Getting SendGrig to work with ISPConfig

Discussion in 'ISPConfig 3 Priority Support' started by jpcyrenne, Aug 16, 2015.

  1. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Good day,
    I'm trying to get SendGrid to work with my CentOS6.7/IspConfig3.0.5.4p8 (Postfix and Dovecot) box.
    With this setup, I can't send or receive emails.

    I've put in these recommended configs: ([root@host ~]# vi /etc/postfix/main.cf)
    https://sendgrid.com/docs/Integrate/Mail_Servers/postfix.html
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = static:yourSendGridUsername:yourSendGridPassword (changed with good user:password)
    smtp_sasl_security_options = noanonymous
    smtp_tls_security_level = encrypt
    header_size_limit = 4096000
    relayhost = [smtp.sendgrid.net]:587

    SASL looks OK according to this test:
    http://wiki.centos.org/HowTos/postfix_sasl
    [root@host ~]# perl -MMIME::Base64 -e 'print encode_base64("\000test\000test1234");'
    AHRlc3QAdGVzdDEyMzQ=

    The only param that is double is:
    smtp_tls_security_level = may VS smtp_tls_security_level = encrypt
    If I comment out each one at a time, still doesn't work.

    log: [root@host ~]# vi /var/log/maillog
    Aug 16 11:01:10 host postfix/smtp[6272]: certificate verification failed for smtp.sendgrid.net[108.168.190.108]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    Aug 16 11:01:10 host postfix/smtp[6269]: certificate verification failed for smtp.sendgrid.net[158.85.10.138]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    Aug 16 11:01:10 host postfix/smtp[6271]: certificate verification failed for smtp.sendgrid.net[108.168.190.108]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    Aug 16 11:01:10 host postfix/smtp[6272]: warning: SASL authentication failure: No worthy mechs found
    Aug 16 11:01:10 host postfix/smtp[6272]: 838D72C10E2: SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[108.168.190.108]: no mechanism available
    Aug 16 11:01:10 host postfix/smtp[6269]: warning: SASL authentication failure: No worthy mechs found
    Aug 16 11:01:10 host postfix/smtp[6269]: 149E42C05E7: SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[158.85.10.138]: no mechanism available
    Aug 16 11:01:10 host postfix/smtp[6271]: warning: SASL authentication failure: No worthy mechs found
    Aug 16 11:01:10 host postfix/smtp[6271]: 948752C0417: SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[108.168.190.108]: no mechanism available
    Aug 16 11:01:11 host postfix/smtpd[6275]: connect from unknown[127.0.0.1]
    Aug 16 11:01:11 host postfix/smtpd[6275]: 1A6792C05E6: client=unknown[127.0.0.1]
    Aug 16 11:01:11 host postfix/cleanup[6276]: 1A6792C05E6: message-id=<[email protected]>
    Aug 16 11:01:11 host postfix/smtp[6272]: certificate verification failed for smtp.sendgrid.net[158.85.10.138]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    Aug 16 11:01:11 host postfix/smtp[6269]: certificate verification failed for smtp.sendgrid.net[108.168.190.108]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    Aug 16 11:01:11 host postfix/smtp[6271]: certificate verification failed for smtp.sendgrid.net[158.85.10.138]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    Aug 16 11:01:11 host postfix/smtpd[6275]: disconnect from unknown[127.0.0.1]
    Aug 16 11:01:11 host postfix/qmgr[5932]: 1A6792C05E6: from=<[email protected]>, size=1150, nrcpt=1 (queue active)
    Aug 16 11:01:11 host amavis[10590]: (10590-05) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:47609 <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: 5nKpb9ai1vKz, Hits: -1, size: 698, queued_as: 1A6792C05E6, 514 ms
    Aug 16 11:01:11 host postfix/smtp[6270]: 85C132C05E8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=578, delays=577/0.01/0/0.52, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1A6792C05E6)
    Aug 16 11:01:11 host postfix/qmgr[5932]: 85C132C05E8: removed
    Aug 16 11:01:11 host postfix/smtp[6272]: warning: SASL authentication failure: No worthy mechs found
    Aug 16 11:01:11 host postfix/smtp[6269]: warning: SASL authentication failure: No worthy mechs found
    Aug 16 11:01:11 host postfix/smtp[6271]: warning: SASL authentication failure: No worthy mechs found
    Aug 16 11:01:11 host postfix/smtp[6272]: 838D72C10E2: to=<[email protected]>, relay=smtp.sendgrid.net[158.85.10.138]:587, delay=21275, delays=21274/0.01/0.55/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[158.85.10.138]: no mechanism available)
    Aug 16 11:01:11 host postfix/smtp[6269]: 149E42C05E7: to=<[email protected]>, relay=smtp.sendgrid.net[108.168.190.108]:587, delay=409, delays=409/0.02/0.57/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[108.168.190.108]: no mechanism available)
    Aug 16 11:01:11 host postfix/smtp[6271]: 948752C0417: to=<[email protected]>, relay=smtp.sendgrid.net[158.85.10.138]:587, delay=27717, delays=27716/0.01/0.58/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[158.85.10.138]: no mechanism available)
    Aug 16 11:01:11 host postfix/smtp[6279]: certificate verification failed for smtp.sendgrid.net[158.85.10.138]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority

    NOTE: we also see to=<[email protected]> - Is this fail2ban? Can I correst/cancel this?


    As recommended, I installed:
    yum install cyrus-sasl-plain
    log2:
    Aug 16 11:26:44 host postfix/smtpd[7432]: connect from localhost.localdomain[127.0.0.1]
    Aug 16 11:26:44 host sendmail[7431]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
    Aug 16 11:26:44 host postfix/smtpd[7432]: A8B1B2C041E: client=localhost.localdomain[127.0.0.1], sasl_sender=[email protected]
    Aug 16 11:26:44 host postfix/cleanup[7442]: A8B1B2C041E: message-id=<[email protected]>
    Aug 16 11:26:44 host postfix/qmgr[7416]: A8B1B2C041E: from=<[email protected]>, size=693, nrcpt=1 (queue active)
    Aug 16 11:26:44 host sendmail[7431]: t7GFQiCU007431: to=[email protected], ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30218, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as A8B1B2C041E)
    Aug 16 11:26:44 host postfix/smtpd[7432]: disconnect from localhost.localdomain[127.0.0.1]
    Aug 16 11:26:44 host postfix/smtp[7443]: A8B1B2C041E: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.08, delays=0.07/0/0/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])
    Aug 16 11:27:00 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:06 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:12 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=LOGIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:18 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=LOGIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:20 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:22 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:24 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:26 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=LOGIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    Aug 16 11:27:28 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=LOGIN, rip=70.54.165.84, lip=198.100.158.155, TLS
    ...
    Aug 16 11:27:50 host dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=70.54.165.84, lip=198.100.158.155, TLS


    Thanks ahead,

    JP Cyrenne
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Sending trough a relay host is a builtin function in ispconfig, no need to modify any postfix fils. The first step is to undo the manual modifications that you did in the postfix file. Then Login to ispconfig and enter the details of the sendgrid relay server under System > server config > mail in the relayhost fields.
     
    mattltm likes this.
  3. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Wow, could it be any easier! I guess I was taking the long route.
    Thanks, it works great!
    JP
     
  4. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Works well with SquirrelMail and my Mail client(Mac) connected to the server.
    But my web app uses localhost (Postfix) and it doesn't go through the Relay? Would I have to use a valid email account? I would like for everything to go through SendGrid (including forms - Contact Us for example) and not have to configure the Sendgrid info everywhere, in each /web account. Is this possible?

    Thanks,
    JP
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    All emails to addresses that are not on the server itself will go trough the relay server, this includes all emails sent by websites trough postfix at localhost.
     
  6. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    You are right. My contact form sends local. If I use an opt-in registration form to an external emal it's working perfectly.
    Thank you once again for the great support.
    JP
     

Share This Page