Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL? - BSD

This is a discussion on Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL? - BSD ; I have a server that runs OpenBSD 4.1, and a laptop running Windows. I want to use Thunderbird on the laptop to send mail via the server. I would like to use port 587, since my isp blocks port 25. ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL?

  1. Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL?

    I have a server that runs OpenBSD 4.1, and a laptop running Windows. I want
    to use Thunderbird on the laptop to send mail via the server.

    I would like to use port 587, since my isp blocks port 25.
    I want to use my username/password to authenticate.
    I want to use TLS to protect the password.

    I get the dreaded 'Relaying denied. Proper authentication needed.'

    The relevant parts of the mc file looks like this

    dnl
    dnl TLS/SSL support; uncomment and read starttls(8) to use.
    dnl
    define(`CERT_DIR', `/etc/ssl')dnl
    define(`confCACERT_PATH', `CERT_DIR')dnl
    define(`confCACERT', `CERT_DIR/CAcert.pem')dnl
    define(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
    define(`confSERVER_KEY', `CERT_DIR/private/sendmail.pem')dnl
    define(`confCLIENT_CERT', `CERT_DIR/sendmailcert.pem')dnl
    define(`confCLIENT_KEY', `CERT_DIR/private/sendmail.pem')dnl
    dnl SMTP AUTH
    define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl
    TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
    define(`confAUTH_OPTIONS', `A p')dnl

    Googling gives a lot of references to SASL. Do I really have to go
    down that road to do something as simple as this?

    --
    Fredrik Stax\"ang | rot13: sfgk@hcqngr.hh.fr
    This is all you need to know about vi: ESC : q ! RET

  2. Re: Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL?

    "Fredrik Staxeng" wrote in message
    news:1mlke3njpj.fsf@Psilocybe.Update.UU.SE...
    >I have a server that runs OpenBSD 4.1, and a laptop running Windows. I
    >want
    > to use Thunderbird on the laptop to send mail via the server.
    >
    > I would like to use port 587, since my isp blocks port 25.


    Whoa. It's likely that your ISP blocks port 25 incoming to you - i.e.
    they won't let you *receive* mail directly on your machine. But it's
    highly unlikely that they would block port 25 outgoing - i.e. how else
    would you send mail via their mailserver?

    In any case: almost certainly the "relaying denied" error is because you
    don't have your subnet (and possibly your domain) in
    /etc/mail/relay-domains. Assuming you're on a 192.168.x.x subnet, try
    adding "192.168" to relay-domains on a line on its own. (I also add my
    domain - i.e. the domain part of my outgoing email address) to
    relay-domains, and local-host-names, but I'm not sure this is strictly
    necessary.)

    If I'm wrong, I'm sure there'll be a cluebat along in a moment.

    Steve
    http://www.fivetrees.com



  3. Re: Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL?

    "Steve at fivetrees" writes:

    >"Fredrik Staxeng" wrote in message
    >news:1mlke3njpj.fsf@Psilocybe.Update.UU.SE...
    >>I have a server that runs OpenBSD 4.1, and a laptop running Windows. I
    >>want
    >> to use Thunderbird on the laptop to send mail via the server.
    >>
    >> I would like to use port 587, since my isp blocks port 25.

    >
    >Whoa. It's likely that your ISP blocks port 25 incoming to you - i.e.
    >they won't let you *receive* mail directly on your machine. But it's
    >highly unlikely that they would block port 25 outgoing - i.e. how else
    >would you send mail via their mailserver?


    They block port 25 except to their mail server. The server is not
    connected to that ISP (forgot to mention that).


    >In any case: almost certainly the "relaying denied" error is because you
    >don't have your subnet (and possibly your domain) in
    >/etc/mail/relay-domains. Assuming you're on a 192.168.x.x subnet, try
    >adding "192.168" to relay-domains on a line on its own. (I also add my
    >domain - i.e. the domain part of my outgoing email address) to
    >relay-domains, and local-host-names, but I'm not sure this is strictly
    >necessary.)


    But I don't want to that, since I want to be able to send mail from
    whichever IP my laptop gets from whatever connection it is using.

    >If I'm wrong, I'm sure there'll be a cluebat along in a moment.
    >
    >Steve
    >http://www.fivetrees.com
    >
    >


    --
    Fredrik Stax\"ang | rot13: sfgk@hcqngr.hh.fr
    This is all you need to know about vi: ESC : q ! RET

  4. Re: Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL?

    "Fredrik Staxeng" wrote in message
    news:1mhcoqookn.fsf@Psilocybe.Update.UU.SE...
    > "Steve at fivetrees" writes:
    >
    >>"Fredrik Staxeng" wrote in message
    >>news:1mlke3njpj.fsf@Psilocybe.Update.UU.SE...
    >>>I have a server that runs OpenBSD 4.1, and a laptop running Windows.
    >>>I
    >>>want
    >>> to use Thunderbird on the laptop to send mail via the server.
    >>>
    >>> I would like to use port 587, since my isp blocks port 25.

    >>
    >>Whoa. It's likely that your ISP blocks port 25 incoming to you - i.e.
    >>they won't let you *receive* mail directly on your machine. But it's
    >>highly unlikely that they would block port 25 outgoing - i.e. how else
    >>would you send mail via their mailserver?

    >
    > They block port 25 except to their mail server. The server is not
    > connected to that ISP (forgot to mention that).


    My point still stands, I think. Port 25 incoming is distinct from port
    25 outgoing.

    >>In any case: almost certainly the "relaying denied" error is because
    >>you
    >>don't have your subnet (and possibly your domain) in
    >>/etc/mail/relay-domains. Assuming you're on a 192.168.x.x subnet, try
    >>adding "192.168" to relay-domains on a line on its own. (I also add my
    >>domain - i.e. the domain part of my outgoing email address) to
    >>relay-domains, and local-host-names, but I'm not sure this is strictly
    >>necessary.)

    >
    > But I don't want to that, since I want to be able to send mail from
    > whichever IP my laptop gets from whatever connection it is using.


    Maybe I'm completely misunderstanding your server setup. From context I
    presume your server is connected to the Internet on one side, and to
    your LAN on the other. I presume yuor laptop picks up an IP address via
    DHCP from the server. If this is correct, then again my comment stands:
    you need to declare the entire LAN as "safe" to relay-domains.

    If this is not correct, then please describe your setup in a bit more
    detail.

    Steve
    http://www.fivetrees.com



  5. Re: Relaying denied. Trying to do TLS+SMTP AUTH. Do I really need SASL?

    "Steve at fivetrees" writes:

    >If this is not correct, then please describe your setup in a bit more
    >detail.
    >


    I have a server with a decent connection to the internet. Own IP,
    no filters or restrictions. I run OpenBSD on that one, since security
    holes get exploited quickly and used. This has happened, but that was some
    years ago when it was running Linux.

    The I have a laptop which I carry with me quite a lot of time. Mostly I
    connect at work and at home. Sometimes I connect via other network, e.g.
    a friends home network, or a public WLAN.

    This is basically yor standard roaming scenario. The README in
    /usr/share/sendmail says that you should use SMTP AUTH and STARTTLS
    for this.

    --
    Fredrik Stax\"ang | rot13: sfgk@hcqngr.hh.fr
    This is all you need to know about vi: ESC : q ! RET

+ Reply to Thread