Loading ...
Sorry, an error occurred while loading the content.

Postfix will not use authentication

Expand Messages
  • Gregorics Tamas
    Hi, I want to set up a relayhost for my local mail server, but for some reason my postfix will not try to authenticate with the relay server. I have these
    Message 1 of 12 , Apr 29, 2009
    • 0 Attachment
      Hi,

      I want to set up a relayhost for my local mail server, but for some reason
      my postfix will not try to authenticate with the relay server.

      I have these packages installed:

      libsasl2
      libsasl2-2
      libsasl2-modules

      main.cf
      relayhost = mail.relay.host
      smtp_sasl_auth_enable = yes
      smtp_sasl_security_options = noanonymous
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
      smtp_cname_overrides_servername = no


      sasl_password:
      mail.relay.host user@...:password


      If I send a mail the relay server rejects it with a no relaying allowed
      error. I checked it with tcpdump, and there is no authentication in the
      outgoing smtp session.

      With the same settings a different server can use the same relay server.

      Any ideas?
    • Victor Duchovni
      ... Make that: relayhost = [mail.relay.host] ... Make that: [mail.relay.host] login-name:password Whether the login-name includes an @domain part or not, and
      Message 2 of 12 , Apr 29, 2009
      • 0 Attachment
        On Wed, Apr 29, 2009 at 10:43:19PM +0200, Gregorics Tamas wrote:

        > Hi,
        >
        > I want to set up a relayhost for my local mail server, but for some reason
        > my postfix will not try to authenticate with the relay server.
        >
        > I have these packages installed:
        >
        > libsasl2
        > libsasl2-2
        > libsasl2-modules
        >
        > main.cf
        > relayhost = mail.relay.host

        Make that:

        relayhost = [mail.relay.host]

        > sasl_password:
        > mail.relay.host user@...:password

        Make that:

        [mail.relay.host] login-name:password

        Whether the login-name includes an @domain part or not, and what that
        domain should be, depends on the authentication system at the target host.

        > Any ideas?

        Without logs, nothing further can be said.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Gregorics Tamás
        ... Did not work that way either. ... The format and content of the credentials are correct, because I have a 2nd postfix box which can authenticate with the
        Message 3 of 12 , Apr 30, 2009
        • 0 Attachment
          Victor Duchovni wrote:
          > On Wed, Apr 29, 2009 at 10:43:19PM +0200, Gregorics Tamas wrote:
          >
          >
          >> Hi,
          >>
          >> I want to set up a relayhost for my local mail server, but for some reason
          >> my postfix will not try to authenticate with the relay server.
          >>
          >> I have these packages installed:
          >>
          >> libsasl2
          >> libsasl2-2
          >> libsasl2-modules
          >>
          >> main.cf
          >> relayhost = mail.relay.host
          >>
          >
          > Make that:
          >
          > relayhost = [mail.relay.host]
          >
          >
          >> sasl_password:
          >> mail.relay.host user@...:password
          >>
          >
          > Make that:
          >
          > [mail.relay.host] login-name:password
          >
          >

          Did not work that way either.

          > Whether the login-name includes an @domain part or not, and what that
          > domain should be, depends on the authentication system at the target host.
          >
          >

          The format and content of the credentials are correct, because I have a
          2nd postfix box which can authenticate with the same settings.


          >> Any ideas?
          >>
          >
          > Without logs, nothing further can be said.
          >
          >
          Apr 30 08:28:19 *** postfix/smtp[4510]: C791845C65B: to=<*@***.hu>,
          relay=mail.t-online.hu[84.2.44.3]:25, delay=0.79,
          delays=0.26/0.06/0.14/0.34, dsn=5.7.1, status=bounced (host
          mail.t-online.hu[84.2.44.3] said: 554 5.7.1 <*@***.hu>: Relay access
          denied (in reply to RCPT TO command))

          Thats all.


          > Is saslauthd running?
          >
          > James

          As far as I know I only need saslauthd if I want to authenticate my
          clients to smtpd, so it's not running.


          --
          Tisztelettel:

          Gregorics Tamás

          Szervízmunkatárs
          M&M Computer Kft.
          7623 Pécs, Mártírok u.42.
          Tel.: +36-72/516-517
          Fax: +36-72/516-522
          Mobil: +36-30-747-6553
          e-mail: tamas.gregorics@...

          http://www.mmcomputer.hu
        • Wietse Venema
          Gregorics Tamas: [ Charset UTF-8 unsupported, converting... ] ... Yes. Instead of cut-and-paste main.cf, use postconf -n command output. There is a reason
          Message 4 of 12 , Apr 30, 2009
          • 0 Attachment
            Gregorics Tamas:
            [ Charset UTF-8 unsupported, converting... ]
            > Hi,
            >
            > I want to set up a relayhost for my local mail server, but for some reason
            > my postfix will not try to authenticate with the relay server.
            >
            > I have these packages installed:
            >
            > libsasl2
            > libsasl2-2
            > libsasl2-modules
            >
            > main.cf
            > relayhost = mail.relay.host
            > smtp_sasl_auth_enable = yes
            > smtp_sasl_security_options = noanonymous
            > smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
            > smtp_cname_overrides_servername = no
            >
            >
            > sasl_password:
            > mail.relay.host user@...:password
            >
            >
            > If I send a mail the relay server rejects it with a no relaying allowed
            > error. I checked it with tcpdump, and there is no authentication in the
            > outgoing smtp session.
            >
            > With the same settings a different server can use the same relay server.
            >
            > Any ideas?

