OS X Server - Relay outgoing mail through ISP - Operation timed out

Question

Level 1

80 points

OS X Server - Relay outgoing mail through ISP - Operation timed out

Hello,

I have my OS X Server setup but i can only receive mail. Because of my ISP i can't send, so i need to relay the mail through them.

I have a personal e-mail address

hostname: mail.ispmail.com with the ip XXX.XX.80.110

user:

myname@ispmail.com

password:

mypassword

I've entered them in the Relay outgoing mail through ISP field in OS X Server app and now i get an operation timed out?

Can't i use my account to relay mail through it? Does the isp relay have to have somekind of special settings?

Mar 6 21:48:46 server.mydomain.com postfix/smtp[6664]: 792DA5C5245: to=<destination@mail.ro>, relay=none, delay=30, delays=0.06/0.04/30/0, dsn=4.4.1, status=deferred (connect to XXX.XX.80.110[XXX.XX.80.110]:25: Operation timed out)

Am i doing something wrong?

Posted on Mar 6, 2013 12:06 PM

Reply

Answer 1

iToaster

Level 3

739 points

Mar 6, 2013 9:36 PM in response to basilmir

Ask your ISP

Reply

Answer 2

basilmir Author

Level 1

80 points

Mar 6, 2013 11:11 PM in response to iToaster

I did... they gave me a guide on how configure my e-mail client with the same settings.

Is there any difference in the way a client sends mail and the way server relays mail... Do i need somekind of specific support?

Reply

Answer 3

UptimeJeff

Level 4

3,479 points

Mar 7, 2013 10:23 AM in response to basilmir

Maybe you need to use a different port (587, 465)? Your ISP should tell you.

Try to send mail from your mail client using your ISP.

Whatever user/pass/port combination that works in your client should work from the server.

Reply

Answer 4

basilmir Author

Level 1

80 points

Mar 7, 2013 10:24 AM in response to UptimeJeff

How do i specify a port in the OS X Server interface...

I have hostname, user and password. Should i use hostname:587 for example?

Reply

Answer 5

UptimeJeff

Level 4

3,479 points

Mar 7, 2013 10:26 AM in response to basilmir

figure it out with your client app first (easier)

try port 25 with your user/pw, does it work?

try port 587, does it work?

Once you have a combination that works, we'll look at how to match it with the server.

Reply

Answer 6

Mar 7, 2013 2:51 PM in response to basilmir

It all comes down to the exact details of the required connection to your ISP.

1. Use telnet to check that you can connect to the ISP's host. Try ports 587, 25 or sometimes 26:

$ telnet isphost 587

If you cannot get a TCP connection through telnet, there is a network/firewall issue that needs resolving before you can continue.

2. If you can connect but there are other issues, try installing Swaks which is available through Homebrew:

$ brew install swaks

Swaks has a lot of options. This is from the manual page with an added port-option as an example:

$ swaks --port 587 --to user@example.com --from me@example.com --auth CRAM-MD5 --auth-user me@example.com

So - take it one step at a time, starting with network connectivity and moving on to the SMTP transaction.

Reply

Answer 7

basilmir Author

Level 1

80 points

Mar 11, 2013 12:27 PM in response to Johan Ekenberg

I'm begining to think there is something "special" with the Server App.

I even bought and Outbound SMTP service so i can relay my mail through them.

If i configure Apple Mail to send the e-mail using:

mailout.easydns.com

port: 465 (SSL)

user: myuser

password: my password

Authentication method: Password

(Question-Answer MD5 does not work, none of the others do either)

I can send mail AS any "sender" i want and it works.

However when i write the exact same data in the server app.

My e-mails all bounce:

DFB1F5D09DF: to=<destination@example.com>, relay=mailout.easydns.com[64.68.200.141]:465, delay=1515, delays=1204/10/300/0, dsn=4.4.2, status=deferred (conversation with mailout.easydns.com[64.68.200.141] timed out while receiving the initial server greeting)

What does "timed out while receiving the initial server greeting" mean?

A couple of days later my e-mail just returns to me the sender.

This is the mail system at host server.example.com.

