Re: [qmailtoaster] 553 Error, Outlook
[EMAIL PROTECTED] wrote: No, as we don't have 587 enabled (older version of current toaster). if you have submission port (587) I think you can create new supervise task from archive Erik show how to create new SMTP port with SSL (TLS) we alter it a little to create submission port Re: [qmailtoaster] Running qmail smtp on multiple ports SMTP + SSL (TLS) **forget the title as we are going to create submission http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg03491.html http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg00225.html http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg02669.html Erik Espinoza Wed, 15 Feb 2006 14:31:49 -0800 1) First stop qmail: service qmail stop 2) Now run this command: mkdir -p /var/qmail/supervise/smtp-ssl/supervise /var/qmail/supervise/smtp-ssl/log/supervise **change smtp-ssl into submission 3) Create a file called /var/qmail/supervise/smtp-ssl/run with the following contents **filename: /var/qmail/supervise/submission/run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw SMTPS=1 export SMTPS exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 465 \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 replace with #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw export REQUIRE_AUTH=1 exec /usr/bin/softlimit -m 2700 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 4) Create a file called /var/qmail/supervise/smtp-ssl/log/run with the following contents **its /var/qmail/supervise/submission/log/run #!/bin/sh LOGSIZE=`cat /var/qmail/control/logsize` LOGCOUNT=`cat /var/qmail/control/logcount` exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 21 replace last line with: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/submission 21 5) Execute the following command: chmod +x /var/qmail/supervise/smtp-ssl/run /var/qmail/supervise/smtp-ssl/log/run chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl change smtp-ssl with submission 6) Restart qmail: service qmail start 7) Open port tcp/465 in firewall (**I think it's mean iptables) if necessary. Now have the client that cannot connect to port 25 on your machine to set his mail client to use smtp-ssl via port 465. and ask your user to send email using port 587 with option My Server requires authentication checked. and hopefully their router and/or firewall wont filtered any data pass thru port 587 :) Thanks, Erik - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
Rather a mystery - have you try the submission port (587)? I would attempt to watch the SMTP conversation between these clients and your toaster using Ethereal or similar application. I've found the following useful for debugging SMTP_AUTH issues http://qmail.jms1.net/test-auth.shtml, although it seems like something (perhaps a firewall?) is obstructing the AUTH command. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 6:27 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] 553 Error, Outlook On Thu, 10 Apr 2008, Tim Mancour wrote: You need the NOP0FCHECK=1 environment variable - I'd also remove the DKVERIFY and DKQUEUE variables. Don't forget to qmailctl cdb. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/priv ate,N OP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER _WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/ contro l/domainkeys/%/private,NOP0FCHECK=1 OK, this has been done, but I'm still seeing the 5.5.3 error. --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
On Fri, 11 Apr 2008, Tim Mancour wrote: Hi Tim, Rather a mystery - have you try the submission port (587)? No, as we don't have 587 enabled (older version of current toaster). I would attempt to watch the SMTP conversation between these clients and your toaster using Ethereal or similar application. I've found the following useful for debugging SMTP_AUTH issues http://qmail.jms1.net/test-auth.shtml, although it seems like something (perhaps a firewall?) is obstructing the AUTH command. I'll give this a try ASAP. Thanks, --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
On Fri, 11 Apr 2008, Tim Mancour wrote: Rather a mystery - have you try the submission port (587)? I would attempt to watch the SMTP conversation between these clients and your toaster using Ethereal or similar application. I've found the following useful for debugging SMTP_AUTH issues http://qmail.jms1.net/test-auth.shtml, although it seems like something (perhaps a firewall?) is obstructing the AUTH command. OK, I've managed to do several tests, and set up wireshark to watch the SMTP converstation between our client's outlook/thunderbird and my toaster What baffles me here is that while both outlook (fully patched, all service packs), and thunderbird are set up to use SMTP-AUTH, neither ever seem to make the attempt. For example, here's a transcript of when thunderbird tries to send a test email (courtesy of wireshark): --- 220 * EHLO [127.0.0.1] 502 unimplemented (#5.5.1) HELO [127.0.0.1] 250 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server MAIL FROM:[EMAIL