            Yes.

            Instead of cut-and-paste main.cf, use "postconf -n" command output.
            There is a reason why the mailing list instructions ask for this.
          • Gregorics Tamás
            ... Sorry, here is the output: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory =
            Message 5 of 12 , Apr 30, 2009
            • 0 Attachment
              Wietse Venema wrote:
              > Gregorics Tamas:
              > [ Charset UTF-8 unsupported, converting... ]
              >
              >> Hi,
              >>
              >> I want to set up a relayhost for my local mail server, but for some reason
              >> my postfix will not try to authenticate with the relay server.
              >>
              >> I have these packages installed:
              >>
              >> libsasl2
              >> libsasl2-2
              >> libsasl2-modules
              >>
              >> main.cf
              >> relayhost = mail.relay.host
              >> smtp_sasl_auth_enable = yes
              >> smtp_sasl_security_options = noanonymous
              >> smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
              >> smtp_cname_overrides_servername = no
              >>
              >>
              >> sasl_password:
              >> mail.relay.host user@...:password
              >>
              >>
              >> If I send a mail the relay server rejects it with a no relaying allowed
              >> error. I checked it with tcpdump, and there is no authentication in the
              >> outgoing smtp session.
              >>
              >> With the same settings a different server can use the same relay server.
              >>
              >> Any ideas?
              >>
              >
              > Yes.
              >
              > Instead of cut-and-paste main.cf, use "postconf -n" command output.
              > There is a reason why the mailing list instructions ask for this.
              >
              >
              Sorry, here is the output:

              alias_database = hash:/etc/aliases
              alias_maps = hash:/etc/aliases
              append_dot_mydomain = no
              biff = no
              config_directory = /etc/postfix
              content_filter = smtp-amavis:[127.0.0.1]:10024
              inet_interfaces = all
              inet_protocols = ipv4
              mailbox_command = procmail -a "$EXTENSION"
              mailbox_size_limit = 0
              message_size_limit = 10485760
              mydestination = ***.hu, debian.***.hu, localhost.***.hu, localhost
              myhostname = ***.hu
              mynetworks = 192.168.0.0/16, 127.0.0.0/8
              myorigin = /etc/mailname
              recipient_delimiter = +
              relayhost = mail.t-online.hu
              smtp_data_xfer_timeout = 1000s
              smtp_sasl_auth_enable = yes
              smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
              smtp_sasl_security_options = noanonymous
              smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
              smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
              smtpd_hard_error_limit = 10
              smtpd_helo_required = yes
              smtpd_helo_restrictions = reject_invalid_hostname
              smtpd_policy_service_max_idle = 900s
              smtpd_policy_service_timeout = 240s
              smtpd_recipient_restrictions = permit_mynetworks,
              reject_unauth_destination, reject_unauth_pipelining,
              check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
              check_policy_service inet:127.0.0.1:12525
              smtpd_sender_restrictions = reject_non_fqdn_sender,
              reject_unknown_sender_domain
              smtpd_soft_error_limit = 8
              smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
              smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
              smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
              smtpd_use_tls = yes
            • Wietse Venema
              ... Does this command: $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password Produce the expected output? There is no need to post your username or
              Message 6 of 12 , Apr 30, 2009
              • 0 Attachment
                Gregorics Tamás:
                > > Yes.
                > >
                > > Instead of cut-and-paste main.cf, use "postconf -n" command output.
                > > There is a reason why the mailing list instructions ask for this.
                > >
                > >
                > Sorry, here is the output:
                >
                ...
                > relayhost = mail.t-online.hu
                > smtp_sasl_auth_enable = yes
                > smtp_sasl_password_maps = hash:/etc/postfix/sasl_password

                Does this command:

                $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password

                Produce the expected output? There is no need to post
                your username or password to the mailing list.

                Wietse
              • Ivan Stepaniuk
                ... I don t see anything wrong with this. check the output of #postmap -q your.relay.tld hash:/etc/postfix/sasl_password to see if your file has the right
                Message 7 of 12 , Apr 30, 2009
                • 0 Attachment
                  Gregorics Tamás wrote:
                  > recipient_delimiter = +
                  > relayhost = mail.t-online.hu
                  > smtp_data_xfer_timeout = 1000s
                  > smtp_sasl_auth_enable = yes
                  > smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
                  > smtp_sasl_security_options = noanonymous

                  I don't see anything wrong with this.

                  check the output of
                  #postmap -q your.relay.tld hash:/etc/postfix/sasl_password
                  to see if your file has the right syntax.

                  check if you don't need to specify an auth method, like the following:
                  smtp_sasl_mechanism_filter = plain, login

                  If you didn't yet, I would also try to configure that relay on your mail
                  client to see if your login information is OK and you are allowed to do
                  what you want trough this relay.
                  my 2 cents.

