Re: automatic email account configuration, postfix pipelining restriction
On 04/21/2018 07:59 PM, David Mehler wrote: Hello Viktor, Bingo! That did it. In the .xml file I changed ssl to encryption tls and it well got further than it did. I had some issues with smtpd* restrictions specifically helo restrictions, I commented them out. So outlook autodiscover is working, thunderbird autoconfig still is not. Going to start another thread about my smtpd* restrictions, but any other suggestions on thunderbird appreciated. Thanks for helping with outlook. Dave. On 4/21/18, Viktor Dukhovniwrote: On Apr 21, 2018, at 2:06 PM, David Mehler wrote: Thanks. I'm sorry I should probably have more completely clarified that. Different client entirely, the previous message I was attempting autoconfig with Thunderbird and getting those errors. This time I'm trying outlook 2010 with autodiscover and getting the errors in my last message. I thought to keep it under the same thread. For completeness and because I probably confused everyone, here's an outlook 2010 attempted connection and my current main.cf and master.cf files. Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: connect from Connecting-Host-And-IP Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: lost connection after UNKNOWN from Connecting-Host-And-IP Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: disconnect from Connecting-Host-And-IP unknown=0/1 commands=0/1 You've probably configured Outlook to do (implicit) SSL on port 587, rather than STARTTLS. You should either direct its connections to port 465 with "wrapper mode TLS", or configure it to do STARTTLS on 587. -- Viktor. look into https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration and https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat note, using MX records in DNS supersedes the config file, so choose your poison wisely. in your web server docroot, create a dir called mail, in mail, edit config-v1.1.xml. mine is cited below for convenience: bpk2.com bpk2.com bpk2 imap.bpk2.com 143 STARTTLS GSSAPI %EMAILLOCALPART% submission.bpk2.com 587 plain GSSAPI %EMAILLOCALPART% http://www.bpk2.com/imap.html;> IMAP General Settings http://www.bpk2.com/smtp.html;> SMTP General Settings https://www.bpk2.com/roundcube/; /> https://www.bpk2.com/roundcube/;> %EMAILLOCALPART%
Re: automatic email account configuration, postfix pipelining restriction
Hello Viktor, Bingo! That did it. In the .xml file I changed ssl to encryption tls and it well got further than it did. I had some issues with smtpd* restrictions specifically helo restrictions, I commented them out. So outlook autodiscover is working, thunderbird autoconfig still is not. Going to start another thread about my smtpd* restrictions, but any other suggestions on thunderbird appreciated. Thanks for helping with outlook. Dave. On 4/21/18, Viktor Dukhovniwrote: > > >> On Apr 21, 2018, at 2:06 PM, David Mehler wrote: >> >> Thanks. I'm sorry I should probably have more completely clarified >> that. Different client entirely, the previous message I was attempting >> autoconfig with Thunderbird and getting those errors. >> >> This time I'm trying outlook 2010 with autodiscover and getting the >> errors in my last message. I thought to keep it under the same thread. >> >> For completeness and because I probably confused everyone, here's an >> outlook 2010 attempted connection and my current main.cf and master.cf >> files. >> >> Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: connect from >> Connecting-Host-And-IP >> Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: lost >> connection after UNKNOWN from Connecting-Host-And-IP >> Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: disconnect >> from Connecting-Host-And-IP unknown=0/1 commands=0/1 > > You've probably configured Outlook to do (implicit) SSL on port 587, > rather than STARTTLS. You should either direct its connections to > port 465 with "wrapper mode TLS", or configure it to do STARTTLS on > 587. > > -- > Viktor. > >
Re: automatic email account configuration, postfix pipelining restriction
> On Apr 21, 2018, at 2:06 PM, David Mehlerwrote: > > Thanks. I'm sorry I should probably have more completely clarified > that. Different client entirely, the previous message I was attempting > autoconfig with Thunderbird and getting those errors. > > This time I'm trying outlook 2010 with autodiscover and getting the > errors in my last message. I thought to keep it under the same thread. > > For completeness and because I probably confused everyone, here's an > outlook 2010 attempted connection and my current main.cf and master.cf > files. > > Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: connect from > Connecting-Host-And-IP > Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: lost > connection after UNKNOWN from Connecting-Host-And-IP > Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: disconnect > from Connecting-Host-And-IP unknown=0/1 commands=0/1 You've probably configured Outlook to do (implicit) SSL on port 587, rather than STARTTLS. You should either direct its connections to port 465 with "wrapper mode TLS", or configure it to do STARTTLS on 587. -- Viktor.
