I have been learning Flask (with the help of many very generous YouTuber's)
I thought adding a 'Subscribe' function that sends an email notification via GMail would be fairly straightforward.
After a few days of Googling around I am getting the following results from each combination of port 465 or 587, SSL and/or TLS enabled/disabled.
Less secure apps option in Gmail is permitted.
from flask import Flask
from flask_mail import Mail, Message
app = Flask(__name__)
app.config['MAIL_DEBUG'] = True
app.config['TESTING'] = False
app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = see results below
app.config['MAIL_USE_TLS'] = see results below
app.config['MAIL_USE_SSL'] = see results below
app.config['MAIL_USERNAME'] = None
app.config['MAIL_PASSWORD'] = 'secret_password'
app.config['MAIL_DEFAULT_SENDER'] = 'me#gmail.com'
app.config['MAIL_MAX_EMAILS'] = None
app.config['MAIL_SUPPRESS_SEND'] = False
app.config['MAIL_ASCII_ATTACHMENTS'] = False
mail = Mail(app)
#app.route('/')
def home():
msg = Message('Test Message from Flask Mail', recipients=['you#gmail.com'])
mail.send(msg)
return 'OK'
if __name__ == '__main__':
app.run(debug=True)
Results in -
Port SSL TLS Result
465 On On smtplib.SMTPNotSupportedError: STARTTLS extension not supported by server
465 Off On smtplib.SMTPServerDisconnected: Connection unexpectedly closed
465 On Off smtplib.SMTPSenderRefused: (530, b'5.7.0 Authentication Required
465 Off Off smtplib.SMTPServerDisconnected: Connection unexpectedly closed
587 On On ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number
587 Off On smtplib.SMTPSenderRefused: (530, b'5.7.0 Authentication Required
587 On Off ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number
587 Off Off smtplib.SMTPSenderRefused: (530, b'5.7.0 Must issue a STARTTLS command first
SSL version is -
import ssl
ssl.OPENSSL_VERSION
'OpenSSL 1.1.1f 31 Mar 2020'
This SMTPLIB works just fine -
import smtplib
smtp_server = 'smtp.gmail.com'
port = 587
sender = 'me#gmail.com'
password = 'secret'
receiver = 'you#gmail.com'
msg = "Test Message from SMTPLIB"
server = smtplib.SMTP(smtp_server, port)
server.starttls()
server.login(sender,password)
server.sendmail(sender, receiver, msg)
It's been a few years now but worked for me (looking at an old code) was
app.config['MAIL_PORT'] = 587
app.config['MAIL_USE_TLS'] = True
app.config['MAIL_USE_SSL'] = False
app.config['MAIL_USERNAME'] = <your email address> # should not be None as you currently have in your code
Note: I only used this code for testing on my local machine. I switched to Google App Engine mail and later SendGrid
Related
In my centos7 server, I have set up Telegraf and InfluxDB. InfluxDB successfully receives data from Telegraf and stores them in the database. But when I reconfigure both services to use https, I see the following error in Telegraf's logs
Dec 29 15:13:11 localhost.localdomain telegraf[31779]: 2020-12-29T13:13:11Z E! [outputs.influxdb] When writing to [https://127.0.0.1:8086]: Post "https://127.0.0.1:8086/write?db=GRAFANA": dial tcp 127.0.0.1:8086: connect: connection refused
Dec 29 15:13:11 localhost.localdomain telegraf[31779]: 2020-12-29T13:13:11Z E! [agent] Error writing to outputs.influxdb: could not write any address
InfluxDB doesn't show any errors in it's logs.
Below is my telegraf.conf file:
[agent]
hostname = "local"
flush_interval = "15s"
interval = "15s"
# Input Plugins
[[inputs.cpu]]
percpu = true
totalcpu = true
collect_cpu_time = false
report_active = false
[[inputs.disk]]
ignore_fs = ["tmpfs", "devtmpfs", "devfs"]
[[inputs.io]]
[[inputs.mem]]
[[inputs.net]]
[[inputs.system]]
[[inputs.swap]]
[[inputs.netstat]]
[[inputs.processes]]
[[inputs.kernel]]
# Output Plugin InfluxDB
[[outputs.influxdb]]
database = "GRAFANA"
urls = [ "https://127.0.0.1:8086" ]
insecure_skip_verify = true
username = "telegrafuser"
password = "metricsmetricsmetricsmetrics"
