Jump to content
Froxlor Forum
  • 0

Sender address rejected: not logged in (in reply to RCPT TO command))


Question

Hey Leute,

 

ich habe mir heute mal froxlor installiert und soweit funktioniert auch alles, jedoch beim anlegen eines kundes wird die email an manche anbieter nicht versendet.

 

Apr 22 11:07:31 hosting postfix/smtp[1243]: F3BCF1041143: to=<info@elec***.de>, relay=vweb10.nitrado.net[194.169.211.8]:25, delay=0.21, delays=0.03/0/0.15/0.02, dsn=5.7.1, status=bounced (host vweb10.nitrado.net[194.169.211.8] said: 553 5.7.1 <a**.de>: Sender address rejected: not logged in (in reply to RCPT TO command))
 
 
hat da jemand eine Idee?
 
smtpd_sender_restrictions = permit_mynetworks,
#         reject_sender_login_mismatch,
 
 
geht auch nicht

 

Link to post
Share on other sites

Recommended Posts

  • 0

Hab das zwar nicht geändert aber geht aus irgendeinen grund plötzlich :D

Was ist eigentlich besser: SSL/TLS oder Starttls?

Momentan hab ich die settings so:

smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes

## TLS for incoming connections (clients or other mail servers)
smtpd_tls_security_level = encrypt
smtpd_tls_cert_file = /etc/ssl/server/ho.crt
smtpd_tls_key_file = /etc/ssl/server/server.key
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

 

wollte erzwingen dass tls pflicht is

Und ich hab mal roundcube aufgesetzt krieg aber da den fehler beim sendne:

SMTP Fehler (530): Der Absender "info@abc.de" konnte nicht gesetzt werden (5.7.0 Must issue a STARTTLS command first).
 

Hier mal die Master.cfg
 
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    unix  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
# Dovecot LDA
dovecot  unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

Link to post
Share on other sites
  • 0

Ich hab das gefühl dass das eigentlich nichts mit deinem Server zutun hatte. Es war ja der Nitrado Server der deine Mail abgelehnt hat und zwar mit "not logged in". Das ist eigentlich ein Zeichen dafür, besonders wenn die Froxlor und Postfix verwenden, das die Empfänger Domain aus deren Sicht Extern liegt. Man muss sich ja erst Authentifizieren bevor man über den Server rausschicken darf, sonst hätte man ja ein Open Relay...

 

Warum es jetzt geht und was tatsächlich Kaputt war kann ich nicht sagen.

Link to post
Share on other sites
  • 0

Zertifikat ist Zertifikat, ist eigentlich egal von wem. Wenns vom Format nicht passen würde, würde der Mail-Server gar nicht erst Starten. 

 

Testen kannst du das natürlich auch, für SMTP mit STARTTLS  z.B.:

 

openssl s_client -connect SERVERIP:smtp -starttls smtp

Link to post
Share on other sites
  • 0

Zertifikat ist Zertifikat, ist eigentlich egal von wem. Wenns vom Format nicht passen würde, würde der Mail-Server gar nicht erst Starten. 

 

Testen kannst du das natürlich auch, für SMTP mit STARTTLS  z.B.:

 

openssl s_client -connect SERVERIP:smtp -starttls smtp

 

 

Da krieg ich das raus

 

openssl s_client -connect localhost:smtp -starttls smtp

CONNECTED(00000003)

depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = abc.de

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = abc.de

verify error:num=27:certificate not trusted

verify return:1

depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = abc.de

verify error:num=21:unable to verify the first certificate

verify return:1

---

Certificate chain

 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=abc.de

   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA

---

Server certificate

-----BEGIN CERTIFICATE-----

**********

********

-----END CERTIFICATE-----

subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=abc.de

issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA

---

No client certificate CA names sent

---

SSL handshake has read 2294 bytes and written 450 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

    Session-ID: *****E322F

    Session-ID-ctx:

    Master-Key: ***********9B08***

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket lifetime hint: 7200 (seconds)

    TLS session ticket:

    *****

 

    Start Time: 1461918971

    Timeout   : 300 (sec)

    Verify return code: 21 (unable to verify the first certificate)

---

250 DSN

 

Und:

 

 

Was ist eigentlich besser: SSL/TLS oder Starttls?

 

Momentan hab ich die settings so:

 

smtp_use_tls = yes

smtp_tls_security_level = may

smtp_tls_note_starttls_offer = yes

 

## TLS for incoming connections (clients or other mail servers)

smtpd_tls_security_level = encrypt

smtpd_tls_cert_file = /etc/ssl/server/ho.crt

smtpd_tls_key_file = /etc/ssl/server/server.key

smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

 

wollte erzwingen dass tls pflicht is

Und ich hab mal roundcube aufgesetzt krieg aber da den fehler beim sendne:

 

SMTP Fehler (530): Der Absender "info@abc.de" konnte nicht gesetzt werden (5.7.0 Must issue a STARTTLS command first).

