Relay implementation does not work on smtp outlook

Hello everyone, I finally saw the implementation of the relay on mail with the v 1.40

Unfortunately, compared to the previous tests, nothing has changed compared to the manual configuration with podman, that is, I always get the same error using TLS and port 587:

SASL authentication failed; cannot authenticate to server smtp-mail.outlook.com[52.98.159.22]: no mechanism available

On neth7 it always worked …Without further changes .

Where did you find this error? Is it from the UI validation or is it a Mail log line?

I don’t have an Outlook account to run a test, but from that server response AUTH LOGIN is available so I’d expect it works…

openssl s_client -starttls smtp -connect smtp-mail.outlook.com:587 -crlf
...
EHLO nethesis.it
250-MI1P293CA0024.outlook.office365.com Hello [80.17.99.73]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN XOAUTH2
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
QUIT
DONE

Hi Davide and thank you for answering, what you read is from the gui, but to follow you will report an excerpt from the journal …

May 16 18:25:45 ns8 postfix/smtp[12141]: Untrusted TLS connection established to smtp-mail.outlook.com[52.98.163.38]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (secp384r1) server-signature RSA-PSS (2048 bits) server-digest SHA256
May 16 18:25:45 ns8 postfix/smtp[12141]: warning: SASL authentication failure: No worthy mechs found
May 16 18:25:45 ns8 postfix/smtp[12141]: 0BAF0A4C31: SASL authentication failed; cannot authenticate to server smtp-mail.outlook.com[52.98.163.38]: no mechanism available

So you saved a relay rule but mail cannot be sent, can you confirm?

If so, there is probably a bug in the Postfix container.

Yes, here is the rule:

I don’t know but probably, as as previously written on neth7 it has been working wonderfully for years.

1 Like

Bug filed here

3 Likes
2 Likes

api-cli run update-module --data '{"module_url":"ghcr.io/nethserver/mail:1.4.1-dev.1","instances":["mail1"],"force":true}'

if you want to test the fix to help the development, adjust with the module_id of your mail module (check the status page of the module)

1 Like

Of course you do! Can I run that is, that you wrote directly from the shell?

Take a snapshot before you test and again try to use outlook as relay, adjust to hour module id of your mail server

So @stephdl I performed a snap , and activated the relay . I sent two emails to the domain.gmail and icloud (the most awaited domains to receive spam …) and they both arrived.

Here is an excerpt from the journal:slight_smile:

ay 21 21:15:35 ns8 dovecot[131693]: imap(francesco)<219><x7l3pPsY3KQKBQQB>: save: box=Sent, uid=68, msgid=<cd4b116288526bfd9c716799691c9f53@internal.lan>, from=Francesco<francesco@internal.lan>, subject=prova finale relay, flags=(\Seen)
May 21 21:15:35 ns8 roundcubemail-app[3812]: 10.0.2.100 - - [21/May/2024:19:15:34 +0000] "POST /?_task=mail&_unlock=loading1716318934450&_framed=1&_lang=en HTTP/1.1" 200 894 "https://pegana.duckdns.org/?_task=mail&_action=compose&_id=525759339664cf2c21d5d0&_extwin=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
May 21 21:15:35 ns8 traefik[2344]: 192.168.3.2 - - [21/May/2024:19:15:34 +0000] "POST /?_task=mail&_unlock=loading1716318934450&_framed=1&_lang=en HTTP/1.1" 200 346 "-" "-" 21751 "roundcubemail1-https@file" "http://127.0.0.1:20011" 1066ms
May 21 21:15:35 ns8 dovecot[131693]: imap(francesco)<219><x7l3pPsY3KQKBQQB>: Disconnected: Logged out in=940 out=760 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
May 21 21:15:35 ns8 samba-dc[3110]: TLS ../../source4/lib/tls/tls_tstream.c:1378 - Decryption has failed.
May 21 21:15:35 ns8 postfix/smtp[132692]: connect to smtp-mail.outlook.com[2603:1026:c09:82f::6]:587: Network unreachable
May 21 21:15:35 ns8 samba-dc[3110]: TLS ../../source4/lib/tls/tls_tstream.c:1378 - Decryption has failed.
May 21 21:15:35 ns8 samba-dc[3110]: TLS ../../source4/lib/tls/tls_tstream.c:1378 - Decryption has failed.
May 21 21:15:35 ns8 postfix/smtp[132692]: Untrusted TLS connection established to smtp-mail.outlook.com[52.98.200.230]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (secp384r1) server-signature RSA-PSS (2048 bits) server-digest SHA256
May 21 21:15:36 ns8 postfix/smtp[132692]: AD1EAB5AC0: to=<xxxxxxxx@icloud.com>, relay=smtp-mail.outlook.com[52.98.200.230]:587, delay=2.2, delays=0.74/0.01/1.1/0.32, dsn=2.0.0, status=sent (250 2.0.0 OK <AS8P251MB01206BC3B9EE80AB3029F5B3B2EA2@AS8P251MB0120.EURP251.PROD.OUTLOOK.COM> [Hostname=AS8P251MB0120.EURP251.PROD.OUTLOOK.COM])

1 Like

I deleted the snap . Can I leave your update that I assume will be updated when you release the correct version? Thank you .

2 Likes