PROTECTED] 250 ok RCPT TO:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) QUIT 221 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server - And here's outlook's transcript (also courtesy of wireshark): 220 * EHLO MYWINDOWSHOSTNAME 502 unimplemented (#5.5.1) HELO MYWINDOWSHOSTNAME 250 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server MAIL FROM: [EMAIL PROTECTED] 250 ok RCPT TO: [EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) QUIT 221 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server -- Again, if I connect from outside the client's LAN with either Tbird or Outlook, all is well and I can relay mail. If I telnet to my toaster from the client's LAN and do a manual SMPT-AUTH test, I can relay, no problem. If I look at the client's LAN's outward facing router, I see: -- PORT STATESERVICE 21/tcp filtered ftp 22/tcp open ssh 25/tcp filtered smtp 53/tcp filtered domain 80/tcp filtered http 110/tcp filtered pop3 123/tcp filtered ntp 143/tcp filtered imap 220/tcp filtered imap3 443/tcp filtered https 993/tcp filtered imaps 1984/tcp filtered bigbrother 3306/tcp filtered mysql -- Is there something here that should be open that isn't? And why in heck are both outlook and tbird seemingly skipping the AUTH step in the SMTP conversation? Any suggestions/theories, etc., would be greatly appreciated... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
[EMAIL PROTECTED] wrote: On Fri, 11 Apr 2008, Tim Mancour wrote: Rather a mystery - have you try the submission port (587)? I would attempt to watch the SMTP conversation between these clients and your toaster using Ethereal or similar application. I've found the following useful for debugging SMTP_AUTH issues http://qmail.jms1.net/test-auth.shtml, although it seems like something (perhaps a firewall?) is obstructing the AUTH command. OK, I've managed to do several tests, and set up wireshark to watch the SMTP converstation between our client's outlook/thunderbird and my toaster What baffles me here is that while both outlook (fully patched, all service packs), and thunderbird are set up to use SMTP-AUTH, neither ever seem to make the attempt. For example, here's a transcript of when thunderbird tries to send a test email (courtesy of wireshark): --- 220 * EHLO [127.0.0.1] 502 unimplemented (#5.5.1) HELO [127.0.0.1] 250 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server MAIL FROM:[EMAIL PROTECTED] 250 ok RCPT TO:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) QUIT 221 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server - And here's outlook's transcript (also courtesy of wireshark): 220 * EHLO MYWINDOWSHOSTNAME 502 unimplemented (#5.5.1) HELO MYWINDOWSHOSTNAME 250 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server MAIL FROM: [EMAIL PROTECTED] 250 ok RCPT TO: [EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) QUIT 221 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server -- Again, if I connect from outside the client's LAN with either Tbird or Outlook, all is well and I can relay mail. If I telnet to my toaster from the client's LAN and do a manual SMPT-AUTH test, I can relay, no problem. If I look at the client's LAN's outward facing router, I see: -- PORT STATESERVICE 21/tcp filtered ftp 22/tcp open ssh 25/tcp filtered smtp 53/tcp filtered domain 80/tcp filtered http 110/tcp filtered pop3 123/tcp filtered ntp 143/tcp filtered imap 220/tcp filtered imap3 443/tcp filtered https 993/tcp filtered imaps 1984/tcp filtered bigbrother 3306/tcp filtered mysql -- Is there something here that should be open that isn't? And why in heck are both outlook and tbird seemingly skipping the AUTH step in the SMTP conversation? Any suggestions/theories, etc., would be greatly appreciated... --Duncan We might have covered this already, but are you using the stock toaster firewall? It would block (entirely, I believe) traffic from local IPs. That doesn't explain what we're seeing though. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
On Fri, 11 Apr 2008, Tim Mancour wrote: Rather a mystery - have you try the submission port (587)? I would attempt to watch the SMTP conversation between these clients and your toaster using Ethereal or similar application. I've found the following useful for debugging SMTP_AUTH issues http://qmail.jms1.net/test-auth.shtml, although it seems like something (perhaps a firewall?) is obstructing the AUTH command. One further detail: If I telnet into my toaster from a box outside the client's LAN I get: # telnet my.toaster.com 25 Trying 123.123.123.123... Connected to my.toaster.com (123.123.123.123). Escape character is '^]'. 220 my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP ehlo mytestbox.com 250-my.toaster.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 20971520 250 AUTH LOGIN PLAIN CRAM-MD5 Very different from what's being seen by tbird and outlook on my client's LAN (as outlined in my last post)... TIA for any/all input, --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
