Very new to James, so please bear with the question.
James 2.3.2.1, Ubuntu 14.04.
Configured as both POP3 and SMTP. SSL enabled and certificate store successfully connected.
The problem is this: once SSL is enabled, the SMTPS listen port is 465, and there is no longer a listener on the standard port 25 to receive email from external senders (e.g., from Gmail). Thus mail delivery sent to local accounts works when sent from other local accounts, but fails when sent from external servers.
Is it possible to configure James to listen both on the standard port 25 for external senders and on the secured port 465 for authenticated senders? If so, how is it done, and how do I make sure it doesn't become an open relay (i.e., only receives mail sent to local user accounts)? With the SSL configuration, I just set both authRequired and verifyIdentity to true, which ensures only authenticated users can send mail. With standard SMTP, I'm not sure:
a) how to configure it while also having the secured connection; and
b) how to avoid becoming an open relay.
Thanks in advance for any help.
So I didn't find a way to do this in James, but my goals were:
a) secured SMTP for authenticated (domain) user accounts;
b) regular SMTP for receiving email from external servers;
c) not becoming an open relay.
I achieved this by using the nifty OpenSMTPD server relaying to the secured James port. Took a while to get the configuration right on both servers, but the setup is working like a charm now.
Postfix looked too complicated to set up, and Sendmail does not support client-side SSL connections (to secured SMTP servers). OpenSMTPD is a lifesaver.
Related
I am using Telnet on an Ubuntu 18.04 Server being accessed via SSH. I log into the email server being set up that uses PostFix and DoveCot, to test if the "phil#xxxxxxx.com" mail account is working.
This is the exchange:
root#xxxxxxx:/var/log# telnet xxxxxxx.com 110
Trying 2600:3c01::f03c:92ff:fe93:5fa0... Connected to xxxxxxx.com.
Escape character is '^]'. +OK Dovecot (Ubuntu) ready.
USER phil +OK
PASS fakepassword
-ERR [AUTH] Authentication failed.
I'm not trying to solve the entire mystery here, but just wanted to check on whether this is a valid use of Telnet. A website about using Telnet states the following:
However, you should note that Telnet is not encrypted. Most public
internet services, such as Google or Yahoo, require an encrypted
connection—which isn't supported by Telnet.
Is this a situation were the lack of encryption might contribute to the authentication failure? I'm guessing not, since I'm not going through a browser. I just wanted to verify that if everything was set up right, this would be a valid way to test the email account.
Yes, you can use telnet for protocol exploration. POP3 in this case is text based and not wrapped in TLS, so it works out without any other advanced tools (eg openssl).
That said you will want to familiarize yourself with the POP3 AUTH exchange, which is probably not going to accept credentials in cleartext these days. (If this were 1999, different story.)
https://ietf.org/rfc/rfc1939.txt
You might consider using an actual email program (MUA in the parlance) to negotiate the connection, in tandem with a protocol sniffer like wireshark to see how the exchange works.
I set up account in google compute engine, and I use go daddy smtp
smtpout.asia.secureserver.net , this works fine in my localhost but in GCE it will threw error Connection could not be established with host smtpout.asia.secureserver.net [Connection timed out #110] ...is port 465 with option 'ssl' is block ? ...how to enable this 465 'ssl' in GCE ?
EDIT
465 works fine if I use gmail account...but why using other smtp is not working ?
Thank you in advance.
TL;DR - Google Compute Engine blocks all outbound connections on ports 25, 465 and 587.
Using standard outbound email ports on Google Compute Engine
Yattin's answer is incorrect regarding Google Compute Engine (it only answers how to send mail using gmail).
Google Compute Engine blocks all outbound connections on ports 25, 465 and 587 for the sake of protection against spam and abuse. The only exceptions are for outbound connections to Google's mail services like GMail or Google Apps.
Options for outbound email on Google Compute Engine
Use a trusted third-party mail provider like SendGrid, Mailgun or Mailjet.
Use GMail account to send the messages. This is what you tried already based on what you have mentioned in your question.
Use Google Apps SMTP relay service if you have a Google Apps account.