I'm sorry to have to inform you that your message could not

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

The mail system

<destination@example.com>: conversation with

mailout.easydns.com[64.68.200.141] timed out while receiving the initial

server greeting

Reply

Answer 8

UptimeJeff

Level 4

3,479 points

Mar 11, 2013 6:31 PM in response to basilmir

I don't think the server app is going to create an upstream smtp config using port 465.

465 is an SSL connection. Ports 25 and 587 start with non-ssl then enable it with STARTTLS

Does your SMTP provider allow 587 or another TLS port ?

They often have a few non-standard ports you can use to get around when common mail ports are blocked.

Next time, don't wait days to find out if the mail went out or not.

Watch the logs and/or check the statu of your outbound mailq with this command in terminal:

sudo mailq

Reply

Answer 9

basilmir Author

Level 1

80 points

Mar 12, 2013 12:32 AM in response to UptimeJeff

All ports are open. Tried 587. Sent an e-mail, everything ok. Then checked Logs SMTP to see if it relays allright.

Here is what it says:

Mar 12 09:23:32 server.example.com postfix/qmgr[8422]: 6DD8C5EF621: from=<contact@example.com>, size=1053, nrcpt=1 (queue active)

Mar 12 09:23:33 server.example.com postfix/smtp[9470]: warning: SASL authentication failure: No worthy mechs found

Mar 12 09:23:33 server.example.com postfix/smtp[9470]: 6DD8C5EF621: to=<destination@email.com>, relay=mailout.easydns.com[64.68.200.141]:587, delay=1.9, delays=0.85/0.03/1/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

Mar 12 09:23:34 server.example.com postfix/smtp[9415]: 6F9005EF5E7: to=<destination@email.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=74, delays=0.52/0.09/21/52, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6DD8C5EF621)

Mar 12 09:23:34 server.example.com postfix/qmgr[8422]: 6F9005EF5E7: removed

Any thoughts?

Normally i should be able to "relay" via any smtp that i can send e-mail from? I tried the mail app and i can send as any user i want, but when i try to relay i get this.

Reply

Answer 10

basilmir Author

Level 1

80 points

Mar 12, 2013 12:35 AM in response to UptimeJeff

sudo mailq prints this

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

6DD8C5EF621 1053 Tue Mar 12 09:23:31 contact@example.com

(SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

destination1@example1.com

71FF95D0B61 1052 Fri Mar 8 11:43:18 contact@example.com

(conversation with mailout.easydns.com[64.68.200.141] timed out while receiving the initial server greeting)

destination1@example1.com

DFB1F5D09DF 1046 Fri Mar 8 11:38:29 contact@example.com

(conversation with mailout.easydns.com[64.68.200.141] timed out while receiving the initial server greeting)

destination@gmail.com

destination1@example1.com

EDAB15CD070 1090 Thu Mar 7 20:33:55 contact@example.com

(SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

destination@gmail.com

-- 6 Kbytes in 4 Requests.

Reply

Answer 11

UptimeJeff

Level 4

3,479 points

Mar 12, 2013 9:44 AM in response to basilmir

Sounds like the server is trying to use a non-supported auth method.

Post the output of:

sudo postconf -n -c /Library/Server/Mail/Config/postfix/

Reply

Answer 12

basilmir Author

Level 1

80 points

Mar 12, 2013 12:01 PM in response to UptimeJeff

Here it is:

biff = no

command_directory = /usr/sbin

config_directory = /Library/Server/Mail/Config/postfix

content_filter = smtp-amavis:[127.0.0.1]:10024

daemon_directory = /usr/libexec/postfix

data_directory = /Library/Server/Mail/Data/mta

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

dovecot_destination_recipient_limit = 1

enable_server_options = yes

header_checks = pcre:/Library/Server/Mail/Config/postfix/custom_header_checks

html_directory = /usr/share/doc/postfix/html

imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

inet_interfaces = all

inet_protocols = all

mail_owner = _postfix

mailbox_size_limit = 0

mailbox_transport = dovecot

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maps_rbl_domains =

message_size_limit = 10485760

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mydomain = MYDOMAIN.com

mydomain_fallback = localhost

myhostname = server.MYDOMAIN.com

mynetworks = 127.0.0.0/8, [::1]/128

newaliases_path = /usr/bin/newaliases

postscreen_dnsbl_sites = zen.spamhaus.org*2

queue_directory = /Library/Server/Mail/Data/spool

readme_directory = /usr/share/doc/postfix

recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps

recipient_delimiter = +

relayhost = mailout.easydns.com:587

sample_directory = /usr/share/doc/postfix/examples

sendmail_path = /usr/sbin/sendmail

setgid_group = _postdrop

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/Library/Server/Mail/Config/postfix/sasl/passwd

