I've just installed git git-1.8.1.2 and gitlab gitlab_6.7.2-omnibus-1.ubuntu.12.04_amd64.deb on fresh install of Ubuntu 12.04 lts following: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#ubuntu-12-04 and: https://www.gitlab.com/2014/03/12/packaged-gitlab-with-omnibus/
When setting up a new user in gitlab, it attempts to send out an email with temporary passwords but postfix gets an error from the relay host:
Bad sender address syntax (in reply to MAIL FROM command)
My /etc/gitlab/config/environments/production.rb looks like this
config.action_mailer.delivery_method = :smtp
config.action_mailer.perform_deliveries = true
config.action_mailer.raise_delivery_errors = true
config.action_mailer.smtp_settings = {
:address => 'mail.domain.com',
:port => 587,
:domain => 'domain.com',
:user_name => 'username#domain.com',
:password => 'password',
:authentication => 'password',
:enable_starttls_auto => true
}
I can send email via command line with postfix using I think the same relay host.
echo “This will go into the body of the mail.” | sendmail “Hello world” myemail#domain.com
What might be going wrong and where should I look?
I have also had the same problem on AWS using SES. After wasting 2 days debugging, reading docs and forums, I tried to loose the Security Group inbound rules, which were restricted only to the ports 22, 80 and 443.
Firstly I opened all inbound traffic for debug purposes. As soon as I open all ports to the world (0.0.0.0/0), the issue was gone. But this cannot stay so, then I closed all inbound ports, except 22 (SSH), 90 (HTTP), 443 (HTTPS) and additionally 25 (SMTP) to the IP of the SMTP-Server and it is still working.
So, to sum up, the SES needs to be able to communicate with the server using the SMTP port. That's why the port must be open for inbound traffic as well.
Related
I'm currently having some issues sending mail from my droplet. I can confirm this works in my local. I'm using the same settings except for including the name option in the transport to include my domain name. The emails are not making it to the recipient nor the spam folder.
UPDATE: Even removing the name option gives the same outcome.
This is my response
{
accepted: [ 'toemail#email.com' ],
rejected: [],
envelopeTime: 176,
messageTime: 337,
messageSize: 27416,
response: '250 2.0.0 OK <31ccdd12-a4f2-bf72-9064-b7a3a7857eb8#mydomain.com>
[Hostname=microsoft365hostname]',
envelope: { from: 'email#mydomain.com', to: [ 'toemail#email.com' ] },
messageId: '<31ccdd12-a4f2-bf72-9064-b7a3a7857eb8#mydomain.com>'
}
Here is my transport object
function getTransporter() {
return nodemailer.createTransport({
name: "mydomain.com",
host: "smtp.office365.com",
port: 587,
auth: {
user: user,
pass: pass
},
tls: true,
});
}
Here is my UFW
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
27017 ALLOW //mypersonalipaddress for mongo
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
587 ALLOW OUT Anywhere
587 (v6) ALLOW OUT Anywhere (v6)
I can also confirm that Digital Ocean told me ports 25 and 587 are not being blocked.
If my droplet IP was blacklisted would the mail atleast make it to spam folder ? I ran a scan on my droplet IP and found there was 3 places who had it blacklisted probably to do with when I was changing my Nameservers from godaddy to Digital Ocean. Since then, I am currently using Godaddy's NS and just pointing an A record to my droplet IP.
UPDATE :
Sender: support#mydomain.org
Recipient: myemail#yahoo.com
Received -> Processed -> Not delivered
Status: Office 365 received the message that you specified, but couldn't
deliver it to the recipient (myemail#yahoo.com) due to the following
error:<br /><br /><b>Error:</b> The message was not delivered.<br /><br
/>A non-delivery report (NDR) message was sent to support#mydomain.org.
The NDR might provide more details about why the email message wasn't
delivered and how to fix the issue.
More information: <div>Ask the sender (support#mydomain.org) to follow
the instructions in the NDR to fix this issue. The NDR might also
include specific information for email admins. If the sender is unable
to fix the issue, ask them to forward you the NDR and then follow the
guidance for email admins.</div>
Date (UTC-05:00) | Event | Detail |
------------------------------------
10/31/2021, 4:16 PM | Fail | The message was not delivered.
More information
Message ID:<7e6d8c35-7824-6df7-bb08-236af8fbe9ee#mydomain.org>
Message size | From IP | To IP
28.17 KB | mydropletip | null
UPDATE:
I found the NDR emails:
Your message wasn't delivered because the recipient's email provider
rejected it.
Remote Server returned '550 5.7.708 Service unavailable. Access
denied, traffic not accepted from this IP
UPDATE: Instead of dealing with this, I decided to just utilize send grid and authorize my domain. I was able to get email working inside my droplet using their simple API. I have a feeling the droplet's IP address was blacklisted. They do try to deter people away from using droplet as mail service. I understand why now.
How can I use from a VM (linux) where a Java application is running a SMTP Server/relay?
For connecting to SMTP I want to use an O365 account, so configuration looks like:
host: smtp.office365.com
port: 587
TLS: true
uid: UID-O365
pwd: PWD-O365
As response I get:
An error has occurred with sending the test email:
MailException: com.sun.mail.smtp.SMTPSendFailedException:
501 5.1.7 Invalid address [AM4P190MB0211.EURP190.PROD.OUTLOOK.COM]
;
nested exception is:
com.sun.mail.smtp.SMTPSenderFailedException: 501 5.1.7 Invalid address
[AM4P190MB0211.EURP190.PROD.OUTLOOK.COM]
remark: The application that wants to connect runs on java, what is probably unimportant
The server is telling you that the address "AM4P190MB0211.EURP190.PROD.OUTLOOK.COM" that you're using in your message as a sender or recipient address is not a valid email address. It at least needs a "#" in there somewhere. You can get more detail in the JavaMail debug output.
