[System Admin Module] - the external smtp server is buggy

Hello.

I am trying to use external mail server here are my results:

  1. It wont work smtp.office365.com - anyoing!, maby because microsoft auth is too complicated.
    error
    "SMTP Protocol Returned a Permanent Error 530 5.7.57 SMTPP; Client was not authenticated to send anonymous mail during MAIL FROM"

  2. it will not work with any hostname, because it can not resolve it, its not firewall issue because DNS is open and i can update the modules from the internet.
    error
    Mar 31 15:53:48 pbx postfix/error[23328]: D34DF2418B3: to=[email protected], relay=none, delay=239726, delays=239706/20/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=smtpout.secureserver.net type=MX: Host not found, try again)

  3. it will only work if i enter the ip and not host.
    it will not work with
    132.245.224.194
    132.245.61.226
    134.170.68.82
    191.234.224.2
    132.245.36.98
    with is outlook.office365.com

it will only work with ip 68.178.252.101 which is godaddy smtp server
smtpout.secureserver.net - 68.178.252.101

if i enter smtpout.secureserver.net, it will not work.

please fix! its buggy :smile:

There is a clue for you.

I would think it is probably a setting issue, if you feel there is a bug with Postfix, I think you are asking in the wrong place. Postfix is installed with CentOS and really has nothing to do with FreePBX.

I use postfix with Gmail, it works great. It did require some setting up for it to forward mail, which included installing an SSL certificate signed by the machine.

Did you try searching your issue? I did a quick Google search and found this CLICK HERE

hi it can be setting issue?

i dont know how it works with gmail.

there is only one setting which smtp server field

if i enter the ip 68.178.252.101 it will work. if i enter the dns name it will not work.

you still think its postfix issye?

Nope, I think it is a DNS issue. Your server is not resolving the name correctly, is your server acting as a dns server? are you using someone elses server? does it just happen on this machine or others?

There is something weird with the domain name you’re trying to use, when I ping that domain name, I get the following name come back SMTPOUT.WHERE.SECURESERVER.NET [173.201.192.101]

Try the domain of SMTPOUT.WHERE.SECURESERVER.NET it should not matter, because you can have thousands of names resolving to one IP. Worth a try, if this does not work, your DNS has an issue on the server. You may have the wrong DNS server address on your network setup.

Something interesting here, the ping results above was from within windows, if I do it from one of my linux servers I see something completely different.

[[email protected] ~]# ping smtpout.secureserver.net
PING smtpout.where.secureserver.net (173.201.192.229) 56(84) bytes of data.
64 bytes from p3plsmtpa07-v01.prod.phx3.secureserver.net (173.201.192.229): icmp_seq=1 ttl=114 time=90.9 ms
64 bytes from p3plsmtpa07-v01.prod.phx3.secureserver.net (173.201.192.229): icmp_seq=2 ttl=114 time=98.7 ms
64 bytes from p3plsmtpa07-v01.prod.phx3.secureserver.net (173.201.192.229): icmp_seq=3 ttl=114 time=91.1 ms
64 bytes from p3plsmtpa07-v01.prod.phx3.secureserver.net (173.201.192.229): icmp_seq=4 ttl=114 time=91.3 ms

Hi!

Maybe I am misunderstanding something and I am somewhat rusty in the matter (I used to be a mail server admin and DNS admin years ago) but there is a thing I am not getting… Why do you want to use Microsoft’s or Godaddy’s mail servers to relay your email, can’t you just simply use the one of your ISP? Usually if you are in their IP space you frequently don’t need to authenticate yourself.

By the way, it is not saying it cannot resolve the server hostname, it is saying it cannot get an MX (record) for that hostname…

The MX record is the record that says which host name receives mail for a domain or subdomain. An hostname itself is considered to be a subdomain and by default, unless you put brackets on each side of it (ie []), Postfix tries to get the MX record of that subdomain/hostname.

see http://www.postfix.org/postconf.5.html#relayhost

so you would need to type something like

[smtpout.secureserver.net]

as server name if you reallllllly want to use Godaddy’s mail servers…

(Maybe FreePBX should add those brackets by itself if that is indeed the problem…)

As for the smtpout.where.secureserver.net deanot26508 mentioned, don’t use this… They aliased smtpout.secureserver.net to smtpout.where.secureserver.net using a DNS CNAME record (ie an alias).

If you have dig installed issuing the following command

dig smtpout.secureserver.net ANY

should, amongst other things, output this:

;; ANSWER SECTION:
smtpout.secureserver.net. 30 IN CNAME smtpout.where.secureserver.net.