On Fri, 11 Apr 2008, Eric Shubert wrote: Hi Eric, We might have covered this already, but are you using the stock toaster firewall? It would block (entirely, I believe) traffic from local IPs. That doesn't explain what we're seeing though. Yes, but the client having the problem is coming in from a legit/routable IP (not a private IP on a LAN), i.e., they talk to our toaster via the net. --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
What baffles me here is that while both outlook (fully patched, all service packs), and thunderbird are set up to use SMTP-AUTH, neither ever seem to make the attempt. Both Outlook and Thunderbird are receiving 502 unimplemented (#5.5.1) as the response to the EHLO command so they fall back to non-extended SMTP and use the HELO command. The AUTH command because it is part of the SMTP extensions so if is never issued by either client. When you telnet from the client's LAN, what response are you getting from your EHLO command? If you are receiving an unimplemented response, then I agree with Eric that your problem is most likely the router that you mention (it shouldn't know if the command is generated by Telnet or Outlook). The configuration you give for the router also shows port 25 as being filtered - 25/tcp filtered smtp. Have you considered upgrading your toaster so that these users could use the submission port? Regards, Tim - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
Have you tried to SMTP_AUTH using their accounts and a different client (e.g. Thunderbird)? If that works then I'd ask the users to either change clients or update their versions of Outlook/Outlook Express. Office SP3 fixed a number of issue that some of my users had sending/receiving Email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 12:21 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] 553 Error, Outlook On Wed, 9 Apr 2008, Eric Shubert wrote: Only two clients (with two separate vdomains) are having this problem. Do they have Outgoing server requires authentication selected? That setting's not on by default. Yes, most definitely. --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
On Thu, 10 Apr 2008, Tim Mancour wrote: Hi Tim, Have you tried to SMTP_AUTH using their accounts and a different client (e.g. Thunderbird)? If that works then I'd ask the users to either change clients or update their versions of Outlook/Outlook Express. Office SP3 fixed a number of issue that some of my users had sending/receiving Email. Just tried setting up Thunderbird on one of the client's PCs with SMPT_AUTH, and got the same error message with outgoing mail as I do with outlook: sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3-chkuser). Please check the message recipients and try again. I'm never prompted for a password for the outgoing mail. In the SMTP log, I find: ./smtp/current:@400047fe86e91e7a77a4 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote [127.0.0.1]:unknown:123.123.123.123 rcpt : sender accepted ./smtp/current:@400047fe86ea26c91d84 CHKUSER rejected relaying: from [EMAIL PROTECTED]:: remote [127.0.0.1]:unknown:123.123.123.123 rcpt [EMAIL PROTECTED] : client not allowed to relay Again, [EMAIL PROTECTED] is a live account that lives on our toaster. It can POP mail just fine... Meanwhile, if I or the client try to send mail via any of their accounts *outside* of their LAN, I'm prompted for an outgoing password, and it works just fine. So far as we know, they aren't using any firewalling, or blocking ports; their accounts worked fine on our older toaster. Quite the mystery really... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
Please post your /etc/tcprules.d/tcp.smtp file. [EMAIL PROTECTED] wrote: On Thu, 10 Apr 2008, Tim Mancour wrote: Hi Tim, Have you tried to SMTP_AUTH using their accounts and a different client (e.g. Thunderbird)? If that works then I'd ask the users to either change clients or update their versions of Outlook/Outlook Express. Office SP3 fixed a number of issue that some of my users had sending/receiving Email. Just tried setting up Thunderbird on one of the client's PCs with SMPT_AUTH, and got the same error message with outgoing mail as I do with outlook: sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3-chkuser). Please check the message recipients and try again. I'm never prompted for a password for the outgoing mail. In the SMTP log, I find: ./smtp/current:@400047fe86e91e7a77a4 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote [127.0.0.1]:unknown:123.123.123.123 rcpt : sender accepted ./smtp/current:@400047fe86ea26c91d84 CHKUSER rejected relaying: from [EMAIL PROTECTED]:: remote [127.0.0.1]:unknown:123.123.123.123 rcpt [EMAIL PROTECTED] : client not allowed to relay Again, [EMAIL PROTECTED] is a live account that lives on our toaster. It can POP mail just fine... Meanwhile, if I or the client try to send mail via any of their accounts *outside* of their LAN, I'm prompted for an outgoing password, and it works just fine. So far as we know, they aren't using any firewalling, or blocking ports; their accounts worked fine on our older toaster. Quite the mystery really... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
