Error when trying to send mail over smtp with Office 365 account - email

An application, which obviously uses Chilkat plugin, does not correctly send E-mails anymore using an Office 365 account. After a migration from on-premise exchange to Microsoft 365, the account and server settings were changed at end of March this year. Furthermore, client authentication needed to be disabled for the mailbox. After that, sending E-mails from the application had worked. Now, it again doesn't. Yesterday, one E-mail could successfully be sent after a computer restart - the next ones failed again.
I'm stuck to find the cause of the error and also I don't know, what data exactly is sent from the application during the connection, which makes the analysis more difficult.
I found this post mentioning that entries for TLS 1.0 need to be in the registry. Those were missing, but there were entries for TLS 1.2, so I didn't assume this is an issue, espccially because the entries concerning cryptography (also mentioned in the post) did already exist. In the meantime, I have added them nonetheless.
Below is the Chilkat Log, showing that - after the server is ready - the clientHandshake2 fails with error code 0x2746.
The support person of the application he couldn't find any problem and asked concerning that error code - what i assumed he should be able to examine. When I talked to him on the phone, I found out that he doesn't know more about Chilkat than I do. He mentioned an interesting point, which need to be double checked: As far as he was informed from the user directly - or how he had understood it - the error doesn't show up, if the user chooses another "Mandant" (client) in the application and sends E-mails from there.
Can someone help identify the cause of the error?
SendEmail:
DllDate: May 25 2017
ChilkatVersion: 9.5.0.68
UnlockPrefix: WERNERMAILQ
Architecture: Little Endian; 32-bit
Language: Visual C++ 2017 (32-bit)
VerboseLogging: 0
sendEmailInner:
renderToMime:
createEmailForSending:
Auto-generating Message-ID
--createEmailForSending
renderToMime: Elapsed time: 0 millisec
--renderToMime
sendMimeInner:
ensureSmtpSession:
ensureSmtpConnection:
SmtpHost: smtp.office365.com
SmtpPort: 587
SmtpUsername: edith.beer#halten.ch
SmtpSsl: 0
StartTLS: 1
smtpConnect:
smtpHostname: smtp.office365.com
smtpPort: 587
connectionIsReady:
Need new SMTP connection
--connectionIsReady
smtpSocketConnect:
socketOptions:
SO_SNDBUF: 262144
SO_RCVBUF: 4194304
TCP_NODELAY: 1
SO_KEEPALIVE: 1
--socketOptions
--smtpSocketConnect
smtpGreeting:
readSmtpResponse:
SmtpCmdResp: 220 AM0PR02CA0163.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 23 Aug 2021 11:51:12 +0000
--readSmtpResponse
--smtpGreeting
startTLS:
sendCmdToSmtp:
SmtpCmdSent: EHLO EWGH-N-FV<CRLF>
--sendCmdToSmtp
readSmtpResponse:
SmtpCmdResp: 250-AM0PR02CA0163.outlook.office365.com Hello [213.221.219.37]
SmtpCmdResp: 250-SIZE 157286400
SmtpCmdResp: 250-PIPELINING
SmtpCmdResp: 250-DSN
SmtpCmdResp: 250-ENHANCEDSTATUSCODES
SmtpCmdResp: 250-STARTTLS
SmtpCmdResp: 250-8BITMIME
SmtpCmdResp: 250-BINARYMIME
SmtpCmdResp: 250-CHUNKING
SmtpCmdResp: 250 SMTPUTF8
--readSmtpResponse
sendCmdToSmtp:
SmtpCmdSent: STARTTLS<CRLF>
--sendCmdToSmtp
readSmtpResponse:
SmtpCmdResp: 220 2.0.0 SMTP server ready
--readSmtpResponse
clientHandshake:
clientHandshake2:
readHandshakeMessages:
WindowsError: Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
WindowsErrorCode: 0x2746
maxToReceive: 5
Failed to receive data on the TCP socket
Failed to read beginning of SSL/TLS record.
b: 0
dbSize: 0
nReadNBytes: 0
idleTimeoutMs: 30000
--readHandshakeMessages
--clientHandshake2
--clientHandshake
Client handshake failed. (1)
connectionClosed: 0
Failed to establish TLS connection.
--startTLS
--smtpConnect
--ensureSmtpConnection
--ensureSmtpSession
--sendMimeInner
--sendEmailInner
Failed.
--SendEmail
--ChilkatLog
23.08.2021 13:48:27 -F- Beim Versand der Lohnabrechnung per Email an Mitarbeiter(in) Nadine Aeschlimann ist ein Fehler aufgetreten!

