1

Topic: Can`t send mail from outlook

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: UBUNTU 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
====

When i send mail from web interface all is ok, but when i send from outlook i have this error from log:

Apr 25 11:50:16 mail postfix/postscreen[7937]: CONNECT from [XX.XX.XX.XX]:36742 to [YY.YY.YY.YY]:25
Apr 25 11:50:16 mail postfix/postscreen[7937]: PASS OLD [XX.XX.XX.XX]:36742
Apr 25 11:50:16 mail postfix/smtpd[7943]: warning: hostname XX.XX.XX.XX.chtts.ru does not resolve to address 95.81.200.63: Name or service not known
Apr 25 11:50:16 mail postfix/smtpd[7943]: connect from unknown[XX.XX.XX.XX]
Apr 25 11:50:16 mail postfix/smtpd[7943]: NOQUEUE: reject: RCPT from unknown[XX.XX.XX.XX]: 454 4.7.1 <neochapay@gmail.com>: Relay access denied; from=<postmaster@myserver.com> to=<neochapay@gmail.com> proto=ESMTP helo=<neochapay-thinkpad.localnet>

postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver
mailq_path = /usr/bin/mailq
message_size_limit = 15728640
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mail.myserver.com
myhostname = mail.myserver.com
mynetworks = all
myorigin = mail.myserver.com
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
postscreen_dnsbl_threshold = 10
postscreen_dnsbl_whitelist_threshold = -10
postscreen_greet_action = enforce
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000


cat /etc/postfix/main.cf                   
# --------------------
# INSTALL-TIME CONFIGURATION INFORMATION
#
# location of the Postfix queue. Default is /var/spool/postfix.
queue_directory = /var/spool/postfix

# location of all postXXX commands. Default is /usr/sbin.
command_directory = /usr/sbin

# location of all Postfix daemon programs (i.e. programs listed in the
# master.cf file). This directory must be owned by root.
# Default is /usr/libexec/postfix
daemon_directory = /usr/lib/postfix

# location of Postfix-writable data files (caches, random numbers).
# This directory must be owned by the mail_owner account (see below).
# Default is /var/lib/postfix.
data_directory = /var/lib/postfix

# owner of the Postfix queue and of most Postfix daemon processes.
# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
# Default is postfix.
mail_owner = postfix

# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases

# full pathname of the Postfix mailq command.  This is the Sendmail-compatible
# mail queue listing command.
mailq_path = /usr/bin/mailq

# group for mail submission and queue management commands.
# This must be a group name with a numerical group ID that is not shared with
# other accounts, not even with the Postfix account.
setgid_group = postdrop

# external command that is executed when a Postfix daemon program is run with
# the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

debug_peer_level = 2

# --------------------
# CUSTOM SETTINGS
#

# SMTP server response code when recipient or domain not found.
unknown_local_recipient_reject_code = 550

# Do not notify local user.
biff = no

# Disable the rewriting of "site!user" into "user@site".
swap_bangpath = no

# Disable the rewriting of the form "user%domain" to "user@domain".
allow_percent_hack = no

# Allow recipient address start with '-'.
allow_min_user = no

# Disable the SMTP VRFY command. This stops some techniques used to
# harvest email addresses.
disable_vrfy_command = yes

# Enable both IPv4 and IPv6.
inet_protocols = all

# Enable all network interfaces.
inet_interfaces = all

# Mailbox type
home_mailbox = Maildir/

#
# TLS settings.
#
# Disable SSLv3
#
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

#
# Fix 'The Logjam Attack'.
#
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem

# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext.
# References:
#   - http://www.postfix.org/TLS_README.html#client_tls_may
#   - http://www.postfix.org/postconf.5.html# … rity_level
smtp_tls_security_level = may
# Use the same CA file as smtpd.
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes

# hostname
myhostname = mail.myserver.com
myorigin = mail.myserver.com
mydomain = mail.myserver.com

# trusted SMTP clients which are allowed to relay mail through Postfix.
mynetworks = all

# Accepted local emails

mydestination = $myhostname, localhost, localhost.localdomain

# Reject unlisted sender and recipient
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes

# Header and body checks with PCRE table
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    check_helo_access pcre:/etc/postfix/helo_access.pcre