On Thu, 10 Apr 2008, Eric Shubert wrote: Please post your /etc/tcprules.d/tcp.smtp file. Sure thing: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig,DKSIGN=/var/qmail/control/domainkeys/%/private Thanks, --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
You need the NOP0FCHECK=1 environment variable - I'd also remove the DKVERIFY and DKQUEUE variables. Don't forget to qmailctl cdb. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,N OP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
On Thu, 10 Apr 2008, Tim Mancour wrote: You need the NOP0FCHECK=1 environment variable - I'd also remove the DKVERIFY and DKQUEUE variables. Don't forget to qmailctl cdb. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,N OP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 OK, this has been done, but I'm still seeing the 5.5.3 error. --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] 553 Error, Outlook
On Thu, 10 Apr 2008, Tim Mancour wrote: You need the NOP0FCHECK=1 environment variable - I'd also remove the DKVERIFY and DKQUEUE variables. Don't forget to qmailctl cdb. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,N OP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 Did I need to restart qmail after rebuilding the tcp file? --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
[EMAIL PROTECTED] wrote: On Thu, 10 Apr 2008, Tim Mancour wrote: You need the NOP0FCHECK=1 environment variable - I'd also remove the DKVERIFY and DKQUEUE variables. Don't forget to qmailctl cdb. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,N OP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 Did I need to restart qmail after rebuilding the tcp file? --Duncan No, a simple qmailctl cdb should do it. I think at this point I'd either try to telnet into the server and do a smtp session manually, or turn on recordio and see what's happening. You should be able to find instructions for either in the list archives (I don't recall off the top of my head how to do them). -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
[EMAIL PROTECTED] wrote: Hi All, I have two clients who we've recently moved from our older toaster to our newer one. Both use outlook/outlook express, and both can receive incoming mail, but not send it (relay) to domains not living on the toaster. In other words, if the client sends to their own accounts within their own vdomain, or to another vdomain on the toaster, it works. If they try to send to any domain not on the toaster, they get: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) This is with a fresh outlook install, and a fresh user account, known good. I've verified this directly, so I know the clients aren't imagining this. Any suggestions are greatly appreciated. TIA, --Duncan Sounds like authentication is failing. .) does webmail work? (I'd guess it does) .) are they using port 25? I'm guessing so. Have them try 587. Do use TLS, do not use SPA. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
On Wed, 9 Apr 2008, Eric Shubert wrote: Hi Eric, Sounds like authentication is failing. .) does webmail work? (I'd guess it does) Yes. .) are they using port 25? I'm guessing so. Have them try 587. Do use TLS, do not use SPA. Unfortunately, our new toaster is old enough not to have 587. I'll try setting up TLS. Thanks, --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
The likely error is in your tcprules.d/tcp.smtp file By default, the system will only allow mail to flow THROUGH the server (in other words, RELAY) from users ON the server. You'll need to add one of the following lines (Only 1 is required -- the 1 that applies to your LAN network) to allow LAN connected users to send mail to OTHER domains. 10.:allow,RELAYCLIENT= 172.16.:allow,RELAYCLIENT= 172.17.:allow,RELAYCLIENT= 172.18.:allow,RELAYCLIENT= 172.19.:allow,RELAYCLIENT= 172.20.:allow,RELAYCLIENT= 172.21.:allow,RELAYCLIENT= 172.22.:allow,RELAYCLIENT= 172.23.:allow,RELAYCLIENT= 172.24.:allow,RELAYCLIENT= 172.25.:allow,RELAYCLIENT= 172.26.:allow,RELAYCLIENT= 172.27.:allow,RELAYCLIENT= 172.28.:allow,RELAYCLIENT= 172.29.:allow,RELAYCLIENT= 172.30.:allow,RELAYCLIENT= 172.31.:allow,RELAYCLIENT= 192.168.:allow,RELAYCLIENT= This is in ADDITION to the current lines (default for the toaster) that should look something like: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,BADLOADERTYPE=M,\ CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,\ DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,\ DKQUEUE=/var/qmail/bin/qmail-queue.orig,\ DKSIGN=/var/qmail/control/domainkeys/%/private NOTE: An alternative is to require ALL users to login to the SMTP server -- this bypasses the no-relay rule as well. I hope this helps someone! Dan Daniel McAllister, President IT4SOHO, LLC 224 - 13th Avenue N St. Petersburg, FL 33701 877-IT4SOHO: Toll Free 727-647-7646 In Pinellas 813-464-2093 In Hillsborough 727-507-9435 Fax Only When did you do your last backup? Ask me about