"550 5.7.1 Relaying denied" sending via Mailgun with msmtp - email

Has anyone successfully set up msmtp with a Mailgun account? I keep getting "Relaying denied", and msmtp reports that the envelope from is invalid. I have tried every variation of the from address that I can think of, scoured Mailgun's documentation for details on their SMTP parameters, and searched the web for examples, and I've not found anything that differs from my setup (aside from server and account names, of course).
Here is my /etc/msmtprc file,
account default
# The SMTP smarthost
host smtp.mailgun.org
# Use TLS on port 465
port 465
tls on
tls_starttls off
user manul#mail.mydomain.net
password [snip]
from mailgun#mydomain.net
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
syslog LOG_MAIL
And the msmtp session:
$ echo 'Subject: Grfg' | msmtp -v 'aidalgol#example.net'
loaded system configuration file /etc/msmtprc
ignoring user configuration file /home/me/.msmtprc: No such file or directory
falling back to default account
using account default from /etc/msmtprc
host = smtp.mailgun.org
port = 465
source ip = (not set)
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = none
user = manul#mail.mydomain.net
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = off
tls_trust_file = system
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = mailgun#aidalgolland.net
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = (not set)
logfile_time_format = (not set)
syslog = LOG_MAIL
aliases = (not set)
reading recipients from the command line
TLS session parameters:
(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
TLS certificate information:
Owner:
Common Name: *.mailgun.org
Organization: MAILGUN TECHNOLOGIES\, INC
Organizational unit: MAILGUN TECHNOLOGIES\, INC
Locality: San Francisco
State or Province: California
Country: US
Issuer:
Common Name: Thawte TLS RSA CA G1
Organization: DigiCert Inc
Organizational unit: www.digicert.com
Country: US
Validity:
Activation time: Wed 19 Feb 2020 13:00:00 NZDT
Expiration time: Wed 20 Apr 2022 00:00:00 NZST
Fingerprints:
SHA256: 9E:5F:9B:27:BB:26:14:6F:3E:2F:50:75:FE:BF:64:1C:4B:8D:E0:A6:B7:EA:4F:27:13:05:FD:81:3F:57:52:26
SHA1 (deprecated): 54:36:F6:D1:44:0A:B4:62:F0:94:1B:21:7A:1B:82:5C:DF:FD:FF:57
<-- 220 Mailgun Influx ready
--> EHLO localhost
<-- 250-smtp-out-n17.prod.us-east-1.postgun.com
<-- 250-AUTH PLAIN LOGIN
<-- 250-SIZE 52428800
<-- 250-8BITMIME
<-- 250-ENHANCEDSTATUSCODES
<-- 250-SMTPUTF8
<-- 250 PIPELINING
--> MAIL FROM:<mailgun#myexample.net>
--> RCPT TO:<aidalgol#example.net>
--> DATA
<-- 550 5.7.1 Relaying denied
msmtp: envelope from address mailgun#mydomain.net not accepted by the server
msmtp: server message: 550 5.7.1 Relaying denied
msmtp: could not send mail (account default from /etc/msmtprc)

It turned out to be that I needed to set auth on in the msmtp configuration. The error envelope from address mailgun#mydomain.net not accepted by the server from msmtp was completely wrong.

For other people who got here you'll probably need to go to
https://app.mailgun.com/app/sending/domains/**YOUR-DOMAIN-NAME-HERE/credentials
to get your per-domain credentials as suggested here:
https://documentation.mailgun.com/en/latest/quickstart-sending.html#send-via-api
I diagrammed what to put where in the configuration file along with how to navigate to the setting. This should help make things super clear hopefully.
Note: The grey info-box in the bottom right with the password copy thing I got to by clicking on the green outlined "Reset password" button

Related

Gmail is blocking to send email via SMTP? [duplicate]

