Skip to main content

    Support

    Offers

U
user_a2b546
1st Topic
1st Reply

Visitor

 • 

4 Messages

Thursday, June 9th, 2022 7:45 PM

Closed

smtp authentication errors with postfix mail server

Hi,

I've been using postfix mail server to send emails through your smtp.comcast.net server for my <user>@gmail.com account for at least a year. Sadly, a few days ago, this quit and I am not getting rrors when trying to authenticate. Here is the log message:

2022-06-09T14:12:07.970428-05:00 phil postfix/qmgr[2114]: EB8092B06BD: from=<*****@localhost>, size=416, nrcpt=1 (queue active)
2022-06-09T14:12:08.944733-05:00 phil postfix/smtp[6209]: EB8092B06BD: to=<joe@*****.net>, relay=smtp.comcast.net[96.102.167.162]:587, delay=0.99, delays=0.03/
0/0.96/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.comcast.net[96.102.167.162]: invalid parameter supplied)

My system is connecting to smtp.comcast.net on port 587.

What changed? How can I get this to work again?

Thank you,

     Joe

Question

 • 

Updated 

3 years ago

776

5

0

flatlander3

Problem Solver

 • 

1.5K Messages

3 years ago

Can you authenticate and send an email directly?  Try openssl s_client : https://www.misterpki.com/openssl-s-client/

If that works, then has postfix updated recently?  Old config with major version change on your system might have changed a parameter.  Flip on debugging in master.cf:

/etc/postfix/master.cf:    smtp      inet  n       -       n       -       -       smtpd -v

main.cf has a debug_peer_level parameter too.

Might give you a bit more color on it.

(edited)

1

0

user_a2b546

Visitor

 • 

4 Messages

@flatlander3​ 

Hmmmm.... openssl s_client never gave any response, just sat there like it was waiting to connect.

Neither smtpd -v nor smtpd -vvv made any differences to the output logs (mail.info, mail) after a restart *sigh*

I did look at my update history (thank God there is one!)  and it shows that the last update to postfix on my machine was in January.

3 years ago

0

flatlander3

Problem Solver

 • 

1.5K Messages

3 years ago

From my end here: 


# openssl s_client -starttls smtp -connect 96.102.167.162:587

(cert stuff)


.......


New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2


..........


OK  (prompt for additional commands)

Got a phone hotspot?  Try from a different IP?

1

0

user_a2b546

Visitor

 • 

4 Messages

@flatlander3​ 

Thanks for the command line example. I tried with your command, it worked as described. Then I tried (with response):

phil:/var/log # openssl s_client -connect smtp.comcast.net:587
CONNECTED(00000003)
140689638766400:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 318 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

After a few tries with the IP address  returned for smtp.comcast.net which failed in a similar manner, subsequent attempts started to work.

I'll have to think about how to test this from a different machine or set up my computer to connect through xfinitiy wifi.

3 years ago

0

flatlander3

Problem Solver

 • 

1.5K Messages

3 years ago

One of the reasons why I don't use comcast gateways.  DNS is always wonky and you can't change it with their crippled gear.  I dunno at this point.  If you got an actual IP block from them, or just a timeout issue.

Your stuff probably works.  Might just be a com problem.  Oh, and "advanced security"?  Turn that off.  Remove another buggy filter.

VPN to a server that redirects gateway works too from your postfix box.

(edited)

0

0

user_a2b546

Visitor

 • 

4 Messages

3 years ago

Sorry for the delay, real life caught up to me and I had to just use the work around for now. I will continue this when I get back from my trip in July.

Thank you for your help! I wish Comcast would chime in on this, I am assuming it is a change they made to break it.

Thanks,

  Joe

0

0

dnwnichols

New Poster

 • 

2 Messages

3 years ago

Have you had any luck getting this to start working again?

0

0

forum icon

New to the Community?

Start Here