 

Hier mal die Master.cfg

 

#

# Postfix master process configuration file. For details on the format

# of the file, see the master(5) manual page (command: "man 5 master" or

# on-line: http://www.postfix.org/master.5.html).

#

# Do not forget to execute "postfix reload" after editing this file.

#

# ==========================================================================

# service type private unpriv chroot wakeup maxproc command + args

# (yes) (yes) (yes) (never) (100)

# ==========================================================================

smtp inet n - - - - smtpd

#smtp inet n - - - 1 postscreen

#smtpd pass - - - - - smtpd

#dnsblog unix - - - - 0 dnsblog

#tlsproxy unix - - - - 0 tlsproxy

#submission inet n - - - - smtpd

# -o syslog_name=postfix/submission

# -o smtpd_tls_security_level=encrypt

# -o smtpd_sasl_auth_enable=yes

# -o smtpd_reject_unlisted_recipient=no

# -o smtpd_client_restrictions=$mua_client_restrictions

# -o smtpd_helo_restrictions=$mua_helo_restrictions

# -o smtpd_sender_restrictions=$mua_sender_restrictions

# -o smtpd_recipient_restrictions=

# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

# -o milter_macro_daemon_name=ORIGINATING

#smtps inet n - - - - smtpd

# -o syslog_name=postfix/smtps

# -o smtpd_tls_wrappermode=yes

# -o smtpd_sasl_auth_enable=yes

# -o smtpd_reject_unlisted_recipient=no

# -o smtpd_client_restrictions=$mua_client_restrictions

# -o smtpd_helo_restrictions=$mua_helo_restrictions

# -o smtpd_sender_restrictions=$mua_sender_restrictions

# -o smtpd_recipient_restrictions=

# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

# -o milter_macro_daemon_name=ORIGINATING

#628 inet n - - - - qmqpd

pickup unix n - - 60 1 pickup

cleanup unix n - - - 0 cleanup

qmgr unix n - n 300 1 qmgr

#qmgr unix n - n 300 1 oqmgr

tlsmgr unix - - - 1000? 1 tlsmgr

rewrite unix - - - - - trivial-rewrite

bounce unix - - - - 0 bounce

defer unix - - - - 0 bounce

trace unix - - - - 0 bounce

verify unix - - - - 1 verify

flush unix n - - 1000? 0 flush

proxymap unix - - n - - proxymap

proxywrite unix - - n - 1 proxymap

smtp unix - - - - - smtp

relay unix - - - - - smtp

# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq unix n - - - - showq

error unix - - - - - error

retry unix - - - - - error

discard unix - - - - - discard

local unix - n n - - local

virtual unix - n n - - virtual

lmtp unix - - - - - lmtp

anvil unix - - - - 1 anvil

scache unix - - - - 1 scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent. See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

maildrop unix - n n - - pipe

flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

#

# ====================================================================

#

# Recent Cyrus versions can use the existing "lmtp" master.cf entry.

#

# Specify in cyrus.conf:

# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4

#

# Specify in main.cf one or more of the following:

# mailbox_transport = lmtp:inet:localhost

# virtual_transport = lmtp:inet:localhost

#

# ====================================================================

#

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

#

#cyrus unix - n n - - pipe

# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

#

# ====================================================================

# Old example of delivery via Cyrus.

#

#old-cyrus unix - n n - - pipe

# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

#

# ====================================================================

#

# See the Postfix UUCP_README file for configuration details.

#

uucp unix - n n - - pipe

flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# Other external delivery methods.

#

ifmail unix - n n - - pipe

flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix - n n - - pipe

flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient

scalemail-backend unix - n n - 2 pipe

flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

mailman unix - n n - - pipe

flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

${nexthop} ${user}

# Dovecot LDA

dovecot unix - n n - - pipe

flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

 

Link to post
Share on other sites
  • 0

Bei meinen Forum krieg ich btw auch: 

 

SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

 

@edit: Das geht nun

Link to post
Share on other sites
  • 0

Forenmails oder das Forum im Browser? Bitte etwas genauer irgendwie dreht sichs hier im Kreis. Schau doch am besten mal im IRC vorbei und frag da jemanden, da kann man etwas gezielter Fragen wenn du das Gesagte gleich umsetzen kannst.

Link to post
Share on other sites
  • 0

Naja hab mittlerweile soweit alles gefixt, bis auf 

 

SMTP Fehler (553): Der Empfänger "****@web.de" konnte nicht gesetzt werden (5.7.1 <noreply@abc.de>: Sender address rejected: not logged in).

 

kommt bei roundcube

 

alles andere geht

Link to post
Share on other sites
  • 0

Dann erklär den Leuten doch bitte wo das Problem lag bzw. was du gemacht hast, damit der nächste auch was davon hat

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...