1 Topic by thrustnetworks

  • thrustnetworks
  • Member
  • Offline
  • Registered: 2016-08-07
  • Posts: 3

Topic: RelayHost (mailgun.org)

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Ubuntu 14.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:

Aug  6 15:59:25 jonah postfix/smtp[23623]: Untrusted TLS connection established to smtp.mailgun.org[173.203.37.114]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  6 15:59:25 jonah postfix/smtp[23623]: warning: SASL authentication failure: No worthy mechs found
Aug  6 15:59:25 jonah postfix/smtp[23623]: 4867D32C4AE7: SASL authentication failed; cannot authenticate to server smtp.mailgun.org[173.203.37.114]: no mechanism available
Aug  6 15:59:25 jonah postfix/smtp[23623]: Untrusted TLS connection established to smtp.mailgun.org[104.130.177.23]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  6 15:59:25 jonah postfix/smtp[23623]: warning: SASL authentication failure: No worthy mechs found

====

I have followed a few of the guides here and around to setup a way to route customers who want to use Mailgun type services - however it won't authenticate. I've looked at the following:

http://www.iredmail.org/forum/topic1048 … eebsd.html
https://community.rackspace.com/products/f/28/t/3897
http://www.cyberciti.biz/faq/postfix-mu … tp-client/

All have similar options, but no matter what I do, always fails - currently I have just have the following:

main.cf (appended to the bottom of file):
#smtp_sasl_auth_enable = yes
#smtp_sasl_security_options = noanonymous
#smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
#sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
#smtp_always_send_ehlo = yes
#relayhost = [smtp.mailgun.org]:587
#smtp_sender_dependent_authentication = yes

In live mode it's uncommented - relayhost_map contains several domains using the format:
@domain.com [smtp.mailgun.org]:587

And the saslpasswd similarly:
@domain.com username@domain:password

Nothing works, and I know postfix complains because I think some of the configuration is already in use - Any suggestions for getting this working?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: RelayHost (mailgun.org)

Try these Postfix parameters in main.cf:

# TLS support
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes

You use port 587 for relay, it requires TLS support.

And here's Mailgun official doc: https://documentation.mailgun.com/user_ … smtp-relay

3 Reply by thrustnetworks

  • thrustnetworks
  • Member
  • Offline
  • Registered: 2016-08-07
  • Posts: 3

Re: RelayHost (mailgun.org)

ZhangHuangbin wrote:

Try these Postfix parameters in main.cf:

# TLS support
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes

You use port 587 for relay, it requires TLS support.

And here's Mailgun official doc: https://documentation.mailgun.com/user_ … smtp-relay

All of those are set in the default config it seems - Do I need to disable the dovecot sasl support?

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1
smtpd_use_tls = yes

Seems like it should all just work, re-checked passwords and logins, all work, just can't use a singular login for several domains.

The issue is RBL's and such, I've monitored and don't see ANY spam coming out from these select few domains (5 in total) bought the backend to make it easier to manage, so investing into this trying to make a easy & workable mail solution - just Microsoft, AOL, and AT&T all seem to hate on servers quite quickly :-(

Any suggestions for better deliverability and getting Mailgun working are appreciated.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: RelayHost (mailgun.org)

thrustnetworks wrote:

Aug  6 15:59:25 jonah postfix/smtp[23623]: warning: SASL authentication failure: No worthy mechs found
Aug  6 15:59:25 jonah postfix/smtp[23623]: 4867D32C4AE7: SASL authentication failed; cannot authenticate to server smtp.mailgun.org[173.203.37.114]: no mechanism available

According to the log, seems Mailgun server doesn't support your Postfix settings. It's better to contact Mailgun to get support.

5 Reply by thrustnetworks

  • thrustnetworks
  • Member
  • Offline
  • Registered: 2016-08-07
  • Posts: 3

Re: RelayHost (mailgun.org)

I actually read through a ton of RackSpace's guides and found that when they suggest you install postfix to install the SASL goodies:

apt-get install postfix libsasl2-modules

I cut out the postfix install, left the modules but continued with the adjustments to their config:

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
#sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtp_always_send_ehlo = yes
#relayhost = [smtp.mailgun.org]:587
smtp_sender_dependent_authentication = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_sasl_mechanism_filter = AUTH LOGIN

I made a TLS policy as well as some docs say to use it per-account, and it's basically domain.com may - but I left out the relayhost_map because I just using the Relay option in iRedMail and put in smtp.mailgun.org:587 - life is good!

Hopefully this will help someone else on Ubuntu down the road if they are in a multi-domain situation too!