Share

Question

Hi, i’ve a problem with postfix sending mail between virtual domains in droplets.
I’ve 2 droplets with several domains in each droplet with virtualmin:
dropletA.domain.com -> domainA1.com
-> domainA2.com

dropletB.domain.com -> domainB1.com
-> domainB2.com

when i try to send mails between my domains there’s a problem… perhaps postfix try to send locally?¿:
Sending from domainA1 to domainB1:
SASL authentication failed; server <dropletB.domain.com> said: 535 5.7.8 Error: authentication failed: authentication failure

If I send to any external domain (gmail, hotmail, …) no problem.

Thanks!

Answer 1

JustSomeTech September 17, 2015

Hello,
First of all we can’t help you out easily when you don’t provide any information about your server. Once you ask a question, we need to know where we are dealing with to help you out. So what kind of server are you running, what configurations are you using? Atleast post the main.cf. Did you check your logs for any more information?

Reply Report

jpbarroso September 18, 2015

Hi!, sorry, the server is ubuntu, the default config. of virtualmin.
main.cf is:

See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

myorigin = /etc/mailname

smtpdbanner = $myhostname ESMTP $mailname (Ubuntu)
biff = no

appending .domain is the MUA’s job.

appenddotmydomain = no

Uncomment the next line to generate “delayed mail” warnings

delaywarningtime = 4h

readme_directory = no

TLS parameters

smtpdtlscertfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpdtlskeyfile=/etc/ssl/private/ssl-cert-snakeoil.key
smtpdusetls=yes
smtpdtlssessioncachedatabase = btree:${datadirectory}/smtpdscache
smtptlssessioncachedatabase = btree:${datadirectory}/smtpscache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

information on enabling SSL in the smtp client.

myhostname = xxxx
aliasmaps = hash:/etc/aliases
aliasdatabase = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailboxcommand = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailboxsizelimit = 0
recipientdelimiter = +
virtualaliasmaps = hash:/etc/postfix/virtual
senderbccmaps = hash:/etc/postfix/bcc
homemailbox = Maildir/
smtpdsaslauthenable = yes
smtpdsaslsecurityoptions = noanonymous
brokensaslauthclients = yes
smtpdrecipientrestrictions = permitmynetworks permitsaslauthenticated rejectunauthdestination checkpolicyservice inet:127.0.0.1:10023
allowpercenthack = no
milterdefaultaction = accept
milterprotocol = 2
smtpdmilters = inet:localhost:8891
nonsmtpdmilters = inet:localhost:8891
maximalqueuelifetime = 2d
transportmaps = hash:/etc/postfix/transport
smtpsaslauthenable = yes
smtpsaslpasswordmaps = static:user:pass
smtpsaslsecurity_options = noanonymous

And the logs:
When i send a mail to any external domain: (gmail, hotmail) OK:
Sep 9 20:58:49 prod postfix/smtp[22713]: 83F7B807A8: to=xxx@gmail.com, orig_to=<yyyyy>, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=13, delays=12/0.01/0.67/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK 1441825128 n6si2883743wjq.53 - gsmtp)

But if i send a mail to a domain of dropletb… ¿it looks like tries to login to the server?
Sep 17 11:41:15 prod postfix/smtp[20550]: E5D908087C: to=xxxx@domaindropletb, relay=dropletb.domain.com[x.x.x.x]:25, delay=2.1, delays=0.05/0.02/2.1/0, dsn=4.7.8, status=deferred (SASL authentication failed; server dropletb.domain.com[x.x.x.x]: said: 535 5.7.8 Error: authentication failed: authentication failure)
probably is because my droplet’s name share the same domain?
droplet1: hostname (dropletA.domain.com)
droplet2:hostname (dropletB.domain.com)

thanks!
Reply Report
- JustSomeTech September 20, 2015
  
  What do you have inside your SASL smtpd.conf ?
  Please post it in a code block. Its easier to read then
  
  Reply Report
  
  jpbarroso September 20, 2015
  
  just:
  
  pwcheck_method: saslauthd mech_list: plain login
  
  Reply Report
  
  jpbarroso September 20, 2015
  
  in both droplets (dropletA.domain.com, dropletB.domain.com) the problem is.... why is trying authenticate in mail server of dropletb? I’ve a problem with smtpd concepts… if send to gmail, hotmail no problem, send to domain of dropletb tries authenticate? How can I say that mails send to a certain domain must not be treated as local/trying to authenticate?
  
  thanksss!
  