If you already have a corporate email server and you have a VPN connection to that from your Google Compute Engine instances, you can tunnel the mail traffic to your corporate email server and let it handle the mail delivery.
You need to try for Port 587 that is using TLS protocol for sending emails from Google. Google recommends using port 587 instead of 465. Also, use telnet client to check for the protocols available on your machine.
Open command prompt and type:
telnet smtp.gmail.com 587
ehlo nico
Check for the text listed under it.
You should be getting STARTTLS and CHUNKING keyword. If not, your network is blocking these features.
For further reference see
We have been battling with an issue where I've been getting a 5006 error using "SagePay Server" for 24 hours after moving a nopcommerce site to a new server with a different IP address.
We use a free cloudflare service with SSL enabled on Cloudflare in Full SSL mode and then a self signed certificate on our server so the connection is always secured end to end. This was also the same on the old server.
When moving servers we simply updated the IP address in couldflare to point at the new IP address but we started getting 5006 errors during the checkout process...
SagePay support told us they could not connect to our notification URL which was using SSL. Our server showed no attempt from their server to connect to ours yet SapePays log files show an "internal_error" with no more useful information.
However it is possible to the call the notification URL passed to SagePay from a browser and it works without issue.
After talking with SagePay on several occasions it would seem the SagePay system does not support websites / traffic using SSL with SNI which means they can not connect to the notification URL over SSL.
In a time when IPv4 addresses are fast running out I would imagine more and more people will start to use SNI for SSL so they can run multiple sites using SSL from one IPv4 address - a massive oversight on SagePay's part me thinks.
Contrary to JaxUK, I can confirm SagePay does support SSL/TLS with SNI. Hope this helps someone
I've installed Postfix, opened port 25 (as well as ports 110, 995, 143, and 993) on my local computer connected to the Internet, but none of the e-mails that I am attempting to send out using the localhost:25 definition are being properly routed to their destination. Basically, I am trying to set up a local SMTP server to send out e-mails from my production website's software (also hosted on the same local computer).
I am using Verizon FIOS Internet service, who reportedly blocks port 25 (but actually does not in my case, as I have enabled it and checked that is in fact accessible from my external IP address). I have attempted to send the e-mail using no Smart Host, then using Verizon's SMTP server as a Smart Host, and finally using Verizon/Yahoo's SMTP server as a Smart Host, but none of them have worked.
What could be causing this issue?
I really appreciate any help on this problem, because I've been working to no success on it for the past three hours. Thank you all in advance!
absolutely, it's very common for large ISPs to block outbound connections on port 25 ~ they do this specifically to prevent what you are attempting. You should give them a call and verify if this is the case.
OR
See if you can configure your postfix to authenticate on your verizon mail account and relay your mail through that. [actually I did exactly this ~ I'll see if I can dig up the config]
-sean
UPDATE
here we go:
relayhost = [smtp.gmail.com]:587
smtpd_sasl_auth_enable = no
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Sorry, I'm a little crunched on time, you'll have to dig up the docs for postfix relaying and how to setup the password maps [cause I don't recall offhand]
Hope his helps...
Have you setup MX record in DNS (reverse DNS must work properly) and the respective domain name (FDQN) in the smpt demon ?
internally, our organization limits what servers and applications can send emails. I would like to be able to have scripts that could be run on any server send an email when done. Is it possible to install IIS SMTP on a single server and have that relay all mail the servers send to our standard relay servers? All the advice I see on the internet talks about configuring relays for outbound connectivity, but this would be for internal use only. the flow would be something like this, I believe
[any server] --> My SMTP relay --> corporate SMTP relay --> Internal Mail system
Is this doable? if so, any links on how to configure? I have nearly zero SMTP knowledge.
Doable, you should search for "SMARTHOST SMTP" in google. If your mail server limits relaying to specific HOSTS/IP address, you'll still need to add the new server to the relay list. Setup will be a little different depending on you mail server/version (Exchange, IIS SMTP).
SMART HOST for Exchange:
http://www.dnsexit.com/support/mailrelay/exchange/setup.htm
I have a similar setup to what you have described. You might want want to check if your SMTP server allows relaying for authenticated users, since this might allow you current script to send emails using a domain/email user account.