Gmail smtp SASL authentication - email

I'm using postfix to send email via gmail with an application's password (two step-validation activated).
Each time I test sending mail using sendmail command, I get this error:
Action: delayed
Status: 4.7.14
Diagnostic-Code: X-Postfix; delivery temporarily suspended: SASL authentication
failed; server smtp.gmail.com said: 534-5.7.14
<https://accounts.google.com/signin/continue?...> Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14
This is my postfix configuration:
main.cf
myorigin = /etc/mailname
mydestination = mydomain.com, localhost.fr, localhost
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
/etc/postfix/sasl/sasl_passwd:
[smtp.gmail.com]:587 admin#mydomain.com:application_password
And this is how I used sendmail:
sendmail -v ...
From: admin#mydomain.com
Subject: Test
This is a test mail
.
Any ideas ? Thanks !

For anyone finding this who has run into the same scenario:
Using an app specific password
2FA enabled on your account
Seeing 'delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[173.194.68.109] said: 534-5.7.9 Please log in with your web browser and then try again' in your log
You may need to visit https://accounts.google.com/DisplayUnlockCaptcha to 'bypass' the captcha, which will enable the account access and get everything working.

Allow less secure apps: If you don't use 2-Step Verification, you might need to allow less secure apps to access your account.

Related

Not able to authenticate SMTP clients on Debian+Postfix+SASL with rimap

I'm having a strange problem. I followed few guides from the net. My goal is to create a SMTP postfix that will use Cyrus SASL to authenticate users upon sending email with different imap server.
Making all more simple: have to transfer/replace current smtp server with new one as current is on public cloud and gets on black lists pretty often.
What I managed so far is:
Working Postfix
Authentication working when using :
testsaslauthd -u user#domain.com -p password
I'm getting Ok "Success" so I assume sasl itself work.
When I invoke saslfinger -s
I'm getting:
There is no smtpd.conf that defines what SASL should do for Postfix.
SMTP AUTH can't work!
but it seems that all is fine within the configuration files:
/etc/postfix/sasls/smtp.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
/etc/postfix/main.cf:
smtpd_recipient_restrictions = reject_invalid_hostname,
permit permit_mynetworks,
permit_sasl_authenticated
disable_vrfy_command = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
/etc/default/saslauthd-postfix:
START=yes
MECHANISMS="rimap"
MECH_OPTIONS="domain.com -r"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
I'm running postfix chroot'ed so had to create a symlink but like I said. It all seems to work independently, just need to be linked somehow.
When I try to setup account in outlook, I got wrong name or password.
The log on Debian says:
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: unknown[192.168.108.1]: SASL NTLM authentication failed: authentication failure
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: SASL authentication failure: unable to canonify user and get auxprops
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: unknown[192.168.108.1]: SASL DIGEST-MD5 authentication failed: authentication failure
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: unknown[192.168.108.1]: SASL LOGIN authentication failed: authentication failure
May 11 23:35:43 smtp-test postfix/smtpd[741]: lost connection after AUTH from unknown[192.168.108.1]
May 11 23:35:43 smtp-test postfix/smtpd[741]: disconnect from unknown[192.168.108.1]
Strange thing is it tries NTLM(not mentioned anywhere) instead of RIMAP. And cannot make canonical name of user even after adding -r switch that should combine name and realm/domain name.
I guess that is related to first warning from saslfinger but cannot find the cause.
All updated to newest available versions.
Any help?

Send email from gmail using Telnet

I am working on windows and I have enabled telnet client
In cmd prompt:
$telnet smtp.gmail.com 587
220 mx.google.com ESMTP dk3sm50678627pbc.32 - gsmtp
$Helo
250 mx.google.com at your service
$ mail from: <myuser#gmail.com>
530 5.7.0 Must issue a STARTTLS command first. dk3sm50678627pbc.32 - gsmtp
$ STARTTLS
220 2.0.0 Ready to start TLS
$ mail from:
C:\Users\{myuser}>
Connection to host lost.
Don't know What is the problem ?
Can anyone help me out , how i can send emails from gmail server using telnet from command line >
smtp.gmail.com requires TLS. The basic telnet client that comes with windows does not know how to negotiate TLS with a server. You may want to use openssl instead, which is able to negotiate TLS. See http://www.madboa.com/geek/openssl/#cs-smtp for an example of how to do this.
The gmail smtp must use smtp auth before you sending your email. The smtp auth need username and password.
see this link blow if you can read in Chinese.
http://linxucn.blog.51cto.com/1360306/837365
Last I sugguest you use java to ask gmail smtp server to send email, It will be more easy , becasue you needn't encode the smtp auth to BASE64 or anything else.
GOGOGO, good luck :)
Put into a VBS file, ie sendmail.vbs.
Set emailObj = CreateObject("CDO.Message")
emailObj.From = "cat#gmail.com"
emailObj.To = "cat#gmail.com"
emailObj.Subject = "Test CDO"
emailObj.TextBody = "Test CDO"
emailObj.AddAttachment "c:\windows\win.ini"
Set emailConfig = emailObj.Configuration
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.gmail.com"
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 465
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = true
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "cat"
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "Ccat1"
emailConfig.Fields.Update
emailObj.Send
If err.number = 0 then Msgbox "Done"
At Google's web site for GMail you have to turn this feature on for CDO to work.
At your Gmail page click Settings - Accounts and Import - Other Google Account Settings - [At very bottom of page] Allow less secure apps.
Also from memory you also have to click a link in an email the first time you use it (it's been a few years).