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit

smtpd_enforce_tls = no

smtpd_helo_required = yes

smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname

smtpd_pw_server_security_options = cram-md5,digest-md5,gssapi

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = server.tofan-arkitect.com

smtpd_tls_CAfile = /etc/certificates/server.MYDOMAIN.com.E92783059AEE749D3A7411E74DD22282CB6781CC. chain.pem

smtpd_tls_cert_file = /etc/certificates/server.MYDOMAIN.com.E92783059AEE749D3A7411E74DD22282CB6781CC. cert.pem

smtpd_tls_ciphers = medium

smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

smtpd_tls_key_file = /etc/certificates/server.MYDOMAIN.com.E92783059AEE749D3A7411E74DD22282CB6781CC. key.pem

smtpd_use_pw_server = yes

smtpd_use_tls = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

use_sacl_cache = yes

virtual_alias_maps = $virtual_maps

Reply

Answer 13

UptimeJeff

Level 4

3,479 points

Mar 12, 2013 12:17 PM in response to basilmir

OK. make sure you are using 587 (465 won't work)

Try forcing specific auth methods

You can copy/paste these each block and paste all 3 lines to Terminal at the same time.

In each case, watch the logs and see if it works.

sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=login"
sudo postfix reload
sudo postsuper -r ALL

or

sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=plain"
sudo postfix reload
sudo postsuper -r ALL

or

sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter=cram-md5"
sudo postfix reload
sudo postsuper -r ALL

If you needed to revert that setting

sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtp_sasl_mechanism_filter="
sudo postfix reload

Reply

Answer 14

basilmir Author

Level 1

80 points

Mar 12, 2013 12:46 PM in response to UptimeJeff

"login" produces

Mar 12 21:26:45 server.MYDOMAIN.com postfix/error[5934]: A0B955F4189: to=<me@gmail.com>, relay=none, delay=53, delays=51/2.5/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

"plain"

Mar 12 21:29:53 server.MYDOMAIN.com postfix/smtp[5985]: C2A8E5F424A: to=<me@gmail.com>, relay=mailout.easydns.com[64.68.200.141]:587, delay=1.5, delays=0/0/1.5/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mailout.easydns.com[64.68.200.141]: no mechanism available)

Mar 12 21:29:58 server.MYDOMAIN.com postfix/smtp[6011]: warning: SASL authentication failure: No worthy mechs found

"cram-md5"

Mar 12 21:32:23 server.MYDOMAIN.com postfix/smtp[6093]: warning: mailout.easydns.com[64.68.200.141]:587 offered no supported AUTH mechanisms: 'PLAIN LOGIN'

Mar 12 21:32:23 --- last message repeated 1 time ---

Mar 12 21:32:23 server.MYDOMAIN.com postfix/smtp[6093]: 825225F4353: to=<me@gmail.com>, relay=mailout.easydns.com[64.68.200.141]:587, delay=1.4, delays=0/0.02/1.3/0, dsn=4.7.0, status=deferred (SASL authentication failed: server mailout.easydns.com[64.68.200.141] offered no compatible authentication mechanisms for this type of connection security)

PS. Can you elaborate as to why 465 will not work?

Reply

Answer 15

UptimeJeff

Level 4

3,479 points

Mar 12, 2013 4:21 PM in response to basilmir

PS. Can you elaborate as to why 465 will not work?

Postfix supports TLS

starts off without SSL then switches to SSL

Post 465 is traditionally setup for implicit ssl

the connections is SSL from the beginning

postfix doesn't function as an implicit ssl smtp client without an addon.

You could capture the conversation in more detail with tcpdump. something like

sudo tcpdump -A port 587

With that, you should see the attempted negotiation

I'm about out of ideas for you.

Reply