You are using an old version of Chilkat. Try testing with the latest version.

In the meantime we could solve it.
The reason was that the outgoing requests were blocked by the firewall. Strangely, a few of them went through, but not all. This is the reason why a network issue was initially not in the focus of our investigation.

Related

Mail delivery failed: returning message to sender (No such User here)

I have migrated my website and the email records to a new server (other provider). Everything was ok except that now when I want to send a message from my email (my email direction is the same), one of my clients can not receive my messages. I chatted with my client and his mails are ok, he is receiving mails without problems, as he said.
I reported the problem to my Hosting provider and they have changed the mail Exchanger from remote to local but it didn't finish with the problem. Someone knows what could be happening?
This is part of the message that appears:
"
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
peter#thisismyclientsdirection.com
No Such User Here
peter#thisismyclientsotherdirection.com
No Such User Here
Reporting-MTA: dns; cherry.theserversite.pro
Action: failed
Final-Recipient: rfc822;peter#thisismyclientsdirection.com
Status: 5.0.0
Action: failed
Final-Recipient: rfc822;peter#thisismyclientsotherdirection.com
Status: 5.0.0
Return-path: <comercial#mydomain.com>
Received: from [71.13.252.126] (port=58531 helo=[10.145.123.217])
by cherry.theserversite.pro with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.93)
(envelope-from <comercial#mydomain.com>)
id 1UZ6w-00EaD5-0h; Mon, 19 Oct 2020 13:38:33 -0400
To: peter#thisismyclientsdirection.com, peter#thisismyclientsotherdirection.com
From: comercial#mydomain.com
Subject: =?UTF-8?Q?Reenv=c3=ado_-_cotizaciones_mantenimiento?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
Content-Language: es-ES
X-Antivirus: Avast (VPS 201019-2, 19/10/2020), Outbound message
X-Antivirus-Status: Clean
X-Exim-DSN-Information: Due to administrative limits only headers are returned
"
Thanks,
I found the solution. The problem was that the other websites (the domains of my client) are inside my server and in the Email Routing section (it is in the Cpanel) of those websites, the domains were targeted as "Local server" or not targeted. Despite it, the email server for those domains don't were in my server then the system was confused. I just changed the target to "Remote servers" for both domains (the domains of my client) and the problem disappear.
I hope this explanation could be useful for other developer.
Anyway thank you,
TheJohnny

Connecting to Gmail SMTP via socket returns different responses per server

I am trying to understand why opening a socket to Gmail's server via SSL provides different responses for different servers. This is stopping me from connecting to Gmail for sending out emails.
Below is a very simple script:
<?php
$smtp_connect = fsockopen('ssl://smtp.googlemail.com', 465,
$errno,
$errstr,
300);
var_dump(fgets($smtp_connect, 512));
?>
On server 1 [no ssl cert installed], the output of the above code is: string(57) "220 smtp.googlemail.com ESMTP s89sm726209qkl.44 - gsmtp
"
On server 2 [ssl cert installed], the output of the above code is: string(71) "220-mycompany.pro.com ESMTP Exim 4.87 #1 Wed, 26 Oct 2016 07:42:49 -0400
"
Can anyone explain why this happens, and how can I make server 2 have the same behavior as server 1?
Update: I have also tried smtp.gmail.com, the output is same as using smtp.googlemail.com.
The line you get the the SMTP welcome message. It is perfectly normal that different servers give a different welcome message. It is even normal that the response to commands you send is different. This means that when communicating with an SMTP server you should not assume fixed strings as response but implement proper parsing of SMTP. See the SMTP standard (RFC 2821) for details about this protocol.