Re: automatic email account configuration, postfix pipelining restriction
Hello, Thanks. I'm sorry I should probably have more completely clarified that. Different client entirely, the previous message I was attempting autoconfig with Thunderbird and getting those errors. This time I'm trying outlook 2010 with autodiscover and getting the errors in my last message. I thought to keep it under the same thread. For completeness and because I probably confused everyone, here's an outlook 2010 attempted connection and my current main.cf and master.cf files. Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: connect from Connecting-Host-And-IP Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: lost connection after UNKNOWN from Connecting-Host-And-IP Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: disconnect from Connecting-Host-And-IP unknown=0/1 commands=0/1 #cat master.cf smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #-o smtpd_sasl_auth_enable=no #smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy # Submission port 587 for client connection / sending mails from authenticated users submission inet n - n - - smtpd -v -o syslog_name=postfix/submission # Encrypt by default -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject -o tls_preempt_cipherlist=yes #smtps inet n - n - - smtpd #-o syslog_name=postfix/smtps #-o smtpd_tls_wrappermode=yes #-o smtpd_sasl_auth_enable=yes #-o smtpd_reject_unlisted_recipient=no #-o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject #-o tls_preempt_cipherlist=yes # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickupunix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache # for SPF support spf-policy unix - n n - 0 spawn user=vmail argv=/usr/local/bin/perl /usr/local/libexec/postfix-policyd-spf-perl dfilt unix- n n - - pipe flags=Rq user=filter argv=/usr/local/etc/postfix/disclaimer -f ${sender} -r ${recipient} # scan service for clamsmtpd scan unix - - n - 16 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 #cat main.cf
Re: automatic email account configuration, postfix pipelining restriction
David Mehler: > Hello, > > I am still trying to get this email sending with autodiscover working. > I've temporarily put Thunderbird aside as it looks like it has a long > standing compatibility issue with sending commands to early, and have > switched to outlook 2010. With it I am getting the following which I > do not know what unknown is. > > Apr 21 04:22:38 hostname postfix/submission/smtpd[44179]: connect from > Connecting-Host-and-IP > Apr 21 04:22:39 hostname postfix/submission/smtpd[44179]: lost > connection after UNKNOWN from Connection-hostname-ip Please do not remove crucial evidence. I suppose that you still have Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]: improper command pipelining after EHLO from Connecting-Machine-Hostname-And-IP: QUIT\r\n. If you don't have this, what did you do to change the client's behavior? I suppose that you also have: disconnect from hostname[address] ehlo=1... What is the complete set of logfile records? Wietse
Re: automatic email account configuration, postfix pipelining restriction
Hello, I am still trying to get this email sending with autodiscover working. I've temporarily put Thunderbird aside as it looks like it has a long standing compatibility issue with sending commands to early, and have switched to outlook 2010. With it I am getting the following which I do not know what unknown is. Apr 21 04:22:38 hostname postfix/submission/smtpd[44179]: connect from Connecting-Host-and-IP Apr 21 04:22:39 hostname postfix/submission/smtpd[44179]: lost connection after UNKNOWN from Connection-hostname-ip I've tried adjusting broken_sasl_auth_clients no by default, set it to yes, didn't change anything. My current smtpd_restrictions: main.cf: # Conditions in which Postfix works as a relay. (for mail user clients) smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_helo_access hash:/usr/local/etc/postfix/helo_access, ,check_helo_access pcre:/usr/local/etc/postfix/helo_checks ,check_sender_mx_access cidr:/usr/local/etc/postfix/bogus_mx check_sender_access hash:/usr/local/etc/postfix/safe_addresses check_sender_access hash:/usr/local/etc/postfix/auto-whtlst check_client_access cidr:/usr/local/etc/postfix/spamfarms check_client_access cidr:/usr/local/etc/postfix/sinokorea.cidr check_recipient_access mysql:/usr/local/etc/postfix/db/recipient-access.cf permit_dnswl_client list.dnswl.org=127.0.