unattended offsite backup solutions... to protect your business, not just your data! [EMAIL PROTECTED] wrote: Hi All, I have two clients who we've recently moved from our older toaster to our newer one. Both use outlook/outlook express, and both can receive incoming mail, but not send it (relay) to domains not living on the toaster. In other words, if the client sends to their own accounts within their own vdomain, or to another vdomain on the toaster, it works. If they try to send to any domain not on the toaster, they get: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) This is with a fresh outlook install, and a fresh user account, known good. I've verified this directly, so I know the clients aren't imagining this. Any suggestions are greatly appreciated. TIA, --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
While that method will work, it is somewhat risky. If a user on one of your relayed subnets picks up a piece of malware that send emails, your server could become blacklisted rather easily. It's better to get authentication working properly. ;) Dan McAllister wrote: The likely error is in your tcprules.d/tcp.smtp file By default, the system will only allow mail to flow THROUGH the server (in other words, RELAY) from users ON the server. You'll need to add one of the following lines (Only 1 is required -- the 1 that applies to your LAN network) to allow LAN connected users to send mail to OTHER domains. 10.:allow,RELAYCLIENT= 172.16.:allow,RELAYCLIENT= 172.17.:allow,RELAYCLIENT= 172.18.:allow,RELAYCLIENT= 172.19.:allow,RELAYCLIENT= 172.20.:allow,RELAYCLIENT= 172.21.:allow,RELAYCLIENT= 172.22.:allow,RELAYCLIENT= 172.23.:allow,RELAYCLIENT= 172.24.:allow,RELAYCLIENT= 172.25.:allow,RELAYCLIENT= 172.26.:allow,RELAYCLIENT= 172.27.:allow,RELAYCLIENT= 172.28.:allow,RELAYCLIENT= 172.29.:allow,RELAYCLIENT= 172.30.:allow,RELAYCLIENT= 172.31.:allow,RELAYCLIENT= 192.168.:allow,RELAYCLIENT= This is in ADDITION to the current lines (default for the toaster) that should look something like: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,BADLOADERTYPE=M,\ CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,\ DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,\ DKQUEUE=/var/qmail/bin/qmail-queue.orig,\ DKSIGN=/var/qmail/control/domainkeys/%/private NOTE: An alternative is to require ALL users to login to the SMTP server -- this bypasses the no-relay rule as well. I hope this helps someone! Dan Daniel McAllister, President IT4SOHO, LLC 224 - 13th Avenue N St. Petersburg, FL 33701 877-IT4SOHO: Toll Free 727-647-7646 In Pinellas 813-464-2093 In Hillsborough 727-507-9435 Fax Only When did you do your last backup? Ask me about unattended offsite backup solutions... to protect your business, not just your data! [EMAIL PROTECTED] wrote: Hi All, I have two clients who we've recently moved from our older toaster to our newer one. Both use outlook/outlook express, and both can receive incoming mail, but not send it (relay) to domains not living on the toaster. In other words, if the client sends to their own accounts within their own vdomain, or to another vdomain on the toaster, it works. If they try to send to any domain not on the toaster, they get: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) This is with a fresh outlook install, and a fresh user account, known good. I've verified this directly, so I know the clients aren't imagining this. Any suggestions are greatly appreciated. TIA, --Duncan -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
On Wed, 9 Apr 2008, Eric Shubert wrote: Hi Eric, Sounds like authentication is failing. .) does webmail work? (I'd guess it does) .) are they using port 25? I'm guessing so. Have them try 587. Do use TLS, do not use SPA. I've checked, but find no option to enable TLS in the Outlook 2003 client. SSL, sure, but not TLS. No joy with googling on this either--lots of references to enabling TLS on an exchange server, but not in the Outlook client. Enabling SSL (only option other than SPA) simply generates an error saying that the toaster doesn't support it. SPA is *not* enabled. Oh and just to clarify--all of our clients have live accounts on our toaster. Only people with accounts on the box send (relay) mail through it... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
On Wed, 9 Apr 2008, Dan McAllister wrote: The likely error is in your tcprules.d/tcp.smtp file Hmm. All of our vdomain clients are offsite--i.e. they all connect via port 25 to send (there are no LAN connections to the toaster via private IP) outgoing mail through our toaster. Many use outlook, with only SMTP-AUTH enabled and have no problem sending mail. Only two clients (with two separate vdomains) are having this problem. Thanks, --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
