Mattermost, Inc.

SMTP(postfix) authentication doesn't work

environment

  • VERSION : 1.0.0
  • DOCKER IMAGE : self-build, because to use mysql-outside, use VOLUME to store data, and use smtp-outside

postfix

I used postfix to mail notification with docker image : https://github.com/catatnight/docker-postfix

docker run -e maildomain=mail.my.com -e smtp_user=smtp:userpass --name postfixhost -d catatnight/postfix

and test success ( authentication : smtp@mail.my.com / userpass )

configuration

"EmailSettings": {
        "SMTPUsername": "smtp@mail.my.com",
        "SMTPPassword": "userpass",
        "SMTPServer": "postfixhost",
        "SMTPPort": "25",
        "ConnectionSecurity": "",
    }
docker run --name mattermost --publish 8080:80 -v /docker/mattermost/data:/mattermost-data --link mysql:mysql --link postfixhost:postfixhost -d mattermost:1.0.0

it doesnt works

Failed to add to email address [details: 454 4.7.1 <MYID@gmail.com>: Relay access denied

resolved

I installed postfix locally with no authentication (just “apt-get install postfix” and start)

and

"EmailSettings": {
        "SMTPUsername": "",
        "SMTPPassword": "",
        "SMTPServer": "localhost",
        "SMTPPort": "25",
        "ConnectionSecurity": "",
    }

it works.

what is the problem?

maybe something similar to http://serverfault.com/questions/612159/smtp-dont-work-when-try-to-send-mail-from-mail-clinet

Basically mattermost is able to see and connect to the smtp server, but the email server is rejecting the “to address”. I suspect it’s the check_recipient_access property.

from http://serverfault.com/questions/42519/how-to-correct-postfix-relay-access-denied

The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:

smtpd_recipient_restrictions =
    permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    permit_mynetworks
    reject_unauth_destination
To explain those rules:

permit_sasl_authenticated
permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.

check_recipient_access
This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)

permit_mynetworks
This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.


thank you for reply. im sorry you had to care,

I misunderstood GO’s smtp supports

i found the reason of that situation

so i setup my postfix with no auth, and resolved.

Awesome, glad you found the issue.

I also tried to use the catatnight/postfix image as the postfix host. I use the mattermost team edition and, thus, adjusted the docker-compose.yml file as follows:

postfix:
  image: catatnight/postfix
  environment:
    - maildomain=my.domain.com
    - smtp_user=user:pass
  expose:
    - 25
db:
  build: db
  volumes:
    - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
    - /etc/localtime:/etc/localtime:ro
  # uncomment the following to enable backup
  #environment:
  #  - AWS_ACCESS_KEY_ID=XXXX
  #  - AWS_SECRET_ACCESS_KEY=XXXX
  #  - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
  #  - AWS_REGION=us-east-1
app:
  build: app
  links:
    - db:db
    - postfix
  volumes:
    - ./volumes/app/mattermost/config:/mattermost/config:rw
    - ./volumes/app/mattermost/data:/mattermost/data:rw
    - /etc/localtime:/etc/localtime:ro
web:
  build: web
  ports:
    - "8065:80"
    - "443:443"
  links:
    - app:app
  volumes:
      # This directory must have cert files
    - ./volumes/web/cert:/cert:ro
    - /etc/localtime:/etc/localtime:ro
  environment:
    - MATTERMOST_ENABLE_SSL=false
    - PLATFORM_PORT_80_TCP_PORT=80

@jongsic, can you clearify what you did exactly to deactivate authentication in the catatnight/postfix container?