  Reply Report

Answer 2

jpbarroso September 18, 2015

Hi!, sorry, the server is ubuntu, the default config. of virtualmin.
main.cf is:

See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

myorigin = /etc/mailname

smtpdbanner = $myhostname ESMTP $mailname (Ubuntu)
biff = no

appending .domain is the MUA’s job.

appenddotmydomain = no

Uncomment the next line to generate “delayed mail” warnings

delaywarningtime = 4h

readme_directory = no

TLS parameters

smtpdtlscertfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpdtlskeyfile=/etc/ssl/private/ssl-cert-snakeoil.key
smtpdusetls=yes
smtpdtlssessioncachedatabase = btree:${datadirectory}/smtpdscache
smtptlssessioncachedatabase = btree:${datadirectory}/smtpscache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

information on enabling SSL in the smtp client.

myhostname = xxxx
aliasmaps = hash:/etc/aliases
aliasdatabase = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailboxcommand = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailboxsizelimit = 0
recipientdelimiter = +
virtualaliasmaps = hash:/etc/postfix/virtual
senderbccmaps = hash:/etc/postfix/bcc
homemailbox = Maildir/
smtpdsaslauthenable = yes
smtpdsaslsecurityoptions = noanonymous
brokensaslauthclients = yes
smtpdrecipientrestrictions = permitmynetworks permitsaslauthenticated rejectunauthdestination checkpolicyservice inet:127.0.0.1:10023
allowpercenthack = no
milterdefaultaction = accept
milterprotocol = 2
smtpdmilters = inet:localhost:8891
nonsmtpdmilters = inet:localhost:8891
maximalqueuelifetime = 2d
transportmaps = hash:/etc/postfix/transport
smtpsaslauthenable = yes
smtpsaslpasswordmaps = static:user:pass
smtpsaslsecurity_options = noanonymous

And the logs:
When i send a mail to any external domain: (gmail, hotmail) OK:
Sep 9 20:58:49 prod postfix/smtp[22713]: 83F7B807A8: to=xxx@gmail.com, orig_to=<yyyyy>, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=13, delays=12/0.01/0.67/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK 1441825128 n6si2883743wjq.53 - gsmtp)

But if i send a mail to a domain of dropletb… ¿it looks like tries to login to the server?
Sep 17 11:41:15 prod postfix/smtp[20550]: E5D908087C: to=xxxx@domaindropletb, relay=dropletb.domain.com[x.x.x.x]:25, delay=2.1, delays=0.05/0.02/2.1/0, dsn=4.7.8, status=deferred (SASL authentication failed; server dropletb.domain.com[x.x.x.x]: said: 535 5.7.8 Error: authentication failed: authentication failure)
probably is because my droplet’s name share the same domain?
droplet1: hostname (dropletA.domain.com)
droplet2:hostname (dropletB.domain.com)

thanks!
Reply Report
- JustSomeTech September 20, 2015
  
  What do you have inside your SASL smtpd.conf ?
  Please post it in a code block. Its easier to read then
  
  Reply Report
  
  jpbarroso September 20, 2015
  
  just:
  
  pwcheck_method: saslauthd mech_list: plain login
  
  Reply Report
  
  jpbarroso September 20, 2015
  
  in both droplets (dropletA.domain.com, dropletB.domain.com) the problem is.... why is trying authenticate in mail server of dropletb? I’ve a problem with smtpd concepts… if send to gmail, hotmail no problem, send to domain of dropletb tries authenticate? How can I say that mails send to a certain domain must not be treated as local/trying to authenticate?
  
  thanksss!
  
  Reply Report

Question

postfix headaches - send mails between different droplets, same hostname.

Leave a comment

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

myorigin = /etc/mailname

appending .domain is the MUA’s job.

Uncomment the next line to generate “delayed mail” warnings

delaywarningtime = 4h

TLS parameters

information on enabling SSL in the smtp client.

Looking for something else?

Share

Share your Question

Question

postfix headaches - send mails between different droplets, same hostname.

Leave a comment

See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

myorigin = /etc/mailname

appending .domain is the MUA’s job.

Uncomment the next line to generate “delayed mail” warnings

delaywarningtime = 4h

TLS parameters

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

information on enabling SSL in the smtp client.

Related

question

Ubuntu mail server using ISPConfig 3 setup errors

question

Should sending email via sendmail result in a long wait?

question

How to route mail (Dovecot, Postfix setup ) to Office 365 - same domain

question

I receive emails, but I can't send

Looking for something else?

Almost there!