# Sender restrictions
#    reject_sender_login_mismatch
#smtpd_sender_restrictions =
#    reject_unknown_sender_domain
#    reject_non_fqdn_sender
#    reject_unlisted_sender
#    permit_mynetworks
#    permit_sasl_authenticated
#    check_sender_access pcre:/etc/postfix/sender_access.pcre

# Recipient restrictions
#smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated,
       permit_mynetworks,
       reject_unauth_destination,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient,
       reject_unknown_recipient_domain

#smtpd_recipient_restrictions =
#    permit_mynetworks
#    permit_sasl_authenticated
#    defer_unauth_destination
#    reject_unknown_recipient_domain
#    reject_non_fqdn_recipient
#    reject_unlisted_recipient
#    check_policy_service inet:127.0.0.1:7777
#    permit_mynetworks
#    permit_sasl_authenticated
#    reject_unauth_destination
#    check_client_access hash:/etc/postfix/rbl_override

# Data restrictions
smtpd_data_restrictions = reject_unauth_pipelining

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777

# The set of characters that can separate a user name from its extension
# (example: user+foo), or a .forward file name from its extension (example:
# .forward+foo).
# Postfix 2.11 and later supports multiple characters.
recipient_delimiter = +

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions

# Avoid duplicate recipient messages. Default is 'yes'.
enable_original_recipient = no

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

# Default message_size_limit.
message_size_limit = 15728640

# Virtual support.
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail

# Do not set virtual_alias_domains.
virtual_alias_domains =

#
# Enable SASL authentication
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

# Force TLS-encrypted SASL authentication.
smtpd_tls_auth_only = yes

smtpd_tls_security_level = may
smtpd_tls_loglevel = 0
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
tls_random_source = dev:/dev/urandom
#
# Lookup virtual mail accounts
#
transport_maps =
    proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf

smtpd_sender_login_maps =
    proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf

virtual_mailbox_domains =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf

relay_domains =
    $mydestination
    proxy:mysql:/etc/postfix/mysql/relay_domains.cf

virtual_mailbox_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
    proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
    proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
    proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf

sender_bcc_maps =
    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf

recipient_bcc_maps =
    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
postscreen_dnsbl_threshold = 10
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_blacklist_action = enforce
postscreen_dnsbl_whitelist_threshold = -10
#
# Dovecot SASL support.
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
mailbox_command = /usr/lib/dovecot/deliver
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Can`t send mail from outlook

Enable SMTP AUTH on your mail client application, and send email through port 587 with encryption method "TLS" (or STARTTLS) will fix this issue.

Port 25 is not used for end users to submit/send email.

3

Re: Can`t send mail from outlook

Apr 25 12:27:46 mail postfix/submission/smtpd[8396]: warning: hostname XX.XX.XX.XX.chtts.ru does not resolve to address XX.XX.XX.XX: Name or service not known
Apr 25 12:27:46 mail postfix/submission/smtpd[8396]: connect from unknown[XX.XX.XX.XX]
Apr 25 12:27:52 mail postfix/submission/smtpd[8396]: warning: unknown[XX.XX.XX.XX]: SASL PLAIN authentication failed:
Apr 25 12:27:52 mail postfix/submission/smtpd[8396]: lost connection after AUTH from unknown[XX.XX.XX.XX]
Apr 25 12:27:52 mail postfix/submission/smtpd[8396]: disconnect from unknown[XX.XX.XX.XX]

4

Re: Can`t send mail from outlook

you are still not using TLS

5

Re: Can`t send mail from outlook

neochapay wrote:

Apr 25 12:27:52 mail postfix/submission/smtpd[8396]: warning: unknown[XX.XX.XX.XX]: SASL PLAIN authentication failed:

It says "authentication failed". Do you have correct login username (full email address) and password in Outlook? Please double check it.

6

Re: Can`t send mail from outlook

it also says that if you dont use the right encryption.
So i could be that or wrong login credentials.

7

Re: Can`t send mail from outlook

if you are using ms outlook 2007 and above, go to file - account settings - email accounts - double click on the account - internet email settings tab - more settings - advanced -

change incoming IMAP to - SSL (993) and outgoing SMTP to auto. (25).

Also in out going server tab - mark - my outgoing server SMTP need auth and select radio button - use same setting as incoming mail server. click ok and test account settings.