This question already has answers here:
smtp error: 535 5.7.8 Username and Password not accepted for gmail in go
(4 answers)
Closed 2 years ago.
I have tried to set up msmtp server from this question PHP+Ubuntu Send email using gmail form localhost. So I have set the default (account) to send from:
/etc/msmtprc:
defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account default
host smtp.gmail.com
port 587
auth on
user autak987#gmail.com
password PASSWORD #not real password
from autak987#gmail.com
logfile /var/log/msmtp.log
And now when I try to send a test email (executed as root):
echo -e "Subject: Test Mail\r\n\r\nThis is my first test email." | msmtp --debug --from=default -t autak987#gmail.com
gives:
loaded system configuration file /etc/msmtprc
ignoring user configuration file /root/.msmtprc: No such file or directory
falling back to default account
using account default from /etc/msmtprc
host = smtp.gmail.com
port = 587
source ip = (not set)
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = choose
user = autak987#gmail.com
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = on
tls_trust_file = /etc/ssl/certs/ca-certificates.crt
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = default
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = /var/log/msmtp.log
logfile_time_format = (not set)
syslog = (not set)
aliases = (not set)
reading recipients from the command line and the mail
<-- 220 smtp.gmail.com ESMTP o60sm9122564eda.30 - gsmtp
--> EHLO localhost
<-- 250-smtp.gmail.com at your service, [2a00:1028:8d1b:f32a:baac:e4e8:de4:df3c]
<-- 250-SIZE 35882577
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250-ENHANCEDSTATUSCODES
<-- 250-PIPELINING
<-- 250-CHUNKING
<-- 250 SMTPUTF8
--> STARTTLS
<-- 220 2.0.0 Ready to start TLS
TLS session parameters:
(TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
TLS certificate information:
Owner:
Common Name: smtp.gmail.com
Organization: Google LLC
Locality: Mountain View
State or Province: California
Country: US
Issuer:
Common Name: GTS CA 1O1
Organization: Google Trust Services
Country: US
Validity:
Activation time: Tue 11 Aug 2020 10:57:38 AM CEST
Expiration time: Tue 03 Nov 2020 09:57:38 AM CET
Fingerprints:
SHA256: 8A:D6:DC:62:1D:6B:BB:B9:45:03:38:E8:40:AC:8C:A8:60:75:CF:B6:95:93:83:4C:ED:AD:BA:CA:71:47:44:E7
SHA1 (deprecated): 84:5D:7F:E9:0E:7C:6A:C0:70:F6:04:09:4A:1C:AA:5D:6C:BF:11:E2
--> EHLO localhost
<-- 250-smtp.gmail.com at your service, [2a00:1028:8d1b:f32a:baac:e4e8:de4:df3c]
<-- 250-SIZE 35882577
<-- 250-8BITMIME
<-- 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
<-- 250-ENHANCEDSTATUSCODES
<-- 250-PIPELINING
<-- 250-CHUNKING
<-- 250 SMTPUTF8
--> AUTH PLAIN AGF1dGFrOTg3QGdtYWlsLmNvbQBNaWxhbmJhcm9zMTIz
<-- 535-5.7.8 Username and Password not accepted. Learn more at
<-- 535 5.7.8 https://support.google.com/mail/?p=BadCredentials o60sm9122564eda.30 - gsmtp
msmtp: authentication failed (method PLAIN)
msmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
msmtp: server message: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials o60sm9122564eda.30 - gsmtp
msmtp: could not send mail (account default from /etc/msmtprc)
msmtp: cannot log to /var/log/msmtp.log: cannot open: Permission denied
msmtp: log info was: host=smtp.gmail.com tls=on auth=on user=autak987#gmail.com from=default recipients=autak987#gmail.com smtpstatus=535 smtpmsg='535-5.7.8 Username and Password not accepted. Learn more at\n535 5.7.8 https://support.google.com/mail/?p=BadCredentials o60sm9122564eda.30 - gsmtp' errormsg='authentication failed (method PLAIN)' exitcode=EX_NOPERM
So the log says <-- 535-5.7.8 Username and Password not accepted. Learn more at, but I got an warning email someone has tried to log in your account Which I confirm was me. Then it says The application you have tried to use, Google blocked, because it does not fulfil our security standards. So the msmtp does not fulfil security standard? I have donwloaded all the certificate needed (and credentials were correct either login or password). So if msmtp does not fulfil security standard, how can I send email from php form?
You probably need to enable Less Secure Apps in your google account to allow the use of smtp
https://support.google.com/accounts/answer/6010255?hl=en
If you use 2 factor authentication you will need to generate an app specific password
https://support.google.com/accounts/answer/185833?hl=en

Sending a mail with smtp on localhost in ubuntu?