Sending spam mail from my postfix SMTP server

Long time user and first time poster on stack-overflow but I'm a bit stumped.
A few months ago I bought and set up a virtual machine running CentOS 6 so that I could host a few websites and a mail server for myself and a few clients. I set the entire thing up myself from the Unix knowledge I already had, including the mail server - which was at the time something I had never done before.
The mail server is working as intended, dovecot enforces IMAP logins and everything was running smoothly, until recently when I noticed one of the domains has been sending mail from un-registered users.
To give you an extract from the log at /var/log/maillog
s18646572 postfix/qmgr[3763]: 45A9520F2DF8A: from=<daisy_gibson#friendsdomain.uk>, size=1321, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: A98FC20F2D350: from=<regina_reeves#friendsdomain.uk>, size=1420, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: E45E820F2DD3A: from=<robyn_holland#friendsdomain.uk>, size=1334, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: AD06220F28246: from=<lorraine_murphy#friendsdomain.uk>, size=1393, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: DC00D1849D7CC: from=<kristine_gardner#friendsdomain.uk>, size=1401, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: 890EE20F28F2A: from=<mae_shaw#friendsdomain.uk>, size=1418, nrcpt=1 (queue active)
So from what I can gather somebody is using his domain "friendsdomain.uk" but also piggybacking on our SMTP server to send the mail, given that it's being deposited into our queue.
I found a tool online to help test SMTP relay and managed to configure some rules to prevent SMTP relays - at least through this tools. Users now need to be SASL authenticated in order to send mail.
However, the mail is still going out - postfix doesn't seem to be stopping the spam at all which leads me to believe that whoever is using the server is already authenticated. I've changed the passwords of all users but that doesn't seem to have halted the problem - and the logs don't indicate which user is being used to send the mail.
Extract of my postfix config below:
### SMTP Setup ###
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_sasl_authenticated, reject_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch, reject_unlisted_sender
I added the SMTP_sender restrictions following some other answers I found on the site - which seemingly prevented the relaying at least.
I paused the SMTP server and inspected a few of the mail items in the queue, extract below.
Subject: 1 New SnapF#ck AlertN=X-PHP-Originating-Script: 48:plugin.php(1959) : eval()'d codeN$
Date: Wed, 9 Dec 2015 22:02:26 +0000N5From: Kelly Fleming <kelly_fleming#friendsdomain.uk>N#Message-ID: <64b6713d232e7a4f88e85344aac5cc9c#friendsdomain.uk>N
X-Priority: 3w
0NCX-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)N
The headers indicate that whoever is doing this is using a PHP mailer
SO the problem still remains, people are sending spam using my SMTP server - I need a way to either user logins for the User logins, unless an account has been compromised in which case I need a way to find out which. I can't simply suspend the accounts as the genuine users still need access to their email - however now we're receiving so many hits that the TCP sockets are preventing other services from running.
Any advice would be greatly appreciated.
Thanks.
Solved the mystery (somewhat)
The mail was coming internally from one of our hosted sites. Either the site has been configured to use the SMTP with authentication or was not required to authenticate because it was on localhost.
The clue was in the sending error logs
Dec 10 11:35:15 s18646572 postfix/pickup[6439]: 9A7BA20F29112: uid=48 from=<sally_weaver#friendomain.uk>
The user id of the sender UID=48 indicated that it was a local user, and after checking the passwd file this was confirmed to be the apache user.
It is now evident that some part of the website hosted on frienddomain.uk is being exploited to send spam, and after suspending the website and restarting services the mail ceased.
The problem now is finding and removing the exploit, however if you wish you can disable the mail() function in your php.ini file.