[2..14].[1..3] check_reverse_client_hostname_access pcre:/usr/local/etc/postfix/fqrdns.pcre reject_unknown_reverse_client_hostname reject_non_fqdn_sender #reject_non_fqdn_helo_hostname #reject_invalid_helo_hostname #reject_unknown_helo_hostname reject_unlisted_recipient reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org check_policy_service unix:private/spf-policy # Postfix Quota status service #check_policy_service inet:127.0.0.1:12345 check_policy_service unix:private/dovecot-quota # Restrictions for all sending foreign servers ("SMTP clients") smtpd_client_restrictions = permit_mynetworks #check_client_access hash:/usr/local/etc/postfix/without_ptr #reject_unknown_client_hostname smtpd_helo_required = yes smtpd_helo_restrictions = #permit_mynetworks #reject_invalid_helo_hostname #reject_non_fqdn_helo_hostname #reject_unknown_helo_hostname # Block clients, which start sending too early #smtpd_data_restrictions = reject_unauth_pipelining # Restrictions for MUAs #mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject #mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject #mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject and in master.cf: submission inet n - n - - smtpd -o syslog_name=postfix/submission # for opportunistic smtpd #-o smtpd_tls_security_level=may # Encrypt by default -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject #-o smtpd_sender_login_maps=mysql:/usr/local/etc/postfix/db/sender-login-maps.cf -o tls_preempt_cipherlist=yes #-o cleanup_service_name=submission-header-cleanup Are these restrictions right in main.cf and master.cf? Thanks. Dave. On 4/20/18, Wietse Venemawrote: > David Mehler: >> Hi, >> >> It's Thunderbird 52.7. Is there a workaround to make this work? > > Yes, do nothing. In particular, do not use the Postfix > reject_unauth_pipelining feature, because that would trigger > a REJECT response. > > Wietse > >> On 4/20/18, Viktor Dukhovni wrote: >> > >> > >> >> On Apr 20, 2018, at 4:52 PM, David Mehler >> >> wrote: >> >> >> >> I'm atempting to configure email autoconfig and autodiscover services >> >> for Mozilla and Microsoft clients. I'm using Postfix 3.3. At first I >> >> thought I was dealing with either an Apache or Dovecot issue, now I'm >> >> thinking it's an error with my Postfix configuration. >> >> >> >> Whenever I atempt a connection I'm getting this in my postfix error >> >> log >> >> file: >> >> >> >> Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]: improper >> >> command pipelining after EHLO from Connecting-Machine-Hostname-And-IP: >> >> QUIT\r\n >> > >> > This client does not implement SMTP correctly. There's nothing wrong >> > with the Postfix configuration. The client MUST wait for the EHLO >> > response *before* sending QUIT. >> > >> > --
Re: automatic email account configuration, postfix pipelining restriction
David Mehler: > Hi, > > It's Thunderbird 52.7. Is there a workaround to make this work? Yes, do nothing. In particular, do not use the Postfix reject_unauth_pipelining feature, because that would trigger a REJECT response. Wietse > On 4/20/18, Viktor Dukhovniwrote: > > > > > >> On Apr 20, 2018, at 4:52 PM, David Mehler wrote: > >> > >> I'm atempting to configure email autoconfig and autodiscover services > >> for Mozilla and Microsoft clients. I'm using Postfix 3.3. At first I > >> thought I was dealing with either an Apache or Dovecot issue, now I'm > >> thinking it's an error with my Postfix configuration. > >> > >> Whenever I atempt a connection I'm getting this in my postfix error log > >> file: > >> > >> Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]: improper > >> command pipelining after EHLO from Connecting-Machine-Hostname-And-IP: > >> QUIT\r\n > > > > This client does not implement SMTP correctly. There's nothing wrong > > with the Postfix configuration. The client MUST wait for the EHLO > > response *before* sending QUIT. > > > > -- > > Viktor. > > > > >
