mail server or your DNS server is misconfigured and is accessible to the 'net, then the bots will find it, and you'll be running a whole lot more mail than you might expect.

I'd encourage you to start your own thread for these questions; mixing these together just gets my head all tangled up, particularly if the original thread lights up and starts getting discussed again.

i am having the same problem. The configuration settings for verizon have changed.

smtp.verizon.net:465 SSL=yes Authentication=Password

/etc/postfix/main.cf and /Library/Server/Mail/Config/postfix/main.cf I have posted the same info:

#verizon smtp

relayhost=smtp.verizon.com:465

smtp_sasl_auth_enable=yes

smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd

smtp_sasl_mechanism_filter = AUTH LOGIN

smtp_sasl_security_options=

smtp_use_tls=yes

smtp_tls_security_level=encrypt

tls_random_source=dev:/dev/urandom

Then I set up a /etc/postfix/sasl_passwd file with relay info and username:password and then postmapped it.

postmap /etc/postfix/sasl_passwd

Force the e-mail(sendmail -q) and i see in the logs it makes it to the que but when it tries to send it out i get this error:

postfix/smtp[8899]: 83A5D5EB7D3: from=<contact@c*****.com>, size=1008, nrcpt=1 (queue active)

postfix/smtp[8899]: CLIENT wrappermode (port smtps/465) is unimplemented

postfix/smtp[8899]: instead, send to (port submission/587) with STARTTLS

postfix/smtp[8899]: warning: relayhost configuration problem

postfix/smtp[8899]: 83A5D5EB7D3: to=<g*****@mac.com>, relay=none, delay=1107, delays=1107/0.14/0.13/0, dsn=4.3.5, status=deferred (Host or domain name not found. Name service error for name=smtp.verizon.com type=AAAA: Host not found)

I don't know what to really do from here.

Update:

I figured it was a Domain issue so change the smtp.verizon.net:465 in the settings to 206.46.232.100:465 and still get this error:

CLIENT wrappermode (port smtps/465) is unimplemented

instead, send to (port submission/587) with STARTTLS

83A5D5EB7D3: to=<g*****@mac.com>, relay=206.46.232.100[206.46.232.100]:465, delay=2812, delays=2584/0.14/229/0, dsn=4.4.2, status=deferred (lost connection with 206.46.232.100[206.46.232.100] while receiving the initial server greeting)

Got any ideas?

Problem with that port is that verzion wants you to authenticate on 465 which is the ssl port for smtp. I know they block port 25.

I have even tried changing my /etc/services smtp port to 587 and not use a relay server and still doesn't work. i contact the mail servers of apple on port 587 but the connection is refused.

The only way i see it working is via Verizon's Relay Server.

A quick review: An increasing number of ISPs will block TCP port 25 traffic inbound and outbound on dynamic (DHCP) tier of service.

This practice reduces the ability of of malware on various systems to send out spam. This also means that mail clients will be configured to use a submission port; either the older TCP 465 or the newer TCP 587.

This means using a mail relay service (if the terms and conditions allow that) or (the preferred approach) moving to static IP.

With a local SMTP server, you cannot receive direct inbound email from another SMTP server; that happens on TCP port 25. Which means a mail hop relay, or an upgrade to static IP.

As for the message and the error, the current relay is happening on the legacy submission port TCP 465, and your ISP wishes you to now use the newer TCP port 587 for submissions.

Did you ever get this resolved? I am having the exact same problem. Verizon is of no help at this point either.

frederickfromwesley wrote:

Did you ever get this resolved? I am having the exact same problem. Verizon is of no help at this point either.

If your case is similar to the earlier thread, then this is usually resolved moving to a business-class service connection from your ISP, or by hosting your mail via a virtual server somewhere other than this connection, or by using a mail relay / mail hop service.

If that's not the case and if you're on a static IP connection, then I'd encourage starting your own thread for this question, and please include some details there around your mail server configuration and your public DNS, and the results of the various tests mentioned up-thread.

Hi

well i kinda sorted the problem out...

unfortunately its confirmed verizon blocks mail ports unless its business line

but i just learned that if you can get optonline/cablevision service they offer for some time now hosting services and allow to have servers with no restricton on residential line double check if they available in your area....

for now i solved the problem using noip.com service and bought

Alternate-Port SMTP

that seem to solve my problem and everything is working fine with my osx mail server and verizon.

Hope that helps...