Unable to validate smarthost settings

kiemosan · October 7, 2021, 4:13pm

NethServer Version: 7.9
Module: smarthost

Hi,

I need to update my smtp smarthost in settings but I am unable to save the change as the send test mail button always fails.

I have independently checked the details / credentials for the smart host and can use them to send mail from a regular email client.

I can’t find any reference to errors in the mail log or settings log.

How can I debug this problem please? Or can I just manually set the values in a file somewhere as I know they are correct.

Thanks

John

pike · October 7, 2021, 5:10pm

I used smarthost with several different mail providers, some picky… Winning the option to setup correctly, one way or another.s
Are you willing to share more info about your setup that’s working on your email client? Port, SSL/TLS, kind of the login (with or without special characters) and if there’s any special character into current password.

kiemosan · October 7, 2021, 6:26pm

I’m using the exact same provider I was using previously which worked ok, I just need to use new login details.

Port 2525
Host mail.smtp2go.com
SSL/TLS enabled.
No special chars in password/username.

kiemosan · October 7, 2021, 7:24pm

I’ve created an account with another smtp provider and this does not work either.

Help, I can’t send any emails!

kiemosan · October 7, 2021, 7:38pm

I have set up individual relays for each user to our smart host in the email application settings which has allowed us to send email again.

But still can’t add this relay to the general one in settings.

mrmarkuz · October 7, 2021, 9:21pm

Did you already try port 465, 25 or 587?

https://www.smtp2go.com/setup/

kiemosan · October 8, 2021, 7:58am

Yes and it does not work for any port I try which they support, 25, 2525, 587, 465.

But as I mentioned above I have found work around using individual relays per user, which does work.

Andy_Wismer · October 8, 2021, 8:33am

@kiemosan

Hi John

A simple test if something is specifically blocking your Server:

Install telnet…

yum -y install telnet

From the console (eg with SSH) test the connection:

telnet smtp.gmail.com 25

You should see something like this:

Terminate the connection by typing
quit

If not, either a router / firewall / your provider / something is blocking the communication from your server with GMail…

→ I’m assuming gmail is accessible from your site (US?).

My 2 cents
Andy

kiemosan · October 8, 2021, 8:49am

Hi Andy,

Sorry, clearly nothing is blocking the server I am using as the individual relays I have setup do work.

But anyway, here is the telnet output showing connectivity is fine.

[root@nethserver ~]# telnet mail.smtp2go.com 587
Trying 66.228.43.14…
Connected to mail.smtp2go.com.
Escape character is ‘^]’.
220 mail.smtp2go.com ESMTP Exim 4.94.2-S2G Fri, 08 Oct 2021 08:48:29 +0000

I am not using gmail as noted in above posts either.

Thanks

John

Andy_Wismer · October 8, 2021, 9:10am

Hi

gmail was only intended as a “generic” test, usually available globally…

Then it has something to do with SSL / TLS…

My 2 cents
Andy

kiemosan · October 8, 2021, 9:16am

SSL/TLS settings are exaclty as my individual relays so don’t feel that is explanation.

Is there anyway to view log output of the smarthost email test? Thats going to make things clear.

Or replicate test from command line?

dnutan · October 8, 2021, 1:18pm

Try again from the UI and check the browser console for errors and also /var/log/messages.
Or else, from command line you can save the smarthost settings. Check the example on the manual:

SmartHostAuth=disabled
SmartHostAuthStatus=disabled
SmartHostName=192.168.5.252
SmartHostPassword=password
SmartHostPort=25
SmartHostStatus=disabled
SmartHostTlsStatus=enabled
SmartHostUsername=ns1

Example:

config setprop postfix SmartHostName 192.168.5.252

and so on. Note the values are just examples not real values

pike · October 8, 2021, 3:02pm

Interesting that’s only 1 prop, which is SmartHostTlsStatus and not a separate one for SSL.
So…
With TLS enabled at least on ports 2525 (or 80, 25, 8025 or 587) (cfr Setup - SMTP2GO) should work.
Instead, it should not work with ports 465, 8465, and 443 because SSL is not selectable.

Moreover… Maybe smtp2go is “picky” about the agent, which might be different between server notifications and relay for users?

kiemosan · October 8, 2021, 3:07pm

@dnutan All I get in browser console is:

API exec: system-settings/execute
$  echo '{"action":"test-smarthost","SmartHostName":"mail.smtp2go.com","SmartHostPort":"587","SmartHostUsername":"itwerxout","SmartHostPassword":"EagleTangled21","SmartHostTlsStatus":true}' | /usr/bin/sudo /usr/libexec/nethserver/api/system-settings/execute | jq nethserver.js:41:17

But. Messages has:

[root@nethserver ~]# tail /var/log/messages
Oct  8 16:03:35 nethserver cockpit-bridge: < 501 <itwerxout>: sender address must contain a domain
Oct  8 16:03:35 nethserver cockpit-bridge: * MAIL failed: 501
Oct  8 16:03:35 nethserver cockpit-bridge: 0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
Oct  8 16:03:35 nethserver cockpit-bridge: > QUIT
Oct  8 16:03:35 nethserver cockpit-bridge: < 221 mail.smtp2go.com closing connection
Oct  8 16:03:35 nethserver cockpit-bridge: * Closing connection 0
Oct  8 16:03:35 nethserver cockpit-bridge: curl: (55) MAIL failed: 501

So looks like the test doesn’t submit a sender address properly?

mrmarkuz · October 8, 2021, 3:13pm

Did you already try to set a username with domain like user@domain.tld ?

kiemosan · October 8, 2021, 3:15pm

Yes, authentication fails.