That’s where that “where” is coming from… (-;

Good luck and have a nice day!

Nick

As for the different replies obtained from Windows and Linux it looks like their DNSes are somewhat messed up…

(Or maybe that is on purpose but it’s definitely weird…)

You can give more than one IP to the same hostname, that’s how you implement a poor man load balancing… Sometimes you will get an IP, sometimes another, etc…

In their case it is more messed up…

They have 3 DNSes resolving where.secureserver.net (gns1.secureserver.net, gns2.secureserver.net and gns3.secureserver.net) and they don’t always give the same answer…

They seem to alternate between 68.178.252.101, 173.201.192.229 and 173.201.193.229 (and possibly others)…

Must be somekind of weird load balancing hardware at work (my guess it is actually doing more than simple load balancing, it is probably taking care of failover as well…)

Have a nice day!

Nick

Hello,

I managed to get it working.
Well Free-PBX has really nothing to do with it, but the thing is that I have expected to be able to set it from Free-PBX GUI Module instead of editing postfix files manually, I mean that is what is “Paid module For”, otherwise it`s not worth it because this module is supposed to allow you to set postfix without editing from SSH/

  1. First of all, in order for postfix to work with office365, you need postfix version at least 2.6 and above
    I had postfix 2.3, and I have upgraded it to 3.0 via this article, very handy:
    http://www.stevejenkins.com/blog/2011/01/building-postfix-on-rhel-centos-from-source/

  2. after that, the problem with DNS issue was fixed, but I had to set other settings in main.cf of postfix
    “
    relayhost = [smtp.office365.com]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_generic_maps = hash:/etc/postfix/generic
    smtp_tls_security_level = encrypt
    smtp_sasl_security_options = noanonymous
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    “

  3. It is important to you create sender_canoical DB by the typing the command:
    sudo postmap hash:/etc/postfix/sender_canonical
    in order to create sender_canonical file(not DB)
    type
    echo “root [email protected]” >> /etc/postfix/sender_canonical

All of this will fix the from field, instead of every time get from “[email protected]”. it was annoying i did not understand it. Even without doing section 3, the emails were sent fine, but on the log pbx postfix/qmgr[2605]: 55CCB2400F2: from=<[email protected]
I have always got that it was sent from “root”, anyway - the steps above fixes it.

  1. important last thing is that you make sure to change the hostname to something else then the domain your are sending to, you can do this by changing the machine name or by changing “myhostname “ setting at main.cf

  2. UPDATE, After doing all 4 Stages above, It still did not work when I left a messasge for someone, I have notice that asterisk send the email from user “[email protected]”, It make sense, since I tested everything as root, Now apparently, all the mails were coming from Asteriski, at the log you will see it as this: “from=<[email protected]”, again!
    I found that the way to fix it is to change the from field-on-the-fly, and that is done by setting generic file, it seems as normal user you cannot do it, that is why what I was setting at 4, did not work, it cannot be changed, but you can fix it by set the same thing at generic file. I found how to do it from here:
    http://www.cyberciti.biz/tips/howto-postfix-masquerade-change-email-mail-address.html
    basically, go edit the file of “smtp_generic_maps” which is /etc/postfix/generic
    and add the line below to it without the “ ofc.
    “asterisk [email protected]”
    It will change the from that is coming from asterisk to the email address you want to

All of this is very disappointing because for a “paid module” I would expect SSL/TLS support.

I would recommend to let email section at this module the option to add field’s manually from the GUI that edits main.cf, exactly like DAHDI module.

I am sorry for my English, it’s been so long. Hope that helps anyone.

1 Like

+1 for a feature request to be able to config relayhost & friends from within the FreePBX GUI :wink:
(same technique as described is required for 1and1.co.uk email hosting relay)

script that i created to helpme debug all this, not that sudo -u will allow you to test it as how asterisk sends the email!!!
PIS.

#!/bin/bash
postsuper -d ALL
postfix stop && postfix start
echo “Test mail from postfix” | sudo -u asterisk mail -s “Test Postfix” [email protected]
clear
tail -f /var/log/maillog

I could not get smtp_generic_maps to work with Postfix 2.6.6 so I replaced with sender_canonical_maps instead

My server is sending email from [email protected], [email protected], [email protected] to O365 so in my canonical file I have
@sub.domain.com [email protected]
be sure to run postmap to get postfix updated
postmap /etc/postfix/sender_canonical
service postfix restart