One thing I notice is that you are using port 25 instead of 587. I tried changing to port 25 in my main.cf and sasl_passwd files but get
Aug 16 13:38:13 RichCookHomeMac postfix/pickup[48887]: 70CEC29CB543: uid=0 from=<root> Aug 16 13:38:13 RichCookHomeMac postfix/cleanup[48903]: 70CEC29CB543: message-id=<20140816203813.70cec29cb...@richcook.net> Aug 16 13:38:13 RichCookHomeMac postfix/qmgr[48886]: 70CEC29CB543: from=<r...@richcook.net>, size=332, nrcpt=1 (queue active) Aug 16 13:38:13 RichCookHomeMac postfix/smtp[48905]: connect to smtp.comcast.net[2001:558:fe2d:70::30]:25: No route to host Aug 16 13:38:43 RichCookHomeMac postfix/smtp[48905]: connect to smtp.comcast.net[76.96.40.155]:25: Operation timed out Aug 16 13:38:43 RichCookHomeMac postfix/smtp[48905]: 70CEC29CB543: to=<wealthyc...@gmail.com>, relay=none, delay=30, delays=0.02/0.02/30/0, dsn=4.4.1, status=deferred (connect to smtp.comcast.net[76.96.40.155]:25: Operation timed out) On Aug 16, 2014, at 3:24 AM, Patrick Ben Koetter <p...@sys4.de> wrote: > The other side offers only PLAIN and LOGIN: > > $ telnet 76.96.40.155 25 > Trying 76.96.40.155... > Connected to 76.96.40.155. > Escape character is '^]'. > 220 omta20.emeryville.ca.mail.comcast.net comcast ESMTP server ready > EHLO foo > 250-omta20.emeryville.ca.mail.comcast.net hello [37.5.251.161], pleased to > meet you > 250-HELP > 250-AUTH LOGIN PLAIN > 250-SIZE 36700160 > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-STARTTLS > 250 OK > QUIT > 221 2.0.0 omta20.emeryville.ca.mail.comcast.net comcast closing connection > > > PLAIN and LOGIN are disabled on Postfix smtp client side by default, because > their usage may be insecure over an unencrypted transport - PLAIN and LOGIN do > not crypt, but only encode username and password: > > smtp_sasl_security_options = noplaintext, noanonymous > smtp_sasl_tls_security_options = $smtp_sasl_security_options > smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_option > > Change Postfix' SASL policy for TLS shielded connections and it will work: > > smtp_sasl_security_options = noplaintext, noanonymous > smtp_sasl_tls_security_options = noanonymous > > p@rick > > > > * Rich Cook <wealthyc...@gmail.com>: >> Hello, I am having a maddening problem. I have googled of course for >> answers, but I cannot figure out exactly what the issue is. >> I am trying to put the final touches on my postfix/fetchmail setup. Mostly >> it's working but the crucial piece I'm missing is the ability to send mail >> to other hosts through my comcast relay from the command line. >> >> I can send mail from my mail client but not from the command line via >> sendmail, which I would like very much to be able to do. There is just some >> little SASL detail or something going on here that I'm missing. I could use >> a good pair of eyes for help! >> >> To put it in a nutshell, here is what I'm seeing in the logs when I do >> "postfix flush": >> Note that I can telnet to smtp.comcast.net 587 and make a connection, so I >> am ignoring "no route to host" messages at the moment. Especially since you >> can see it does connect. Config logs are below. Sorry for the long >> message, but I'm hopefully anticipating the questions a knowledgable expert >> might ask of me. :-) >> >> I can ramp up the verbosity but you probably get the idea. >> Warm thanks for any help! >> >> ================================================================================ >> ============= >> # LOG FILE CONTENTS: >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: 810762983FD0: >> from=<***>, size=332, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: AED65298168E: >> from=<***>, size=327, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: AF585298168F: >> from=<***>, size=327, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: C873A29816BA: >> from=<***>, size=306, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: CFE0E2983B7C: >> from=<***>, size=302, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: D71C029816E8: >> from=<***>, size=307, nrcpt=1 (queue active) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61130]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61133]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61132]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61132]: CFE0E2983B7C: to=<***>, >> relay=smtp.comcast.net[76.96.40.155]:587, delay=1844, delays=1844/0/0.09/0, >> dsn=4.0.0, status=deferred (host smtp.comcast.net[76.96.40.155] refused to >> talk to me: 421 omta14.emeryville.ca.mail.comcast.net comcast Too many >> sessions opened) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61130]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61133]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61131]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61134]: Untrusted TLS >> connection established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61130]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61130]: AED65298168E: to=<***>, >> relay=smtp.comcast.net[76.96.40.155]:587, delay=190442, >> delays=190441/0/0.39/0, dsn=4.7.0, status=deferred (SASL authentication >> failed; cannot authenticate to server smtp.comcast.net[76.96.40.155]: no >> mechanism available) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61133]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61133]: 