root#sourav-HP-Pavilion-dv6500-Notebook-PC:/var/log# echo -e "Subject:
Test Mail\r\n\r\n This is my first test email." | msmtp --debug
--from=default -t souravsachdeva13#gmail.com
loaded system configuration file /etc/msmtprc
ignoring user configuration file /root/.msmtprc: No such file or
directory
falling back to default account
using account default from /etc/msmtprc
host = smtp.gmail.com
port = 587
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = choose
user = souravsachdeva13#gmail.com
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = on
tls_trust_file = /etc/ssl/certs/ca-certificates.crt
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = default
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = /var/log/msmtp.log
syslog = (not set)
aliases = (not set)
reading recipients from the command line and the mail
msmtp: cannot connect to smtp.gmail.com, port 587: Connection timed
out
msmtp: could not send mail (account default from /etc/msmtprc)
root#sourav-HP-Pavilion-dv6500-Notebook-PC:/var/log#
I am trying different servers for past 3-4 hours and none of them seems to work fine for me.This one did showed some output which I think can be helpful to debug it. Do you see any setting missing or wrongly configured.
Do not you have to get an application password ?
I write gmail 'password' in msmtprc. I get error below.
msmtp: authentication failed (method PLAIN)
msmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
msmtp: server message: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials k123-v6sm24743490pga.21 - gsmtp
msmtp: could not send mail (account gmail from /home/miwa/.msmtprc)
I setup application pasword (access to URI in error message), then I can send mail to Gmail.
I use msmtp version. (on ArchLinux)
% msmtp --version
msmtp version 1.6.8
Platform: x86_64-pc-linux-gnu
TLS/SSL library: GnuTLS
Authentication library: GNU SASL
Supported authentication methods:
plain scram-sha-1 external gssapi cram-md5 digest-md5 login
IDN support: enabled
NLS: enabled, LOCALEDIR is /usr/share/locale
Keyring support: Gnome
System configuration file name: /etc/msmtprc
User configuration file name: /home/miwa/.msmtprc
Copyright (C) 2018 Martin Lambers and others.
This is free software. You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

How configure roundcube to work with imaps?

I recently installed Postfix, Dovecot to setup a mail server on my own VPS ( using this tutorial: Email with Postfix, Dovecot, Mysql)
Imaps server uses port 993 for Authentication, and Postfix uses port 25 to send mails.
In this tutorial, users stored in a Database ( so imaps use mysql to authenticate users).
i'm sure every thing works fine with imaps and postfix , because few days ago i installed Kmail client (on my linux) and receive mails from my server. sending mails also works fine, i sent a mail to Gmail and google received it without a problem (in my "Gmail inbox" not spam folder)
So to get to my Emails from a web mail client, i installed Roundcube on /var/www/mail directory.
I configured Roundcube many times. but each time it gives me this Error:
IMAP Error: Login failed for [me#mydomain] from X.x.X.x . Empty
startup greeting (localhost:993) in
/var/www/mm/program/lib/Roundcube/rcube_imap.php on line 184 (POST
/mm/?_task=login?_task=login&_action=login)
When i do log in from roundcube, imap server says ( in /var/log/mail.log ):
May 20 07:05:16 my-server dovecot: imap-login: Disconnected (no auth
attempts): rip=::1, lip=::1, TLS handshaking: Disconnected
Here is my roundcube config file :
$config['db_dsnw'] = 'mysql://roundcubeuser:myPassword#localhost/roundcubemail';
// ----------------------------------
// IMAP
// ----------------------------------
$config['debug_level'] = 13;
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'ssl://localhost';
What's the problem? i really have no idea what is happening !
Thank you.
I'm using postfix + dovecot + roundcube a few months now and it's working for me. In my configuration, postfix rejects plaintext sessions, so roundcube has to connect with ssl - and it's working.
This is from my main.inc.php. I don't remember editing anything here, it's just the initial config created during the installation.
Now that I'm looking at it, default_port doesn't make any sense, I think it's just ignored.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '#' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
$rcmail_config['default_host'] = array("ssl://localhost:993");
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
In case the other answer does not work, this is what worked for me. My config.inc.php now contains:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
NOTE: using tls://localhost did not work for me. I had to specify ssl:// as the URI scheme.
Via PhpMyAdmin, I also ran this SQL command (all my user accounts are on the same machine that runs RoundCube):
UPDATE `rc_users` SET `mail_host`='ssl://localhost'
I got the port number 993 from running sudo netstat -tulnp in order to determine the port on which Dovecot was listening.

Postfix SMTP relay: client does not offer TLS client certificate to the server?