And this is the uncommented [http] section of the influxdb.conf
# Determines whether HTTP endpoint is enabled.
enabled = false
# Determines whether the Flux query endpoint is enabled.
flux-enabled = true
# The bind address used by the HTTP service.
bind-address = ":8086"
# Determines whether user authentication is enabled over HTTP/HTTPS.
auth-enabled = false
# Determines whether HTTPS is enabled.
https-enabled = true
# The SSL certificate to use when HTTPS is enabled.
https-certificate = "/etc/ssl/server-cert.pem"
# Use a separate private key location.
https-private-key = "/etc/ssl/server-key.pem"
I have a deployment of RabbitMQ that uses it's own certificates for end-to-end encryption. It uses both AMQP and MQTT-over-WSS to connect multiple types of clients. AMQP clients are able to connect securely, so I know that the certificate set up is good.
Clients using WS going to ws://hostname:15675/ws can connect fine, but obviously are not secure. Clients attempting to connect to wss://hostname:15676/ws have the connection closed on them. 15676 is the port you will see I have bound the web-mqtt ssl listener to, as shown below. I've gone through both the networking and tls help guide by RabbitMQ, and I see the port correctly bound and can confirm it is exposed and available to the client.
The relevant rabbit.conf:
listeners.tcp.default = 5671
listeners.ssl.default = 5671
ssl_options.cacertfile = /path/to/fullchain.pem
ssl_options.certfile = /path/to/cert.pem
ssl_options.keyfile = /path/to/privkey.pem
ssl_options.verify = verify_none
ssl_options.fail_if_no_peer_cert = false
web_mqtt.ssl.port = 15676
web_mqtt.ssl.backlog = 1024
web_mqtt.ssl.cacertfile = /path/to/fullchain.pem
web_mqtt.ssl.certfile = /path/to/cert.pem
web_mqtt.ssl.keyfile = /path/to/privkey.pem
Basically, I'm wondering if I have the connection string wrong (wss://hostname:15675/ws)? Do I need to go to /wss? Is it a problem my client is a browser running on localhost -- not HTTPS? Do I have a configuration set incorrectly -- am I missing one?
If there is a better source of documentation/examples of this plugin beyond the RabbitMQ website, I would also be interested.
maybe the configuration mismatch
if there any password for the private file you need to add it also.
refer to the following sample rabbitmq.conf
listeners.ssl.default = 5671
ssl_options.cacertfile = <path/ca-bundle (.pem/.cabundle)>
ssl_options.certfile = <path/cert (.pem/.crt)>
ssl_options.keyfile = <path/key (.pem/.key)>
ssl_options.password = <your private key password>
ssl_options.versions.1 = tlsv1.3
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
ssl_options.ciphers.1 = TLS_AES_256_GCM_SHA384
ssl_options.ciphers.2 = TLS_AES_128_GCM_SHA256
ssl_options.ciphers.3 = TLS_CHACHA20_POLY1305_SHA256
ssl_options.ciphers.4 = TLS_AES_128_CCM_SHA256
ssl_options.ciphers.5 = TLS_AES_128_CCM_8_SHA256
ssl_options.honor_cipher_order = true
ssl_options.honor_ecc_order = true
web_mqtt.ssl.port = 15676
web_mqtt.ssl.backlog = 1024
web_mqtt.ssl.cacertfile = <path/ca-bundle (.pem/.cabundle)>
web_mqtt.ssl.certfile = <path/crt (.pem/.crt)>
web_mqtt.ssl.keyfile = <path/key (.pem/.key)>
web_mqtt.ssl.password = <your private key password>
web_mqtt.ssl.honor_cipher_order = true
web_mqtt.ssl.honor_ecc_order = true
web_mqtt.ssl.client_renegotiation = false
web_mqtt.ssl.secure_renegotiate = true
web_mqtt.ssl.versions.1 = tlsv1.2
web_mqtt.ssl.versions.2 = tlsv1.1
web_mqtt.ssl.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.3 = ECDHE-ECDSA-AES256-SHA384
web_mqtt.ssl.ciphers.4 = ECDHE-RSA-AES256-SHA384
web_mqtt.ssl.ciphers.5 = ECDH-ECDSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.6 = ECDH-RSA-AES256-GCM-SHA384
web_mqtt.ssl.ciphers.7 = ECDH-ECDSA-AES256-SHA384
web_mqtt.ssl.ciphers.8 = ECDH-RSA-AES256-SHA384
web_mqtt.ssl.ciphers.9 = DHE-RSA-AES256-GCM-SHA384
this is a working configuration file for the rabbitmq-server on ubuntu 20.04
restart the rabbitmq-server
list the listeners port (make sure that the SSL ports enabled) (rabbitmq-diagnostics listeners)
test the SSL (testssl localhost:16567)
also test the telnet (telnet localhost 16567)
please reffer : https://www.rabbitmq.com/ssl.html#erlang-otp-requirements and
troubleshooting
this is worked for me :-)
So after doing a lot of research I have been able to send SMTP email using Google's gmail server. I am using the same code without issue in CPython on both Windows and Linux however when I try to use the code on Micropython 1.9.2 (Latest as of Sept 11th) on the ESP8266 or Unix port the code locks up on line 63 but I cannot figure out why.