[EMAIL PROTECTED] wrote: On Wed, 9 Apr 2008, Dan McAllister wrote: The likely error is in your tcprules.d/tcp.smtp file Hmm. All of our vdomain clients are offsite--i.e. they all connect via port 25 to send (there are no LAN connections to the toaster via private IP) outgoing mail through our toaster. Many use outlook, with only SMTP-AUTH enabled and have no problem sending mail. Only two clients (with two separate vdomains) are having this problem. Thanks, --Duncan Do they have Outgoing server requires authentication selected? That setting's not on by default. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
Checking the This server requires a secure connection box will enable what Microsoft refers to as SMTP-TLS/SSL or just SMTP-TLS to anybody that lives outside of the collective. - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 09, 2008 5:58 PM Subject: Re: [qmailtoaster] 553 Error, Outlook On Wed, 9 Apr 2008, Eric Shubert wrote: Hi Eric, Sounds like authentication is failing. .) does webmail work? (I'd guess it does) .) are they using port 25? I'm guessing so. Have them try 587. Do use TLS, do not use SPA. I've checked, but find no option to enable TLS in the Outlook 2003 client. SSL, sure, but not TLS. No joy with googling on this either--lots of references to enabling TLS on an exchange server, but not in the Outlook client. Enabling SSL (only option other than SPA) simply generates an error saying that the toaster doesn't support it. SPA is *not* enabled. Oh and just to clarify--all of our clients have live accounts on our toaster. Only people with accounts on the box send (relay) mail through it... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
I believe that a) you're talking about Outlook 2003 (Outlook 2007 lets you select between none, SSL, TLS, and Auto) b) said box in Outlook 2003 does *not* enable TLS. It may enable SSL, I'm not sure. At least that's what my experimenting has shown. Just want to be clear about this, Tim. ;) Tim Mancour wrote: Checking the This server requires a secure connection box will enable what Microsoft refers to as SMTP-TLS/SSL or just SMTP-TLS to anybody that lives outside of the collective. - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 09, 2008 5:58 PM Subject: Re: [qmailtoaster] 553 Error, Outlook On Wed, 9 Apr 2008, Eric Shubert wrote: Hi Eric, Sounds like authentication is failing. .) does webmail work? (I'd guess it does) .) are they using port 25? I'm guessing so. Have them try 587. Do use TLS, do not use SPA. I've checked, but find no option to enable TLS in the Outlook 2003 client. SSL, sure, but not TLS. No joy with googling on this either--lots of references to enabling TLS on an exchange server, but not in the Outlook client. Enabling SSL (only option other than SPA) simply generates an error saying that the toaster doesn't support it. SPA is *not* enabled. Oh and just to clarify--all of our clients have live accounts on our toaster. Only people with accounts on the box send (relay) mail through it... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
I don't have Outlook 2003 available at the moment but I just checked using Ethereal and Outlook Express 6 negotiates a TLS session with my toaster. Also, according to http://support.microsoft.com/kb/839629, TLS support was fixed in the post-Service Pack 1 hotfix package for Outlook 2003. Glad to hear that Microsoft picked up something from Thunderbird et.al. for Outlook 2007 ;-) - Original Message - From: Eric Shubert [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 09, 2008 8:18 PM Subject: Re: [qmailtoaster] 553 Error, Outlook I believe that a) you're talking about Outlook 2003 (Outlook 2007 lets you select between none, SSL, TLS, and Auto) b) said box in Outlook 2003 does *not* enable TLS. It may enable SSL, I'm not sure. At least that's what my experimenting has shown. Just want to be clear about this, Tim. ;) Tim Mancour wrote: Checking the This server requires a secure connection box will enable what Microsoft refers to as SMTP-TLS/SSL or just SMTP-TLS to anybody that lives outside of the collective. - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 09, 2008 5:58 PM Subject: Re: [qmailtoaster] 553 Error, Outlook On Wed, 9 Apr 2008, Eric Shubert wrote: Hi Eric, Sounds like authentication is failing. .) does webmail work? (I'd guess it does) .) are they using port 25? I'm guessing so. Have them try 587. Do use TLS, do not use SPA. I've checked, but find no option to enable TLS in the Outlook 2003 client. SSL, sure, but not TLS. No joy with googling on this either--lots of references to enabling TLS on an exchange server, but not in the Outlook client. Enabling SSL (only option other than SPA) simply generates an error saying that the toaster doesn't support it. SPA is *not* enabled. Oh and just to clarify--all of our clients have live accounts on our toaster. Only people with accounts on the box send (relay) mail through it... --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 553 Error, Outlook
On Wed, 9 Apr 2008, Eric Shubert wrote: Only two clients (with two separate vdomains) are having this problem. Do they have Outgoing server requires authentication selected? That setting's not on by default. Yes, most definitely. --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]