SMTP authentication failure while using SendGrid/Gmail

I am getting SMTP Authentication Failure on the server and the mail is getting send via the server SMTP only...
It appears to be a server configuration or related problem, but I am not sure.
This is the debug details:
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Failed to authenticate password. Error: 535 Incorrect authentication data
from: 250 OK
to: 250 Accepted
data: 354 Enter message, ending with "." on a line by itself
250 OK id=1U8Pjp-0002As-FB
quit: 221 ************** closing connection
Your message has been successfully sent using the following protocol: smtp
While testing from my local system, this works and the email is being sent via sendgrid.me
Again, This may not be a SendGrid Problem, but if you have faced similar issue, Can you please tell me what is the problem here?
I am using CentOs and I have cPanel in the server. I believe we are using EXIM for mail server.
For anyone that comes across this in future and are using cpanel/whm, you need to 'disable' this option under 'SMTP Restrictions' in WHM.
I was able to resolve this.
The issue was my server was not allowing the use of external SMTP and using its own SMTP server. I changed the settings and now it works fine.
I am using centos 7 Finally it works!
I was getting this issue(tail -f /var/log/mailog):
to=<usmanali#example.com>, relay=smtp.sendgrid.net[169.45.113.201]:587, delay=0.3, delays=0.05/0.07/0.16/0.02, dsn=5.0.0, status=bounced (host smtp.sendgrid.net[169.45.113.201] said: 550 Unauthenticated senders not allowed (in reply to MAIL FROM command))
Then i changed file /etc/postfix/main.cf in this way that added following lines into end of file
mtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
mailbox_size_limit = 256000000
# Sendgrid Settings
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:apikey:SG.YOUR_SENDGRID_KEY
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587
Then Installing postfix missing module dependency using:
sudo yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
Then restarting postfix
sudo systemctl restart postfix.service

SMTP Error <<: 503 AUTH command used when not advertised

I am facing this error in Webmail Lite.
I have Exim installed. Here is a snippet of the auth block:
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
server_condition = “${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{/etc/$domain/passwd}{$value}{*:*}}}}}{1}{0}}”
I have the passwd stored in the following format:
username:{MD5}asddfasdlasdkandlanskfdaf
How do I get AUTH enabled and working ?
Thanks in advance.
One reason for this error message is sending HELO instead of EHLO, or sending EHLO in the wrong order.
But this message can occur even if EHLO is used, when the server is running Exim.
On my server, I found the solution. In WHM > Home > Service Configuration > Exim
Configuration Manager, the option "Require clients to connect with SSL
or issue the STARTTLS command before they are allowed to authenticate
with the server" was set to the default (On). I'm not sure if I did this
or not, and it is ordinarily a great idea for security, but forces the
mailserver to enable (advertise) only the STARTTLS command, not AUTH. So
when my script sends AUTH, the error message the server sends is correct.
Further information is at http://blog.networkpresence.co/?p=8923 .
Someday when I have time I will find out how to change my script to use
TLS, so I can turn that Exim option On for security.
In my case,this error not coming regularly.some time it works but some time it gives this error.(SMTP Error: Could not authenticate.)
I debug this then I found this
SMTP -> get_lines(): $data was ""
SMTP -> get_lines(): $str is "503 AUTH command used when not advertised "
SMTP -> get_lines(): $data is "503 AUTH command used when not advertised "
SMTP -> FROM SERVER:503 AUTH command used when not advertised
SMTP -> ERROR: RSET failed: 503 AUTH command used when not advertised
SMTP Error: Could not authenticate.

How do you fix 550 must be authenticated sending Mail using Grails?

I'm using Grails Mail plugin and trying to send email and keep getting:
Error 500: Executing action [sendInvite] of controller
[RegisterController] caused exception: Failed messages:
javax.mail.SendFailedException: Invalid Addresses; nested exception
is: com.sun.mail.smtp.SMTPAddressFailedException: 550 must be
authenticated
I'm properly following the instructions at: http://www.grails.org/Mail+plugin
The mail server is returning an error when you try to send out the mail. 550 is a generic SMTP failure code; in this case it looks like you are missing a username and password. Some SMTP servers to not require authentication but most do, especially if they're publicly available on the internet. It's also possible that your SMTP server requires an SSL connection and you're connecting with an unsecured socket.
The example config for gmail shows how to set all the mail server authentication options in Config.groovy:
grails {
mail {
host = "smtp.gmail.com"
port = 465
username = "youracount#gmail.com"
password = "yourpassword"
props = ["mail.smtp.auth":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback":"false"]
}
}
Add "mail.debug": "true" to props to turn on JavaMail debugging to get a better picture of what is happening before the failure.
In my case the 550 error was caused by me having accidentally selected and IMAP account as the default account but sending emails from my Outlook Connector Account (which has no authentication settings to make).
I changed the Outlook Connector Account to default. Resent the emails and no errors.
So check that the correct email account is set up as the default also