1 (edited by iredmailnerd 2010-07-01 22:33:53)

Topic: Strange Behavior with SMTP Authentication

I have a user who is no longer able to relay mail via my iRedMail server.  It was working several days ago but his ability to do so has stopped. 

The strange thing is, the user can successfully log in to Roundcube.  His first error message was "Client host rejected:  Access denied."  Then he got, "Relay access denied."  Now he repeatedly gets "Client host rejected:  Access denied."

I tested the user name and password by telnetting to port 587 and using AUTH PLAN <encrypted username and password> but got a response of "Authentication failed" in the telnet session but I didn't see any indication of this failure in /var/log/mail.info.  However, I could immediately go to Roundcube and login successfully.  Any ideas on what could cause this behavior?

The user has another e-mail account set up and when I tested that username and password via telnet, the authentication was successful.  I could then use that user name and password to successfully relay mail from my test Postfix server through my production iRedMail server.  However, the user still could not successfully relay mail from his Exchange server through the production iRedMail server using the exact same user name and password to authenticate.  The mail.info log does not even show any SASL PLAIN authentication failures when he tries to relay mail but he gets the "Client host rejected:  Access denied" message.  It's as if something else is denying his connection before he even gets the chance to authenticate.

These are the options I have enabled for smtpd_recipient_restrictions:

     smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domains, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unauth_destination, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031

I've even checked the policyd blacklist tables and I don't see his ip address in any of them.

I hope someone can help me resolve this issue because I'm perplexed.

2

Re: Strange Behavior with SMTP Authentication

You need to troubleshoot this issue on both servers, with more detail log. Turn on debug mode if needed.

3

Re: Strange Behavior with SMTP Authentication

ZhangHuangbin wrote:

You need to troubleshoot this issue on both servers, with more detail log. Turn on debug mode if needed.

I agree.  I've asked the user to send me some screenshots of the settings on his Exchange server.  It seems as though there is something peculiar about the production server since I can't successfully authenticate via telnet but I can log in to Roundcube though.  Would you agree? 

As another test, even though it is the same as using telnet, I configured my home test server as a SMTP client and tried to use the same user name and password to relay mail via the production server but that failed too.  However, I can successfully log in to Roundcube with that same user name and password.

Why would authentication via Roudcube work and authentication via SMTP fail?

Thanks for your help.

4

Re: Strange Behavior with SMTP Authentication

Can you post the error maillog in your test server?