I have two machines, one running Ubuntu and one runing Debian, both running Postfix. The intent is that machine#2 becomes a SMTP relay/smarthost for machine#1. I have created a CA and issued certificates for both of the machines: a server certificate for #2 and a client certificate for #1.
When sending e-mail from #1 (by having the MUA talk to Postfix on localhost:25 with the intent that it relays e-mail to #2), the basic things work fine: the machines can talk to each other and an attempt to relay is actually made. The idea is to allow relaying on #2 if a valid client-side SSL/TLS certificate is presented from #1.
The relevant configuration for #2 is:
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 2
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/private/cert2.pem
smtpd_tls_key_file = /etc/ssl/private/key2-d.pem
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination permit_tls_all_clientcerts
The configuration on #1 is:
smtp_tls_CAfile = /etc/ssl/certs/cacert.pem
smtp_tls_cert_file = /etc/ssl/private/cert1.pem
smtp_tls_key_file = /etc/ssl/private/key1-d.pem
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = verify
smtp_tls_loglevel = 2
Machine#1 connects to #2, enables STARTTLS, the log files show that it successfuly verifies the certificate from #2, and attempts to relay the message. However, it appears not to send the client certificate to #2, and #2 refuses to relay the message.
Log entries from #1:
Apr 17 01:18:14 mail1 postfix/smtp[30250]: Verified TLS connection established to mail2[x.x.x.x]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 17 01:18:14 mail1 postfix/smtp[30244]: 8A2328BDB4: to=<addr#gmail.com>, relay=mail2[x.x.x.x]:25, delay=3488, delays=3486/0.41/0.85/0.19, dsn=4.7.1, status=deferred (host mail2[x.x.x.x] said: 454 4.7.1 <addr#gmail.com>: Relay access denied (in reply to RCPT TO command))
Log entries from #2:
Apr 17 01:18:13 mail2 postfix/smtpd[28798]: Anonymous TLS connection established from unknown[y.y.y.y]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 17 01:18:13 mail2 postfix/smtpd[28798]: NOQUEUE: reject: RCPT from unknown[y.y.y.y]: 454 4.7.1 <addr#gmail.com>: Relay access denied; from=<addr#mail1> to=<addr#gmail.com> proto=ESMTP helo=<mail1>
Any ideas? I'm basing my assumption that #1 didn't send its client cert on the "Anonymous TLS connection established" part in the logs from mail2.
A TLS server must request a certificate from the client, the client will not send it by its own. Try to add
smtpd_tls_ask_ccert=yes
on the server side
add your server adress ( server1.domaine.com ) in the postfix conf file main.cf
mynetworks = 127.0.0.1/8

Send email from gmail using Telnet

I am working on windows and I have enabled telnet client
In cmd prompt:
$telnet smtp.gmail.com 587
220 mx.google.com ESMTP dk3sm50678627pbc.32 - gsmtp
$Helo
250 mx.google.com at your service
$ mail from: <myuser#gmail.com>
530 5.7.0 Must issue a STARTTLS command first. dk3sm50678627pbc.32 - gsmtp
$ STARTTLS
220 2.0.0 Ready to start TLS
$ mail from:
C:\Users\{myuser}>
Connection to host lost.
Don't know What is the problem ?
Can anyone help me out , how i can send emails from gmail server using telnet from command line >
smtp.gmail.com requires TLS. The basic telnet client that comes with windows does not know how to negotiate TLS with a server. You may want to use openssl instead, which is able to negotiate TLS. See http://www.madboa.com/geek/openssl/#cs-smtp for an example of how to do this.
The gmail smtp must use smtp auth before you sending your email. The smtp auth need username and password.
see this link blow if you can read in Chinese.
http://linxucn.blog.51cto.com/1360306/837365
Last I sugguest you use java to ask gmail smtp server to send email, It will be more easy , becasue you needn't encode the smtp auth to BASE64 or anything else.
GOGOGO, good luck :)
Put into a VBS file, ie sendmail.vbs.
Set emailObj = CreateObject("CDO.Message")
emailObj.From = "cat#gmail.com"
emailObj.To = "cat#gmail.com"
emailObj.Subject = "Test CDO"
emailObj.TextBody = "Test CDO"
emailObj.AddAttachment "c:\windows\win.ini"
Set emailConfig = emailObj.Configuration
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.gmail.com"
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 465
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = true
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "cat"
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "Ccat1"
emailConfig.Fields.Update
emailObj.Send
If err.number = 0 then Msgbox "Done"
At Google's web site for GMail you have to turn this feature on for CDO to work.
At your Gmail page click Settings - Accounts and Import - Other Google Account Settings - [At very bottom of page] Allow less secure apps.
Also from memory you also have to click a link in an email the first time you use it (it's been a few years).