Re: automatic email account configuration, postfix pipelining restriction
Hi, It's Thunderbird 52.7. Is there a workaround to make this work? Thanks. Dave. On 4/20/18, Viktor Dukhovniwrote: > > >> On Apr 20, 2018, at 4:52 PM, David Mehler wrote: >> >> I'm atempting to configure email autoconfig and autodiscover services >> for Mozilla and Microsoft clients. I'm using Postfix 3.3. At first I >> thought I was dealing with either an Apache or Dovecot issue, now I'm >> thinking it's an error with my Postfix configuration. >> >> Whenever I atempt a connection I'm getting this in my postfix error log >> file: >> >> Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]: improper >> command pipelining after EHLO from Connecting-Machine-Hostname-And-IP: >> QUIT\r\n > > This client does not implement SMTP correctly. There's nothing wrong > with the Postfix configuration. The client MUST wait for the EHLO > response *before* sending QUIT. > > -- > Viktor. > >
Re: automatic email account configuration, postfix pipelining restriction
> On Apr 20, 2018, at 4:52 PM, David Mehlerwrote: > > I'm atempting to configure email autoconfig and autodiscover services > for Mozilla and Microsoft clients. I'm using Postfix 3.3. At first I > thought I was dealing with either an Apache or Dovecot issue, now I'm > thinking it's an error with my Postfix configuration. > > Whenever I atempt a connection I'm getting this in my postfix error log file: > > Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]: improper > command pipelining after EHLO from Connecting-Machine-Hostname-And-IP: > QUIT\r\n This client does not implement SMTP correctly. There's nothing wrong with the Postfix configuration. The client MUST wait for the EHLO response *before* sending QUIT. -- Viktor.
automatic email account configuration, postfix pipelining restriction
Hello, I'm atempting to configure email autoconfig and autodiscover services for Mozilla and Microsoft clients. I'm using Postfix 3.3. At first I thought I was dealing with either an Apache or Dovecot issue, now I'm thinking it's an error with my Postfix configuration. Whenever I atempt a connection I'm getting this in my postfix error log file: Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]: improper command pipelining after EHLO from Connecting-Machine-Hostname-And-IP: QUIT\r\n Suggestions welcome. Thanks. Dave. If it helps here's my postfix master.cf and main.cf files: #cat master.cf smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #-o smtpd_sasl_auth_enable=no #smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy # Submission port 587 for client connection / sending mails from authenticated users submission inet n - n - - smtpd -o syslog_name=postfix/submission # for opportunistic smtpd #-o smtpd_tls_security_level=may # Encrypt by default -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_relay_restrictions=$mua_relay_restrictions -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject -o smtpd_sender_login_maps=mysql:/usr/local/etc/postfix/db/sender-login-maps.cf -o tls_preempt_cipherlist=yes #smtps inet n - n - - smtpd #-o syslog_name=postfix/smtps #-o smtpd_tls_wrappermode=yes #-o smtpd_sasl_auth_enable=yes #-o smtpd_reject_unlisted_recipient=no #-o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject #-o tls_preempt_cipherlist=yes # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickupunix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache # for SPF support spf-policy unix - n n - 0 spawn user=vmail argv=/usr/local/bin/perl /usr/local/libexec/postfix-policyd-spf-perl dfilt unix- n n - - pipe flags=Rq user=filter argv=/usr/local/etc/postfix/disclaimer -f ${sender} -r ${recipient} # scan service for clamsmtpd scan unix - - n - 16 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host