Thanks so much for your help. It changed the bahavior but has not eliminated my issue. Sorry to be such a pain! A knowledgable person like you should be able to see what’s going on. It looks like It is not doing what the server expects yet. Something in my config is still saying “do not send a password.” Is there a verbose option or something I can use to help troubleshoot?
When I made the change you propose, I now get the following messages in my mail.log: ------------------------------------------------------------------------------------------ Aug 16 09:20:11 RichCookHomeMac postfix/pickup[40015]: 6524929C83DF: uid=0 from=<root> Aug 16 09:20:11 RichCookHomeMac postfix/cleanup[40031]: 6524929C83DF: message-id=<20140816162011.6524929c8...@richcook.net> Aug 16 09:20:11 RichCookHomeMac postfix/qmgr[40016]: 6524929C83DF: from=<r...@richcook.net>, size=332, nrcpt=1 (queue active) Aug 16 09:20:11 RichCookHomeMac postfix/smtp[40033]: Untrusted TLS connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Aug 16 09:20:12 RichCookHomeMac postfix/smtp[40033]: 6524929C83DF: to=<wealthyc...@gmail.com>, relay=smtp.comcast.net[76.96.40.155]:587, delay=0.64, delays=0.02/0.03/0.52/0.07, dsn=5.1.0, status=bounced (host smtp.comcast.net[76.96.40.155] said: 550 5.1.0 Authentication required (in reply to MAIL FROM command)) Aug 16 09:20:12 RichCookHomeMac postfix/bounce[40035]: 6524929C83DF: sender non-delivery notification: 152B329C83E1 Aug 16 09:20:12 RichCookHomeMac postfix/qmgr[40016]: 6524929C83DF: removed ------------------------------------------------------------------------------------------ Plus a bounce email from comcast, which is no surprise of course given the above. > This is the mail system at host richcook.net. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > > The mail system > > <wealthyc...@gmail.com>: host smtp.comcast.net[76.96.40.155] said: 550 5.1.0 > Authentication required (in reply to MAIL FROM command) > Reporting-MTA: dns; richcook.net > X-Postfix-Queue-ID: F39D529C8122 > X-Postfix-Sender: rfc822; r...@richcook.net > Arrival-Date: Sat, 16 Aug 2014 09:11:33 -0700 (PDT) > > Final-Recipient: rfc822; wealthyc...@gmail.com > Action: failed > Status: 5.1.0 > Remote-MTA: dns; smtp.comcast.net > Diagnostic-Code: smtp; 550 5.1.0 Authentication required > > From: r...@richcook.net (System Administrator) > Subject: test > Date: August 16, 2014 at 9:11:33 AM PDT > To: wealthyc...@gmail.com > > > Sat Aug 16 09:11:33 PDT 2014 ------------------------------------------------------------------------------------------ Here is the new main.cf configuration: #====================================================================== # Apple additions: mydomain_fallback = localhost recipient_delimiter = + smtpd_tls_ciphers = medium inet_protocols = all inet_interfaces = loopback-only #====================================================================== relayhost=[smtp.comcast.net]:587 smtp_sasl_auth_enable=yes smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtpd_sasl_auth_enable=yes smtpd_use_pw_server=yes enable_server_options=yes smtpd_pw_server_security_options=plain, login smtp_tls_loglevel=1 smtpd_sasl_security_options=noanonymous broken_sasl_auth_clients=yes smtpd_sasl_local_domain=$mydomain smtp_sasl_mechanism_filter = # OLD # Rich Cook mods: message_size_limit = 0 mydomain = richcook.net myhostname = richcook.net mynetworks=192.168.0.0/16,rcmac.llnl.gov,localhost,mom.richcook.net smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject ------------------------------------------------------------------------------------------ Thanks again for any help. — Rich On Aug 16, 2014, at 3:24 AM, Patrick Ben Koetter <p...@sys4.de> wrote: > The other side offers only PLAIN and LOGIN: > > $ telnet 76.96.40.155 25 > Trying 76.96.40.155... > Connected to 76.96.40.155. > Escape character is '^]'. > 220 omta20.emeryville.ca.mail.comcast.net comcast ESMTP server ready > EHLO foo > 250-omta20.emeryville.ca.mail.comcast.net hello [37.5.251.161], pleased to > meet you > 250-HELP > 250-AUTH LOGIN PLAIN > 250-SIZE 36700160 > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-STARTTLS > 250 OK > QUIT > 221 2.0.0 omta20.emeryville.ca.mail.comcast.net comcast closing connection > > > PLAIN and LOGIN are disabled on Postfix smtp client side by default, because > their usage may be insecure over an unencrypted transport - PLAIN and LOGIN do > not crypt, but only encode username and password: > > smtp_sasl_security_options = noplaintext, noanonymous > smtp_sasl_tls_security_options = $smtp_sasl_security_options > smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_option > > Change Postfix' SASL policy for TLS shielded connections and it will work: > > smtp_sasl_security_options = noplaintext, noanonymous > smtp_sasl_tls_security_options = noanonymous > > p@rick > > > > * Rich Cook <wealthyc...