810762983FD0: to=<***>, >> relay=smtp.comcast.net[76.96.40.155]:587, delay=1162, delays=1161/0/0.4/0, >> dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate >> to server smtp.comcast.net[76.96.40.155]: no mechanism available) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: AF585298168F: SASL >> authentication failed; cannot authenticate to server >> smtp.comcast.net[76.96.40.155]: no mechanism available >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: warning: SASL >> authentication failure: No worthy mechs found >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: C873A29816BA: SASL >> authentication failed; cannot authenticate to server >> smtp.comcast.net[76.96.40.155]: no mechanism available >> Aug 15 12:48:28 RichCookHomeMac postfix/error[61137]: D71C029816E8: >> to=<***>, relay=none, delay=190645, delays=190645/0.41/0/0, dsn=4.7.0, >> status=deferred (delivery temporarily suspended: SASL authentication failed; >> cannot authenticate to server smtp.comcast.net[76.96.40.155]: no mechanism >> available) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: AF585298168F: to=<***>, >> relay=none, delay=190350, delays=190349/0/0.42/0, dsn=4.4.1, status=deferred >> (connect to smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host) >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: connect to >> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host >> Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: C873A29816BA: to=<***>, >> relay=none, delay=190865, delays=190864/0/0.43/0, dsn=4.4.1, status=deferred >> (connect to smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host) >> >> >> ================================================================================ >> ============= >> # main.cf: >> mydomain_fallback = localhost >> # message_size_limit = 10485760 # commented out by Rich >> biff = no >> #mynetworks = 127.0.0.0/8, [::1]/128 >> #smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >> permit >> recipient_delimiter = + >> smtpd_tls_ciphers = medium >> inet_protocols = all >> inet_interfaces = loopback-only >> #====================================================================== >> # Rich Cook mods: >> message_size_limit = 0 >> >> relayhost=[smtp.comcast.net]:587 >> smtp_sasl_auth_enable=yes >> smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd >> smtp_use_tls = yes >> >> smtpd_sasl_auth_enable=yes >> smtpd_use_pw_server=yes >> enable_server_options=yes >> smtpd_pw_server_security_options=plain, login >> smtp_tls_loglevel=1 >> smtpd_sasl_security_options=noanonymous >> smtp_tls_security_level=encrypt >> broken_sasl_auth_clients=yes >> # commented out as I do not fully understand yet, but does not fix to put it >> back in. >> # smtpd_recipient_restrictions=check_sender_access hash:/etc/postfix/access, >> check_client_access hash:/etc/postfix/access, permit_mynetworks, >> permit_sasl_authenticated, reject_unauth_destination, check_recipient_access >> hash:/etc/postfix/access >> smtpd_sasl_local_domain=$mydomain >> smtp_sasl_mechanism_filter = >> >> # ========================================================================= >> root@RichCookHomeMac (postfix ): ls -l /etc/postfix/ >> total 392 >> -rw-r--r-- 1 root wheel 11942 Feb 8 2014 LICENSE >> -rw-r--r-- 1 root wheel 1629 Feb 8 2014 TLS_LICENSE >> -rw-r--r-- 1 root wheel 20876 Feb 8 2014 access >> -rw-r--r-- 1 root wheel 16384 Aug 15 12:17 access.db >> -rw-r--r-- 1 root wheel 8830 Aug 15 12:28 aliases >> -rw-r--r-- 1 root wheel 8829 Jun 1 14:57 aliases.desktop >> -rw-r--r-- 1 root wheel 3548 Feb 8 2014 bounce.cf.default >> -rw-r--r-- 1 root wheel 11681 Feb 8 2014 canonical >> -rw-r--r-- 1 root wheel 44 Feb 8 2014 custom_header_checks >> -rw------- 1 root wheel 157 Aug 15 11:37 fetchmailrc >> -rw-r--r-- 1 root wheel 9904 Feb 8 2014 generic >> -rw-r--r-- 1 root wheel 21535 Feb 8 2014 header_checks >> -rw-r--r-- 1 root wheel 28864 Aug 15 12:43 main.cf >> -rw-r--r-- 1 root wheel 26970 Feb 8 2014 main.cf.default >> -rw-r--r-- 1 root wheel 26155 Jun 1 15:04 main.cf.upgradedMtnLion >> -rw-r--r-- 1 root wheel 27430 Feb 8 2014 main.cf~orig >> -rw-r--r-- 1 root wheel 1441 Feb 8 2014 makedefs.out >> -rw-r--r-- 1 root wheel 7443 Feb 8 2014 master.cf >> -rw-r--r-- 1 root wheel 7443 Feb 8 2014 master.cf.default >> -rw-r--r-- 1 root wheel 18473 Feb 8 2014 postfix-files >> -rw-r--r-- 1 root wheel 6816 Feb 8 2014 relocated >> -rw-r----- 1 root wheel 44 Aug 15 10:56 sasl_passwd >> -rw-r----- 1 root wheel 16384 Aug 15 12:18 sasl_passwd.db >> -rw-r--r-- 1 root wheel 12549 Feb 8 2014 transport >> -rw-r--r-- 1 root wheel 12494 Feb 8 2014 virtual >> >> Rich Cook >> wealthyc...@gmail.com >> >> ---------------------------------------------- >> If you don't laugh enough, you might have humorrhoids, which is an >> enlargement of the onus, and the only thing you can pass then is heavy >> judgment. -- Swami Beyondananda >> >> >> >> >> > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstraße 15, 81669 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > Rich Cook wealthyc...@gmail.com ---------------------------------------------- If you don't laugh enough, you might have humorrhoids, which is an enlargement of the onus, and the only thing you can pass then is heavy judgment. -- Swami Beyondananda