Any recommendations on how to correct this would be greatly appreciated as I the only other thing I can think of is that Micropython's implementation of SSL is not sufficient and that I will need to attempt to port CPython SSL over.
Thank you.
Offending code is:
61 heloCommand = 'EHLO Alice\r\n'
62 ssl_clientSocket.write(heloCommand.encode())
63 recv1 = ssl_clientSocket.read(1024)
64 print(recv1)
CODE (Yes, I know it is ugly and plan to clean it up once working in micropython):
# Micropython
try:
import usocket as socket
#import base64
import ussl as ssl
except:
# Python version 3
import socket
#import base64
import ssl
msg = """From: XXX#gmail.com
To: XXX#gmail.com
Subject: Testing
Testing transmission thru python
"""
endmsg = "\r\n.\r\n"
recipient = "XXX#gmail.com"
sender = "XXX#gmail.com"
username = "XXX#gmail.com"
password = 'Mary_Had_A_Password_of_123'
# Choose a mail server (e.g. Google mail server) and call it mailserver
mailserver = "smtp.gmail.com"
port = 587
# Create socket called clientSocket and establish a TCP connection with mailserver
clientSocket = socket.socket()
clientSocket.connect(socket.getaddrinfo(mailserver, port)[0][-1])
recv = clientSocket.recv(1024)
print(recv)
print(recv[:3])
if recv[:3] != b'220':
print('220 reply not received from server.')
# Send HELO command and print server response.
heloCommand = 'EHLO Alice\r\n'
clientSocket.send(heloCommand.encode())
recv1 = clientSocket.recv(1024)
print(recv1)
if recv1[:3] != b'250':
print('250 reply not received from server.')
# Request an encrypted connection
startTlsCommand = 'STARTTLS\r\n'
clientSocket.send(startTlsCommand.encode())
tls_recv = clientSocket.recv(1024)
print(tls_recv)
if tls_recv[:3] != b'220':
print('220 reply not received from server')
# Encrypt the socket
#ssl_clientSocket = ssl.wrap_socket(clientSocket, ssl_version=ssl.PROTOCOL_TLSv1)
ssl_clientSocket = ssl.wrap_socket(clientSocket)
print("Secure socket created")
heloCommand = 'EHLO Alice\r\n'
ssl_clientSocket.write(heloCommand.encode())
recv1 = ssl_clientSocket.read(1024)
print(recv1)
# Send the AUTH LOGIN command and print server response.
authCommand = 'AUTH LOGIN\r\n'
ssl_clientSocket.write(authCommand.encode())
auth_recv = ssl_clientSocket.read(1024)
print(auth_recv)
if auth_recv[:3] != b'334':
print('334 reply not received from server')
print("Sending username / password")
# Send username and print server response.
#uname = base64.b64encode((username).encode())
uname=b'Base64EncryptedUser=='
pword=b'Base64EncryptedPassword'
print(str(uname))
ssl_clientSocket.write(uname)
ssl_clientSocket.write('\r\n'.encode())
uname_recv = ssl_clientSocket.read(1024)
print(uname_recv)
if uname_recv[:3] != b'334':
print('334 reply not received from server')