@gmail.com>: >> Hello, I am having a maddening problem. I have googled of course for >> answers, but I cannot figure out exactly what the issue is. >> I am trying to put the final touches on my postfix/fetchmail setup. Mostly >> it's working but the crucial piece I'm missing is the ability to send mail >> to other hosts through my comcast relay from the command line. >> >> I can send mail from my mail client but not from the command line via >> sendmail, which I would like very much to be able to do. There is just some >> little SASL detail or something going on here that I'm missing. I could use >> a good pair of eyes for help! >> >> To put it in a nutshell, here is what I'm seeing in the logs when I do >> "postfix flush": >> Note that I can telnet to smtp.comcast.net 587 and make a connection, so I >> am ignoring "no route to host" messages at the moment. Especially since you >> can see it does connect. Config logs are below. Sorry for the long >> message, but I'm hopefully anticipating the questions a knowledgable expert >> might ask of me. :-) >> >> I can ramp up the verbosity but you probably get the idea. >> Warm thanks for any help! >> >> ================================================================================ >> ============= >> # LOG FILE CONTENTS: >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: 810762983FD0: >> from=<***>, size=332, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: AED65298168E: >> from=<***>, size=327, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: AF585298168F: >> from=<***>, size=327, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: C873A29816BA: >> from=<***>, size=306, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: CFE0E2983B7C: >> from=<***>, size=302, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: D71C029816E8: >> from=<***>, size=307, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61130]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61133]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61132]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61132]: CFE0E2983B7C: to=<***>, >> relay=smtp.comcast.net[76.96.40.155]:587, delay=1844, delays=1844/0/0.09/0, >> dsn=4.0.0, status=deferred (host smtp.comcast.net[76.96.40.155] refused to >> talk to me: 421 omta14.emeryville.ca.mail.comcast.net comcast Too many >> sessions opened) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61130]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61133]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61131]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61134]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61130]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61130]: AED65298168E: to=<***>, >> relay=smtp.comcast.net[76.96.40.155]:587, delay=190442, >> delays=190441/0/0.39/0, dsn=4.7.0, status=deferred (SASL authentication >> failed; cannot authenticate to server smtp.comcast.net[76.96.40.155]: no >> mechanism available) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61133]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61133]: 810762983FD0: to=<***>, >> relay=smtp.comcast.net[76.96.40.155]:587, delay=1162, delays=1161/0/0.4/0, >> dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate >> to server smtp.comcast.net[76.96.40.155]: no mechanism available) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: AF585298168F: SASL >> authentication failed; cannot authenticate to server >> smtp.comcast.net[76.96.40.155]: no mechanism available >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: C873A29816BA: SASL >> authentication failed; cannot authenticate to server >> smtp.comcast.net[76.96.40.155]: no mechanism available >> Aug 15 12:48:28 RichCookHomeMac postfix/error[61137]: D71C029816E8: >> to=<***>, relay=none, delay=190645, delays=190645/0.41/0/0, dsn=4.7.0, >> status=deferred (delivery temporarily suspended: SASL authentication failed; >> cannot authenticate to server smtp.comcast.net[76.96.40.155]: no mechanism >> available) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: AF585298168F: to=<***>, >> relay=none, delay=190350, delays=190349/0/0.42/0, dsn=4.4.1, status=deferred >> (connect to smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: C873A29816BA: to=<***>, >> relay=none, delay=190865, delays=190864/0/0.43/0, dsn=4.4.1, status=deferred >> (connect to smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host) >> >> >> ================================================================================ >> ============= >> # main.cf: >> mydomain_fallback = localhost >> # message_size_limit = 10485760 # commented out by Rich >> biff = no >> #mynetworks = 127.0.0.0/8, [::1]/128 >> #smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >> permit >> recipient_delimiter = + >> smtpd_tls_ciphers = medium >> inet_protocols = all >> inet_interfaces = loopback-only >> #====================================================================== >> # Rich Cook mods: >> message_size_limit = 0 >> >> relayhost=[smtp.comcast.net]:587 >> smtp_sasl_auth_enable=yes >> smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd >> smtp_use_tls = yes >> >> smtpd_sasl_auth_enable=yes >> smtpd_use_pw_server=yes >> enable_server_options=yes >> smtpd_pw_server_security_options=plain, login >> smtp_tls_loglevel=1 >> smtpd_sasl_security_options=noanonymous >> smtp_tls_security_level=encrypt >> broken_sasl_auth_clients=yes >> # commented out as I do not fully understand yet, but does not fix to put it >> back in. >> # smtpd_recipient_restrictions=check_sender_access hash:/etc/postfix/access, >> check_client_access hash:/etc/postfix/access, permit_mynetworks, >> permit_sasl_authenticated, reject_unauth_destination, check_recipient_access >> hash:/etc/postfix/access >> smtpd_sasl_local_domain=$mydomain >> smtp_sasl_mechanism_filter = >> >> # ========================================================================= >> root@RichCookHomeMac (postfix ): ls -l /etc/postfix/ >> total 392 >> -rw-r--r-- 1 root wheel 11942 Feb 8 2014 LICENSE >> -rw-r--r-- 1 root wheel 1629 Feb 8 2014 TLS_LICENSE >> -rw-r--r-- 1 root wheel 20876 Feb 8 2014 access >> -rw-r--r-- 1 root wheel 16384 Aug 15 12:17 access.db >> -rw-r--r-- 1 root wheel 8830 Aug 15 12:28 aliases >> -rw-r--r-- 1 root wheel 8829 Jun 1 14:57 aliases.desktop >> -rw-r--r-- 1 root wheel 3548 Feb 8 2014 bounce.cf.default >> -rw-r--r-- 1 root wheel 11681 Feb 8 2014 canonical >> -rw-r--r-- 1 root wheel 44 Feb 8 2014 custom_header_checks >> -rw------- 1 root wheel 157 Aug 15 11:37 fetchmailrc >> -rw-r--r-- 1 root wheel 9904 Feb 8 2014 generic >> -rw-r--r-- 1 root wheel 21535 Feb 8 2014 header_checks >> -rw-r--r-- 1 root wheel 28864 Aug 15 12:43 main.cf >> -rw-r--r-- 1 root wheel 26970 Feb 8 2014 main.cf.default >> -rw-r--r-- 1 root wheel 26155 Jun 1 15:04 main.cf.upgradedMtnLion >> -rw-r--r-- 1 root wheel 27430 Feb 8 2014 main.cf~orig >> -rw-r--r-- 1 root wheel 1441 Feb 8 2014 makedefs.out >> -rw-r--r-- 1 root wheel 7443 Feb 8 2014 master.cf >> -rw-r--r-- 1 root wheel 7443 Feb 8 2014 master.cf.default >> -rw-r--r-- 1 root wheel 18473 Feb 8 2014 postfix-files >> -rw-r--r-- 1 root wheel 6816 Feb 8 2014 relocated >> -rw-r----- 1 root wheel 44 Aug 15 10:56 sasl_passwd >> -rw-r----- 1 root wheel 16384 Aug 15 12:18 sasl_passwd.db >> -rw-r--r-- 1 root wheel 12549 Feb 8 2014 transport >> -rw-r--r-- 1 root wheel 12494 Feb 8 2014 virtual >> >> Rich Cook >> wealthyc...@gmail.com >> >> ---------------------------------------------- >> If you don't laugh enough, you might have humorrhoids, which is an >> enlargement of the onus, and the only thing you can pass then is heavy >> judgment. -- Swami Beyondananda >> >> >> >> >> > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstraße 15, 81669 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > Rich Cook wealthyc...@gmail.com ---------------------------------------------- If you don't laugh enough, you might have humorrhoids, which is an enlargement of the onus, and the only thing you can pass then is heavy judgment. -- Swami Beyondananda