POP3 RETR Command Missing +OK Response

I've been searching and testing for days now without any rational explanation for the following to happen:
I have a mail server which serves all our users and everyone is happily running on IMAP/POP3 access. I need to develop a utility to check POP3 e-mail and started getting errors retrieving mail. I set up the same pop account on my outlook and windows live mail and they couldn't download the e-mails either. I tried another PC and it downloaded just fine. After much debugging and searching, I found out that after sending the RETR command, there wasn't an "+OK" response on my pc but there was on the other pc. So I went down to telnet and sure as day my PC wasn't getting the +OK response on RETR, just the actual mail but I was getting it from every other pc I tried. I even booted up my win XP virtual pc and it has the same result as my pc. Here is an excerpt of the logs from mine and my test pc:
RETR with +OK:
+OK Welcome to MailEnable POP3 Server
USER devtest#x.com
+OK
PASS <Removed>
+OK
LIST
+OK 3 26743
1 2118
2 23949
3 676
.
UIDL
+OK
1 BE1F75CAE417453581CF11F16CF09989
2 846882DB63B54C9E91C4643AA5CCA1F5
3 A7BAFC28B04A493689A150F6D4CD7FD0
.
RETR 1
+OK 2118 octets
Received: from x ([x.x.60.10]) by x.net with MailEnab
le ESMTP; Sun, 28 Dec 2014 11:30:16 +0200
RETR with +OK missing:
+OK Welcome to MailEnable POP3 Server
USER devtest#x.com
+OK
PASS <Removed>
+OK
LIST
+OK 3 26743
1 2118
2 23949
3 676
.
UIDL
+OK
1 BE1F75CAE417453581CF11F16CF09989
2 846882DB63B54C9E91C4643AA5CCA1F5
3 A7BAFC28B04A493689A150F6D4CD7FD0
.
RETR 1
Received: from x ([x.x.60.10]) by x.net with MailEnab
le ESMTP; Sun, 28 Dec 2014 11:32:53 +0200
I'm now going to place another hard drive in my pc and install windows and telnet client and see what it does but I was hoping someone might have had some experience with this. It's only that one time that the +OK is missing, every other command has it showing as well as it being there on every other PC I try it on so it's only on my pc that it's missing.
Appreciate any thoughts or assistance!
Well loading a new hard drive worked perfectly as expected which led me to the fact that it must be something installed on my pc itself. Disabled the usual suspects (firewall and AV) and when that didn't work, I proceeded to close down every app running on my pc which possibly works with Ports and eventually narrowed the culprit down to the Fortinet VPN Client running on my PC. I don't have it's AV component enabled so I'm rather at a loss as to how it could be the reason for a single line on port 110 to go missing but if it's running then the +OK line is missing and if it's shut down then it appears.
I'm going to leave this question here in case it can help someone else and will also try post something to Fortinet as well.

SMTP authentication failure while using SendGrid/Gmail

I am getting SMTP Authentication Failure on the server and the mail is getting send via the server SMTP only...
It appears to be a server configuration or related problem, but I am not sure.
This is the debug details:
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Failed to authenticate password. Error: 535 Incorrect authentication data
from: 250 OK
to: 250 Accepted
data: 354 Enter message, ending with "." on a line by itself
250 OK id=1U8Pjp-0002As-FB
quit: 221 ************** closing connection
Your message has been successfully sent using the following protocol: smtp
While testing from my local system, this works and the email is being sent via sendgrid.me
Again, This may not be a SendGrid Problem, but if you have faced similar issue, Can you please tell me what is the problem here?
I am using CentOs and I have cPanel in the server. I believe we are using EXIM for mail server.
For anyone that comes across this in future and are using cpanel/whm, you need to 'disable' this option under 'SMTP Restrictions' in WHM.
I was able to resolve this.
The issue was my server was not allowing the use of external SMTP and using its own SMTP server. I changed the settings and now it works fine.
I am using centos 7 Finally it works!
I was getting this issue(tail -f /var/log/mailog):
to=<usmanali#example.com>, relay=smtp.sendgrid.net[169.45.113.201]:587, delay=0.3, delays=0.05/0.07/0.16/0.02, dsn=5.0.0, status=bounced (host smtp.sendgrid.net[169.45.113.201] said: 550 Unauthenticated senders not allowed (in reply to MAIL FROM command))
Then i changed file /etc/postfix/main.cf in this way that added following lines into end of file
mtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
mailbox_size_limit = 256000000
# Sendgrid Settings
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:apikey:SG.YOUR_SENDGRID_KEY
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587
Then Installing postfix missing module dependency using:
sudo yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
Then restarting postfix
sudo systemctl restart postfix.service