I can receive mail, but cannot send to outside world in Squirrelmail.
Message not sent. Server replied:
Temporary authentication failure
454 4.7.1 <email@somemail.com>: Relay access denied
I double checked that postfix works, i.e. able to telnet via mail.domain.com and smtp.domain.com. Dovecot works too. Seems that Squirrelmail is a suspect. Playing with configurations, not sure what could cause the problem.
Logs show this info:
mail.domain.com postfix/smtpd[4443]: connect from mail.domain.com[XXX.XXX.XXX.XXX]
mail.domain.com postfix/smtpd[4443]: NOQUEUE: reject: RCPT from mail.domain.com[XXX.XXX.XXX.XXX]: 454 4.7.1 <email@somemail.com>: Relay access denied; from=<user@domain.com> to=<email@somemail.com> proto=ESMTP helo=<mail.domain.com>
mail.domain.com postfix/smtpd[4443]: lost connection after RCPT from mail.domain.com[XXX.XXX.XXX.XXX]
mail.domain.com postfix/smtpd[4443]: disconnect from mail.domain.com[XXX.XXX.XXX.XXX] ehlo=1 mail=1 rcpt=0/1 commands=2/3
netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 940/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 940/dovecot
tcp 0 0 192.168.124.1:53 0.0.0.0:* LISTEN 1107/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1905/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 937/master
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 940/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 940/dovecot
tcp6 0 0 :::110 :::* LISTEN 940/dovecot
tcp6 0 0 :::143 :::* LISTEN 940/dovecot
tcp6 0 0 :::80 :::* LISTEN 3521/httpd
tcp6 0 0 ::1:631 :::* LISTEN 1905/cupsd
tcp6 0 0 :::993 :::* LISTEN 940/dovecot
tcp6 0 0 :::995 :::* LISTEN 940/dovecot
udp 0 0 127.0.0.1:323 0.0.0.0:* 736/chronyd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 722/avahi-daemon: r
udp 0 0 0.0.0.0:55024 0.0.0.0:* 722/avahi-daemon: r
udp 0 0 192.168.124.1:53 0.0.0.0:* 1107/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1107/dnsmasq
udp6 0 0 :::41119 :::* 722/avahi-daemon: r
udp6 0 0 ::1:323 :::* 736/chronyd
udp6 0 0 :::5353 :::* 722/avahi-daemon: r
Iptables are as follows:
iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.124.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.124.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.124.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.124.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
iptables-save
*mangle
:PREROUTING ACCEPT [9985:4365661]
:INPUT ACCEPT [9969:4364853]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10509:2272775]
:POSTROUTING ACCEPT [10545:2275457]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
*nat
:PREROUTING ACCEPT [78:6056]
:INPUT ACCEPT [62:5248]
:OUTPUT ACCEPT [1057:68220]
:POSTROUTING ACCEPT [1057:68220]
-A POSTROUTING -s 192.168.124.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.124.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [9969:4364853]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10509:2272775]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.124.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.124.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
Update 15.11.2017:
This issue has been overcome by changing config in Squirrelmail.
Run
/usr/share/squirrelmail/config/conf.pl
Go to: Server Settings -> Update IMAP Settings -> imap.domain.com
and Update SMTP Settings -> smtp.domain.com.
It used to be just localhost.
Update 14.11.2017:
Disabled firewall and was able to send mail again. However, problem with iptables remain. Also in SELinux I tried:
setsebool -P httpd_can_network_connect 1
Update 13.11.2017
Cannot send an email on Squirrelmail after enabling firewall and opening ports 80/443, 25/143. Please, help!
ERROR:
Message not sent. Server replied:
Connection refused
111 Can't open SMTP stream.
This question comes from the following thread.
Postfix, dovecot, squirrelmail server able to send but not receive emails
Best Answer
I was able to send email finally by editing the Squirrelamil config file. Basically I switched from SMTP to Sendmail. In /etc/squirrelmail/config.php change
then restart apache
then allow Selinux to use sendmail
I doubt that this configuration of Squirrelmail will hold long. Im definitely going to play with it. For now, not sure why SMTP didn't work, but sendmail did. Hopefully, will figure out by messing with SELinux. In the meantime, anyone has opinion on whether SMTP or Sendmail is the best one to use?