# Send password and print server response.
#pword = base64.b64encode((password).encode())
print(str(pword))
ssl_clientSocket.write(pword)
ssl_clientSocket.write('\r\n'.encode())
pword_recv = ssl_clientSocket.read(1024)
print(pword_recv)
if pword_recv[:3] != b'235':
print('235 reply not received from server')
# Send MAIL FROM command and print server response.
mailFromCommand = 'MAIL FROM: <' + sender + '>\r\n'
ssl_clientSocket.write(mailFromCommand.encode())
recv2 = ssl_clientSocket.read(1024)
print(recv2)
if recv2[:3] != b'250':
print('250 reply not received from server.')
# Send RCPT TO command and print server response.
rcptToCommand = 'RCPT TO: <' + recipient + '>\r\n'
ssl_clientSocket.write(rcptToCommand.encode())
recv3 = ssl_clientSocket.read(1024)
print(recv3)
if recv3[:3] != b'250':
print('250 reply not received from server.')
# Send DATA command and print server response.
dataCommand = 'DATA\r\n'
ssl_clientSocket.write(dataCommand.encode())
recv4 = ssl_clientSocket.read(1024)
print(recv4)
if recv4[:3] != b'354':
print('354 reply not received from server.')
# Send message data.
ssl_clientSocket.write(msg.encode())
# Message ends with a single period.
ssl_clientSocket.write(endmsg.encode())
recv5 = ssl_clientSocket.read(1024)
print(recv5)
if recv5[:3] != b'250':
print('250 reply not received from server.')
# Send QUIT command and get server response.
quitCommand = 'QUIT\r\n'
ssl_clientSocket.write(quitCommand.encode())
recv6 = ssl_clientSocket.read(1024)
print(recv6)
if recv6[:3] != b'221':
print('221 reply not received from server.')
clientSocket.close()
UPDATED CODE WITH ACCEPTED ANSWER (Yes, I know it is ugly) with read(1024) being replaced with readline() for ssl socket. Also needed to add a way to clean the buffer out after ssl EHLO command so added a "recvCount=recv1.decode().count('\n')" in first EHLO then a loop in the ssl EHLO for the same count:
# Micropython
try:
import usocket as socket
#import base64
import ussl as ssl
except:
# Python version 3
import socket
#import base64
import ssl
msg = """From: XXX#gmail.com
To: XXX#gmail.com
Subject: Testing
Testing transmission thru python
"""
endmsg = "\r\n.\r\n"
recipient = "XXX#gmail.com"
sender = "XXX#gmail.com"
username = "XXX#gmail.com"
password = 'Mary_Had_A_Password_of_123'
# Choose a mail server (e.g. Google mail server) and call it mailserver
mailserver = "smtp.gmail.com"
port = 587
# Create socket called clientSocket and establish a TCP connection with mailserver
clientSocket = socket.socket()
clientSocket.connect(socket.getaddrinfo(mailserver, port)[0][-1])
recv = clientSocket.recv(1024)
print(recv)
print(recv[:3])
if recv[:3] != b'220':
print('220 reply not received from server.')
# Send HELO command and print server response.
heloCommand = 'EHLO Alice\r\n'
clientSocket.send(heloCommand.encode())
recv1 = clientSocket.recv(1024)
recvCount=recv1.decode().count('\n')
print(recv1)
if recv1[:3] != b'250':
print('250 reply not received from server.')
# Request an encrypted connection
startTlsCommand = 'STARTTLS\r\n'
clientSocket.send(startTlsCommand.encode())
tls_recv = clientSocket.recv(1024)
print(tls_recv)
if tls_recv[:3] != b'220':
print('220 reply not received from server')
# Encrypt the socket
#ssl_clientSocket = ssl.wrap_socket(clientSocket, ssl_version=ssl.PROTOCOL_TLSv1)
ssl_clientSocket = ssl.wrap_socket(clientSocket)
print("Secure socket created")
heloCommand = 'EHLO Alice\r\n'
ssl_clientSocket.write(heloCommand.encode())
recv1=''
for index in range(0,recvCount):
recv1 = recv1+ssl_clientSocket.readline().decode()
print(recv1)
# Send the AUTH LOGIN command and print server response.
authCommand = 'AUTH LOGIN\r\n'
ssl_clientSocket.write(authCommand.encode())
auth_recv = ssl_clientSocket.readline()
print(auth_recv)
if auth_recv[:3] != b'334':
print('334 reply not received from server')
print("Sending username / password")
