Postfix authentication to ComCast port 587

Bruce Dawson jbd at codemeta.com
Mon Jan 19 18:11:27 EST 2009 

This is the reason its being rejected...

postfix/smtp[11991]:    3C4A1918124: to=<michael.odonnell at comcast.net>, relay=smtp.comcast.net[76.96.62.117]:587, delay=0.39, delays=0.01/0.02/0.33/0.04, dsn=5.1.0, status=bounced (host smtp.comcast.net[76.96.62.117] said: 550 5.1.0 <mod at e521> sender rejected : invalid sender domain (in reply to MAIL FROM command))


('e521' is not a valid domain name and not recognized by DNS.) I'm not
sure where its getting e521 from, but you can probably change it using
postfix - Unfortunately I don't remember the directive (or where to put
the directive) to do that.

Try giving it a domain name like c-99-99-99-999.hsd1.nh.comcast.net
(where the 99's are your comcast IP address).

You should at least get a bounce message from your own server since it
did detect that smtp.comcast.net rejected your message.

--Bruce



Michael O'Donnell wrote:
>  [ this msg transmitted via ComCast's godawful WWW email tool ]
>
> Once upon a time, ComCast invited customers to send copies of SPAM
> messages (those few which managed to get past ComCast's filters)
> to a particular email address, so I rigged my system to do so
> because I presumed they'd use them to better train their Bayesian
> recognizers, or some such.  I must say, I was happy to cooperate
> because their filters seemed quite effective and very little
> SPAM got through.  But, of course, no good deed goes unpunished;
> ComCast has consequently just summarily decided that *I* am a
> SPAM source and blocked all outbound traffic on port 25 (SMTP)
> and decreed that I may only use port 587 (submission) which my
> configured-and-working-for-at-least-10-years Exim installation
> seemed incapable of coping with.
>
> So I replaced Exim with Postfix in an attempt to get back on
> the air and made considerable progress.  I *think* I'm to the
> point where if I can figure out WTF is going on with Certificates
> and such I might be in good shape.  Details shown below (errors
> toward the end); any help or advice gratefully accepted, though
> please be informed that I am addicted to my local MH setup and
> very much want to get this working, so recommendations like
> "just give up and use Gmail" aren't really what I'm after...   >-/
>
>  #################################
>
> # The "stock" contents of my /etc/postfix/main.cf after the config script
> # had finished setting up Postfix to route outbound messages via ComCast's
> # server as a "smarthost" on the SMTP port 25:
>
>                     smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>                             biff = no
>              append_dot_mydomain = no
>                 readme_directory = no
>              smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>               smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>                    smtpd_use_tls = yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>  smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>                       myhostname = e521
>                       alias_maps = hash:/etc/aliases
>                   alias_database = hash:/etc/aliases
>                    mydestination =
>                       mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>                  mailbox_command = procmail -a "$EXTENSION"
>               mailbox_size_limit = 0
>              recipient_delimiter = +
>                  inet_interfaces = all
>
> # I then added these, intending to cause Postfix to act as an SMTP
> # client of ComCast's server, using the "submission" port 587 :
>                        relayhost = [smtp.comcast.net]:submission
>                     smtp_use_tls = yes
>            smtp_sasl_auth_enable = yes
>       smtp_sasl_security_options = noanonymous
>          smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>
