Unsolved can't send email with postfix
-
The client has their email hosted by Intermedia. Intermedia stopped accepting unauthenticated email on port 25. They had a fax server running HylaFax running on Gentoo. At first they were getting an error about not being able to connect. I checked with Intermedia and they changed servers, so I changed the target host from to point to east.EXCH083.serverdata.net instead of smtp15.msoutlookonline.net.
The new host requires authenication, so I followed this guide:
https://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/now in the maillog, I'm getting:
Dec 6 19:37:36 fax postfix/qmgr[5395]: A2CF5434A38: from=<fax@<domain>.com>, size=4466, nrcpt=1 (queue active)
Dec 6 19:37:37 fax postfix/smtp[8215]: A2CF5434A38: to=<user@<domain>.com>, orig_to=<FaxMaster>, relay=mail[xx.xx.52.35]:25,
delay=13170, delays=13169/0.01/0.25/0.1, dsn=4.7.1, status=deferred (host mail[xx.xx.52.35] said: 454 4.7.1 <user@<domain>.com>:
Relay access denied (in reply to RCPT TO command))So that tells me that it's trying to connect on port 25, not 587 like I put in the file /etc/postfix/main.cf
Where do I go from here?
-
what does it say in
/etc/hylafax/hosts.hfaxd -
I don't have /etc/hylafax
-
I would check to see if hylafax has its own config file somewhere that is using port 25 by default.
-
@Mike-Davis said in can't send email with postfix:
I don't have /etc/hylafax
This made me think it might be related to the ACL:
Relay access denied (in reply to RCPT TO command))It's not though. That's just saying you're having an authentication issue which you know
-
I didn't scroll far enough down in the maillog with the first error. Now I'm getting:
Dec 7 14:01:26 fax postfix/cleanup[14516]: 94AC2434A2E: message-id=<20161207190126.94AC2434A2E@fax.<domain>.com> Dec 7 14:01:26 fax postfix/qmgr[13995]: 94AC2434A2E: from=<>, size=2222, nrcpt=1 (queue active) Dec 7 14:01:26 fax postfix/bounce[14529]: 4454F434A2F: sender non-delivery notification: 94AC2434A2E Dec 7 14:01:26 fax postfix/qmgr[13995]: 4454F434A2F: removed Dec 7 14:01:26 fax postfix/smtp[14524]: certificate verification failed for mail.<domain>.com: num=7:certificate signature failure Dec 7 14:01:26 fax postfix/smtp[14524]: certificate verification failed for mail.<domain>.com: num=7:certificate signature failure Dec 7 14:01:26 fax postfix/smtp[14524]: 94AC2434A2E: to=<fax@<domain>.com>, relay=mail.<domain>.com[xx.xx.202.47]:587, delay=0.2, delays=0.01/0/0.16/0.02, dsn=5.7.1, status=bounced (host mail.<domain>.com[xx.xx.202.47] said: 530 5.7.1 Client was not authenticated (in reply to MAIL FROM command)) Dec 7 14:01:26 fax postfix/qmgr[13995]: 94AC2434A2E: removedSo I can tell it's using port 587 now which means it's using the new /etc/postfix/main.cf file, but still fails.
-
@Mike-Davis said in can't send email with postfix:
certificate verification failed
That's an SSL cert error
-
-
@Mike-Davis I found this: http://giantdorks.org/alain/fix-for-postfix-untrusted-certificate-tls-error/ but yeah. Should be more or less the same
-
@Mike-Davis Mine seems easier. Might want to try it before you get into yours. Could be just that simple
-
I do have /etc/ssl/certs, but not /var/spool/postfix/etc/ssl/certs/
In /etc/postfix/main.cf, it has the line:smtp_tls_CAfile = /etc/postfix/cacert.pemI thought this command was supposed to fix that:
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pemunder /etc/ssl/certs they are all from 2008. Could that be the problem?
-
@Mike-Davis Possibly? We're reaching the end of my knowledge unfortunately.
-
Ran:
update-ca-certificatesand that updated the dates on all the files under /etc/ssl/certs
Then:
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem sudo /etc/init.d/postfix reload -
@Mike-Davis Did that end up fixing your issue?
-
I have to have them send a test fax through. Given that it's 2016 it might be a while before we can find someone with a fax service....
-
@Mike-Davis I have a fax.. but you could setup a test fax service with any online provider and see if it receives the fax they send to it.
-
Test failed. Same error as before. I'm going to see if it's because a CNAME was set up for the receiving mail server and the name doesn't match the cert or something.
-
Instead of testing emails with a fax, get the email working itself first. Work on sending emails directly, once that is working, add in the fax piece. That will make this a ton easier to test.