# Send username and print server response.
#uname = base64.b64encode((username).encode())
uname=b'Base64EncryptedUser=='
pword=b'Base64EncryptedPassword'
print(str(uname))
ssl_clientSocket.write(uname)
ssl_clientSocket.write('\r\n'.encode())
uname_recv = ssl_clientSocket.readline()
print(uname_recv)
if uname_recv[:3] != b'334':
print('334 reply not received from server')
# Send password and print server response.
#pword = base64.b64encode((password).encode())
print(str(pword))
ssl_clientSocket.write(pword)
ssl_clientSocket.write('\r\n'.encode())
pword_recv = ssl_clientSocket.readline()
print(pword_recv)
if pword_recv[:3] != b'235':
print('235 reply not received from server')
# Send MAIL FROM command and print server response.
mailFromCommand = 'MAIL FROM: <' + sender + '>\r\n'
ssl_clientSocket.write(mailFromCommand.encode())
recv2 = ssl_clientSocket.readline()
print(recv2)
if recv2[:3] != b'250':
print('250 reply not received from server.')
# Send RCPT TO command and print server response.
rcptToCommand = 'RCPT TO: <' + recipient + '>\r\n'
ssl_clientSocket.write(rcptToCommand.encode())
recv3 = ssl_clientSocket.readline()
print(recv3)
if recv3[:3] != b'250':
print('250 reply not received from server.')
# Send DATA command and print server response.
dataCommand = 'DATA\r\n'
ssl_clientSocket.write(dataCommand.encode())
recv4 = ssl_clientSocket.readline()
print(recv4)
if recv4[:3] != b'354':
print('354 reply not received from server.')
# Send message data.
ssl_clientSocket.write(msg.encode())
# Message ends with a single period.
ssl_clientSocket.write(endmsg.encode())
recv5 = ssl_clientSocket.readline()
print(recv5)
if recv5[:3] != b'250':
print('250 reply not received from server.')
# Send QUIT command and get server response.
quitCommand = 'QUIT\r\n'
ssl_clientSocket.write(quitCommand.encode())
recv6 = ssl_clientSocket.readline()
print(recv6)
if recv6[:3] != b'221':
print('221 reply not received from server.')
clientSocket.close()
recv1 = ssl_clientSocket.read(1024)
Please read about about MicroPython stream semantics (which closely matches Python stream semantics, just with some simplifications):
http://docs.micropython.org/en/latest/pyboard/library/uio.html?#conceptual-hierarchy
What the quoted statement does is requesting exactly 1024 of data (MicroPython follows "buffered stream" Python semantics by default). If there's not that much of data, .read() will patiently wait until enough arrives (or until EOF or error happens).
SMTP protocol is line-oriented, so you need to use .readline() instead.
We have an internet facing MX server whereby all users authenticate their outgoing connection to submit emails via port 587. This MX server routes incoming mail for our domain to an internal postfix smtp server which then delivers mail to local imap servers.
The internal postfix smtp server users LDAP alias_maps = ldap:/etc/postfix/ldap-aliases.cf, to lookup which imap server a users mailbox resides on.
There is a postfix option...
reject_sender_login_mismatch
that can be mapped...
smtpd_sender_login_maps = ldap:/etc/postfix/smtpd_sender_login.cf
However - I get the following error
Jul 4 11:23:26 smtp-1.domain1.com postfix/smtpd[31530]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
No users authenticate to the internal postfix smtp server - all it does is route emails from the MX server. I believe the reason I see the warning "no SASL support" is because postfix doesn't handle the authentication as it's taken care of by the MX server.
postconf -n
alias_database = hash:/etc/aliases
alias_maps = ldap:/etc/postfix/ldap-aliases.cf, hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mx3.$mydomain, mx1.$mydomain, mx2.$mydomain
mydomain = domain1.com
myhostname = smtp-1.domain1.com
mynetworks = xxx.xxx.192.0/21, xxx.62.52.0/22, 10.0.0.0/8, xxx.16.0.0/12, xxx.168.0.0/16
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
unknown_local_recipient_reject_code = 550
However, with a different config "smtpd_sender_restrictions = reject_unverified_sender"
If the "envelope From field" contains an invalid forged address the following is logged - which is great to stop unknown email address being forged - but doesn't help if it's forged with a known email address.