> # ...and I made sure that the referenced file /etc/postfix/sasl_passwd
> # has a single line, thus:
>
> [smtp.comcast.net]:submission michael.odonnell:myPasswordHere
>
> # When I run 'dpkg -l' on my very recent Debian box and grep for (what
> # I imagine to be) items relevant to this problem I see this:
>
>   ii libssl0.9.8       0.9.8g-14 SSL shared libraries
>   ii openssl           0.9.8g-14 Secure Socket Layer (SSL) binary and related cryptographic tools
>   ii openssl-blacklist 0.4.2     list of blacklisted OpenSSL RSA keys
>   ii ssl-cert          1.0.23    simple debconf wrapper for OpenSSL
>   ii postfix           2.5.5-1.1 High-performance mail transport agent
>
> # When I run 'ldd /usr/sbin/postfix' I see this:
>   linux-gate.so.1        => (0xffffe000)
>   libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0xb7ee5000)
>   libpostfix-util.so.1   => /usr/lib/libpostfix-util.so.1 (0xb7eb8000)
>   libssl.so.0.9.8        => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7e71000)
>   libcrypto.so.0.9.8     => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d1e000)
>   libsasl2.so.2          => /usr/lib/libsasl2.so.2 (0xb7d07000)
>   libdb-4.6.so           => /usr/lib/libdb-4.6.so (0xb7bd4000)
>   libnsl.so.1            => /lib/i686/cmov/libnsl.so.1 (0xb7bbb000)
>   libresolv.so.2         => /lib/i686/cmov/libresolv.so.2 (0xb7ba7000)
>   libc.so.6              => /lib/i686/cmov/libc.so.6 (0xb7a4b000)
>   libdl.so.2             => /lib/i686/cmov/libdl.so.2 (0xb7a47000)
>   libz.so.1              => /usr/lib/libz.so.1 (0xb7a32000)
>   libpthread.so.0        => /lib/i686/cmov/libpthread.so.0 (0xb7a19000)
>   /lib/ld-linux.so.2     (0xb7f2a000)
>
> # I can grab my mail via fetchmail at will from the specified server,
> # but when I try to transmit email thus:
>
>   x=HiMom ; echo $x | mailx -s$x michael.odonnell at comcast.net
>
> # ...the message never arrives.  I see this in /var/log/syslog:
>
>   postfix/pickup[11811]:  3C4A1918124: uid=1570 from=<mod>
>   postfix/cleanup[11989]: 3C4A1918124: message-id=<20090119215456.3C4A1918124 at e521>
>   postfix/qmgr[2137]:     3C4A1918124: from=<mod at e521>, size=298, nrcpt=1 (queue active)
>   postfix/smtp[11991]:    certificate  verification failed for smtp.comcast.net[76.96.62.117]:587: untrusted issuer /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
>   postfix/smtp[11991]:    3C4A1918124: to=<michael.odonnell at comcast.net>, relay=smtp.comcast.net[76.96.62.117]:587, delay=0.39, delays=0.01/0.02/0.33/0.04, dsn=5.1.0, status=bounced (host smtp.comcast.net[76.96.62.117] said: 550 5.1.0 <mod at e521> sender rejected : invalid sender domain (in reply to MAIL FROM command))
>   postfix/cleanup[11989]: 9CD3E91812D: message-id=<20090119215456.9CD3E91812D at e521>
>   postfix/qmgr[2137]:     9CD3E91812D: from=<>, size=2065, nrcpt=1 (queue active)
>   postfix/bounce[11992]:  3C4A1918124: sender non-delivery notification: 9CD3E91812D
>   postfix/qmgr[2137]:     3C4A1918124: removed
>   postfix/smtp[11991]:    certificate  verification failed for smtp.comcast.net[76.96.62.117]:587: untrusted issuer /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
>   postfix/smtp[11991]:    9CD3E91812D: to=<mod at e521>, relay=smtp.comcast.net[76.96.62.117]:587, delay=0.39, delays=0/0/0.34/0.05, dsn=5.1.1, status=bounced (host smtp.comcast.net[76.96.62.117] said: 550 5.1.1 <mod at e521> recipient invalid domain (in reply to RCPT TO command))
>   postfix/qmgr[2137]:     9CD3E91812D: removed
>
> # If I watch the transaction using WireShark it appears that all
> # is going well - the inital conversation takes place, I see the
> # STARTTLS phase, then a fair amount of encrypted goobledegook,
> # and then it craps out, restarts the whole session, craps out
> # the same way again and then terminates.
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>

More information about the gnhlug-discuss mailing list