The solution is simple: sender email address (what was not listed above) and UID must be the same
I have installed Gitlab 8.15 and Exim 4.84 on CentOS 7
Whenever Gitlab sends a message, it should come from 'gitlab#mydomain.nl' which is correctly set in config/gitlab.yml.
If I look in the log, I see the following:
2016-12-21 21:50:02 cwd=/ 6 args: /usr/sbin/sendmail -i -f gitlab#mydomain.nl -- mypersonal#gmail.com
2016-12-21 21:50:02 1cJnpq-0001ZR-NG <= git#vps.mydomain.nl U=git P=local S=3859 id=585aeafaad130_175126f0b9c43854#vps.mydomain.nl.mail T="Reset password instructions" from <git#vps.mydomain.nl> for mypersonal#gmail.com
Note that between those 2 lines, the from address changed from gitlab#mydomain.nl to git#vps.mydomain.nl which is based on user#FQDN.
My external SMTP server then does a DKIM and SPF lookup on vps.mydomain.nl, instead of mydomain.nl, which fails and the mail is rejected.
I am not sure where this change happens and how I should fix this. Is this something on Gitlab side or something on Exim side?
The relevant parts from my exim configuration:
begin routers
mysmtphost_email:
driver = manualroute
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
transport = mysmtphost_relay
route_list = * vps.mysmtphost.email::587
no_more
(...)
begin transports
mysmtphost_relay:
driver = smtp
port = 587
hosts_require_auth = <; $host_address
hosts_require_tls = <; $host_address
Just found out the user git was not part of the trusted_users directive in the exim.conf file. I changed it to include the user as follows:
trusted_users = mail:apache:passenger:git
I came to this conclusion since mails sent by other Rails applications running as user passenger were being sent correctly as specified by the from address. Then I noticed passenger being part of this directive and git not.
From the Exim documentation:
Trusted users are always permitted to use the -f option or a leading
“From ” line to specify the envelope sender of a message that is
passed to Exim through the local interface (see the -bm and -f options
below). See the untrusted_set_sender option for a way of permitting
non-trusted users to set envelope senders.
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html#SECTtrustedadmin
Processes running as root or the Exim user are always trusted. Other
trusted users are defined by the trusted_users or trusted_groups
options. In the absence of -f, or if the caller is not trusted, the
sender of a local message is set to the caller’s login name at the
default qualify domain.
Hi All,
I want to create a JSP page where I will ask user to give the source host and port and also destination host and port.
Following combination of source and destination OS is possible
Unix->Unix/Windows/zOS Windows-> Unix/Windows/zOS zOS ->
Unix/Windows/zOS
With these inputs I want to connect to the source server and fire this command telnet $ip $port to the destination. If the telnet connectivity is successful it should return success and else error.
I want to create the logic non-interactive that it should not require any password to login the source for checking telnet connectivity.
Is there any such library or any mechanism available so that I could make this feasible?
Why not use Apache Commons Net?
TelnetClient telnet = new TelnetClient();
try {
telnet.connect("rainmaker.wunderground.com", 3000);
} catch(IOException e) {
// failed
} finally {
telnet.disconnect();
}
I've decided to post this here and not on serverfault, as the community there is to small and nearly 80% of my questions are unanswered...
So I've got my sever with 3 domains: x.com, y.com and z.com. x.com relays internally, y.com relays internally, and z.com SHOULD relay through amazon SES.
Right now, x and y.com mail correctly internally, but I need z.com to relay through SES.
So, my config so far in main.cf:
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_transport
domainz_sasl_auth_enable = yes
domainz_sasl_security_options = noanonymous
domainz_sasl_password_maps = hash:/etc/postfix/sas2_passwd
domainz_use_tls = yes
domainz_tls_security_level = encrypt
domainz_tls_note_starttls_offer = yes
domainz_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
and in my master.cf, I've appended a unix channel above the default smtp:
domainz unix - - n - 1 smtp
smtp inet n - n - - smtpd
and in my sender_transport I have
#domainZ.com domainz:
1. Where do I enter the ses smtp of "email-smtp.us-east-1.amazonaws.com". I assume we need to hit "domainz:" so we can pass the correct sasl data to it.
2. Keep in mind that this is mail going out from the server, not in, so that's why I didn't set a transport_map.
This is the error I'm getting when pushing out mail from #domainz:
"status=bounced (Host or domain name not found. Name service error for name=domainz type=AAAA: Host not found)"; so before we can even get to amazon's SES host, I'm having an issue at the transport level that I can't seem to figure out.
Thanks,
Mike
After nearly 24 hours of trying to solve this, I finally figured it out. I hope this helps whomever is looking to use this same method and doesn't have to go through the pain I just went through!
So in my example above, domain x + y relayed through virtual aliases. For z we must use a transport, in this case it was a sender_dependent_relayhost_maps transport, so I can grab the sender and relay them through amazon SES.
In main.cf, regardless of smtp/unix-socket, we straight up use SES standards:
smtp_sasl_auth_enable=yes
smtp_sasl_security_options=noanonymous
smtp_sasl_password_maps=hash:/etc/postfix/sas
smtp_use_tls=yes
smtp_tls_security_level=encrypt
smtp_tls_note_starttls_offer=yes
smtp_tls_CAfile=/etc/ssl/certs/ca-bundle.crt
In sender_dependent_relayhost_maps we use:
#domainz.com [email-smtp.us-east-1.amazonaws.com]:25
The smtp_sasl_password_maps file stores the matching relay's user:key.
And that's it!