NOQUEUE: reject: RCPT from mx.domain1.com[xxx.xxx.192.130]: 450 4.1.7 : Sender address rejected: unverified address: unknown user: "hejem"; from= to= proto=ESMTP helo=
-bash-4.1$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = ldap:/etc/postfix/ldap-aliases.cf, hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mx3.$mydomain, mx1.$mydomain, mx2.$mydomain
mydomain = domain1.com
myhostname = smtp-1.domain1.com
mynetworks = xxx.xxx.xxx.0/21, xxx.xxx.xxx.0/22, xxx.0.0.0/xxx, xxx.xxx.0.0/12, xxx.xxx.0.0/16
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sender_restrictions = reject_unverified_sender"
What I want to achieve is my local internal postfix to check the "envelope From field" to ensure it's not been spoofed by knowing the sending user's username and looking up it's assigned "From" aliases in LDAP if it doesn't match i.e. they're spoofing then reject the mail.
Any advice how to implement this check in postfix?
Thanks
Firstly, it is not considered a good practice to activate reject_unverified_sender in postfix services. If you want to prevent mails being sent from non-existing addresses in your domain, you should prefer reject_unlisted_sender.
You can not be sure of spoofing of existing mail addresses without activating authentication (SASL) mechanism on postfix service. Thus, to prevent spoofing of existing addresses:
Make sure that smtpd_sender_login_maps is properly configured.
Activate SASL authentication on postfix
Configure reject_authenticated_sender_login_mismatch or reject_sender_login_mismatch depending on your preference.
Further Reading (from postfix SASL documentation)
Envelope sender address authorization
By default an SMTP client may specify any envelope sender address in the MAIL FROM command. That is because the Postfix SMTP server only knows the remote SMTP client hostname and IP address, but not the user who controls the remote SMTP client.
This changes the moment an SMTP client uses SASL authentication. Now, the Postfix SMTP server knows who the sender is. Given a table of envelope sender addresses and SASL login names, the Postfix SMTP server can decide if the SASL authenticated client is allowed to use a particular envelope sender address:
/etc/postfix/main.cf:
smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
smtpd_recipient_restrictions =
...
reject_sender_login_mismatch
permit_sasl_authenticated
i have detail error with this problem,
SMTP -> FROM SERVER:220-server.modulindo.com ESMTP Exim 4.77 #2 Wed, 11 Jul 2012 10:57:22 +0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
SMTP -> FROM SERVER: 250-server.modulindo.com Hello mail.modulindo.com [202.67.9.42] 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
SMTP -> ERROR: Password not accepted from server: 535 Incorrect authentication data
SMTP -> FROM SERVER:250 Reset OK
please help me guys!?
i have a problem with phpmailer. i send email with phpmailer in localhost is succeed, but when i upload it in my server domain, there was an error happend. the error is..
SMTP Error: Could not authenticate. Mailer Error: SMTP Error: Could not authenticate.
this is my script..
....
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Mailer = "smtp";
$mail->Host = "ssl://smtp.gmail.com";
$mail->Port = 465;
$mail->SMTPAuth = true;
$mail->Username = "wasis85#gmail.com";
$mail->Password = "password";
$mail->From = "wasis85#gmail.com";
$mail->FromName = "Wasis Lukito";
$mail->AddAddress($ema[$ari_no],"wasis");
$mail->AddCC("wasisl85#yahoo.com");
$mail->AddReplyTo("wasisl85#yahoo.com","Wasis Lukito");
$mail->WordWrap = 50;
$mail->IsHTML(true);
$mail->Subject = "Penolakan Data BPLPSE";
$mail->Body = "Alasan di tolak ";
$mail->AltBody = "This research is supported by Google.com";
...
i solved same problem with comment (or cancel) this line
// $mail->IsSMTP();
this because from some server i had same error: SMTP Error: Could not authenticate (also Password is incorrect...etc)
The script seems to be fine. I believe you have to check and make sure if your server supports SMTP or it has been properly configured for SMTP or not.