[root@nethserver ~]# tail /var/log/messages
Oct  8 16:14:39 nethserver cockpit-bridge: < 250-SMTPUTF8
Oct  8 16:14:39 nethserver cockpit-bridge: < 250 HELP
Oct  8 16:14:39 nethserver cockpit-bridge: > AUTH CRAM-MD5
Oct  8 16:14:39 nethserver cockpit-bridge: 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< 334 PDIwOTQ0LjE2MzM3MDYwNzlAc210cGNvcnAuY29tPg==
Oct  8 16:14:39 nethserver cockpit-bridge: > am9obi5zYXZpZGdlQGl0d2VyeC5jby51ayBkYmZiM2M3NzE1YjhlMzg4NmU2ZGE4OTEzZTBhYzY5ZQ==
Oct  8 16:14:39 nethserver cockpit-bridge: < 535 Incorrect authentication data
Oct  8 16:14:39 nethserver cockpit-bridge: * Authentication failed: 535
Oct  8 16:14:39 nethserver cockpit-bridge: 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Oct  8 16:14:39 nethserver cockpit-bridge: * Closing connection 0
Oct  8 16:14:39 nethserver cockpit-bridge: curl: (67) Authentication failed: 535

kiemosan · October 8, 2021, 3:17pm

You can see it successfully authenticates when using the correct credentials:

Oct  8 16:12:58 nethserver cockpit-bridge: > aXR3ZXJ4b3V0IGM4ZWVhYWUwYTA3YTY0ZjYzNTdiZDMyNzNlOGMxMDg0
Oct  8 16:12:59 nethserver cockpit-bridge: < 235 Authentication succeeded
Oct  8 16:12:59 nethserver cockpit-bridge: 0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0> MAIL FROM:<itwerxout>
Oct  8 16:12:59 nethserver cockpit-bridge: < 501 <itwerxout>: sender address must contain a domain
Oct  8 16:12:59 nethserver cockpit-bridge: * MAIL failed: 501
Oct  8 16:12:59 nethserver cockpit-bridge: 0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
Oct  8 16:12:59 nethserver cockpit-bridge: > QUIT
Oct  8 16:12:59 nethserver cockpit-bridge: < 221 mail.smtp2go.com closing connection
Oct  8 16:12:59 nethserver cockpit-bridge: * Closing connection 0
Oct  8 16:12:59 nethserver cockpit-bridge: curl: (55) MAIL failed: 501

stephdl · October 8, 2021, 3:26pm

some question in bulk

do you have only one login and password for all users or each user needs to use his account to authenticate and send email ?

kiemosan · October 8, 2021, 3:38pm

A single username and password for all users.

stephdl · October 8, 2021, 3:38pm

It works at my first attemp in the user interface

echo '{"action":"test-smarthost","SmartHostName":"mail.smtp2go.com","SmartHostPort":"587","SmartHostUsername":"toto@domain.fr","SmartHostPassword":"password","SmartHostTlsStatus":true}' | /usr/bin/sudo /usr/libexec/nethserver/api/system-settings/execute | jq

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* About to connect() to mail.smtp2go.com port 587 (#0)
*   Trying 176.58.103.10...
* Connected to mail.smtp2go.com (176.58.103.10) port 587 (#0)
< 220 mail.smtp2go.com ESMTP Exim 4.94.2-S2G Fri, 08 Oct 2021 15:37:01 +0000
> EHLO firewall
< 250-mail.smtp2go.com Hello firewall [86.195.244.202]
< 250-SIZE 52428800
< 250-8BITMIME
< 250-DSN
< 250-PIPELINING
< 250-PIPE_CONNECT
< 250-AUTH CRAM-MD5 PLAIN LOGIN
< 250-CHUNKING
< 250-STARTTLS
< 250-PRDR
< 250-SMTPUTF8
< 250 HELP
> STARTTLS
< 220 TLS go ahead
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=*.smtp2go.com
* 	start date: May 30 00:00:00 2020 GMT
* 	expire date: Sep 01 00:00:00 2022 GMT
* 	common name: *.smtp2go.com
* 	issuer: CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
> EHLO firewall
< 250-mail.smtp2go.com Hello firewall [86.195.244.202]
< 250-SIZE 52428800
< 250-8BITMIME
< 250-DSN
< 250-PIPELINING
< 250-PIPE_CONNECT
< 250-AUTH CRAM-MD5 PLAIN LOGIN
< 250-CHUNKING
< 250-PRDR
< 250-SMTPUTF8
< 250 HELP
> AUTH CRAM-MD5
< 334 PDE5NzQ1LjE2MzM3MDc0MjFAc210cGNvcnAuY29tPg==
> dG90b0BkZS1sYWJydXNzZS5mciAwMmRhYjM5YWZkOTBkYjU0M2MwNzA4NGFjODExN2I2Yg==
< 235 Authentication succeeded
> MAIL FROM:<toto@domain.fr>
< 250 OK
> RCPT TO:<toto@domain.fr>
< 250 Accepted <toto@domain.fr>
> DATA
< 354 Enter message, ending with "." on a line by itself
} [data not shown]
< 250 OK id=1mYrvh-9EFPMX-Ju
  0     0    0     0    0   218      0    294 --:--:-- --:--:-- --:--:--   294
* Connection #0 to host mail.smtp2go.com left intact