                  --
                  Iván Stepaniuk
                • Gregorics Tamás
                  ... Yes, I get the username and password. -- Tisztelettel: Gregorics Tamás Szervízmunkatárs M&M Computer Kft. 7623 Pécs, Mártírok u.42. Tel.:
                  Message 8 of 12 , Apr 30, 2009
                  • 0 Attachment
                    Wietse Venema wrote:
                    > Gregorics Tam�s:
                    >
                    >>> Yes.
                    >>>
                    >>> Instead of cut-and-paste main.cf, use "postconf -n" command output.
                    >>> There is a reason why the mailing list instructions ask for this.
                    >>>
                    >>>
                    >>>
                    >> Sorry, here is the output:
                    >>
                    >>
                    > ...
                    >
                    >> relayhost = mail.t-online.hu
                    >> smtp_sasl_auth_enable = yes
                    >> smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
                    >>
                    >
                    > Does this command:
                    >
                    > $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
                    >
                    > Produce the expected output? There is no need to post
                    > your username or password to the mailing list.
                    >
                    > Wietse
                    >
                    >
                    Yes, I get the username and password.

                    --
                    Tisztelettel:

                    Gregorics Tamás

                    Szervízmunkatárs
                    M&M Computer Kft.
                    7623 Pécs, Mártírok u.42.
                    Tel.: +36-72/516-517
                    Fax: +36-72/516-522
                    Mobil: +36-30-747-6553
                    e-mail: tamas.gregorics@...

                    http://www.mmcomputer.hu
                  • Wietse Venema
                    ... Now you can turn on verbose logging: # postconf -e debug_peer_list = mail.t-online.hu # postfix reload Try sending mail, post logs, and replace username,
                    Message 9 of 12 , Apr 30, 2009
                    • 0 Attachment
                      Gregorics Tamás:
                      > > Does this command:
                      > >
                      > > $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
                      > >
                      > > Produce the expected output? There is no need to post
                      > > your username or password to the mailing list.
                      > >
                      > Yes, I get the username and password.

                      Now you can turn on verbose logging:

                      # postconf -e "debug_peer_list = mail.t-online.hu"
                      # postfix reload

                      Try sending mail, post logs, and replace username, password, and other
                      confidential stuff by XXX. Don't word-wrap the logs into destruction.

                      Wietse
                    • Gregorics Tamas
                      On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@porcupine.org (Wietse ... Here is the verbose log: May 2 20:18:17 xxxxx postfix/smtp[6383]:
                      Message 10 of 12 , May 2 11:25 AM
                      • 0 Attachment
                        On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
                        Venema) wrote:
                        > Gregorics Tamás:
                        >> > Does this command:
                        >> >
                        >> > $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
                        >> >
                        >> > Produce the expected output? There is no need to post
                        >> > your username or password to the mailing list.
                        >> >
                        >> Yes, I get the username and password.
                        >
                        > Now you can turn on verbose logging:
                        >
                        > # postconf -e "debug_peer_list = mail.t-online.hu"
                        > # postfix reload
                        >
                        > Try sending mail, post logs, and replace username, password, and other
                        > confidential stuff by XXX. Don't word-wrap the logs into destruction.
                        >
                        > Wietse

                        Here is the verbose log:

                        May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                        220 *******************************************************
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                        HELO xxx.hu
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                        250 mail01a.mail.t-online.hu
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: server features: 0x1040 size 0
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                        MAIL FROM:<mcdouglas@...>
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                        250 2.1.0 Ok
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                        RCPT TO:<mcd@...>
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                        554 5.7.1 <mcd@...>: Relay access denied
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: connect to subsystem
                        private/bounce
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr nrequest = 0
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr flags = 0
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr queue_id = C0AEC45C2DA
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr original_recipient =
                        mcd@...
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr recipient = mcd@...
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr offset = 504
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr dsn_orig_rcpt =
                        rfc822;mcd@...
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr notify_flags = 0
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr status = 5.7.1
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr diag_type = smtp
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr diag_text = 554 5.7.1
                        <mcd@...>: Relay access denied
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr mta_type = dns
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr mta_mname =
                        mail.t-online.hu
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr action = failed
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr reason = host
                        mail.t-online.hu[84.2.44.3] said: 554 5.7.1 <mcd@...>: Relay access
                        denied (in reply to RCPT TO command)
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: private/bounce socket: wanted
                        attribute: status
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: input attribute name: status
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: input attribute value: 0
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: private/bounce socket: wanted
                        attribute: (list terminator)
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: input attribute name: (end)
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: C0AEC45C2DA: to=<mcd@...>,
                        relay=mail.t-online.hu[84.2.44.3]:25, delay=0.62,
                        delays=0.25/0.03/0.11/0.24, dsn=5.7.1, status=bounced (host
                        mail.t-online.hu[84.2.44.3] said: 554 5.7.1 <mcd@...>: Relay access
                        denied (in reply to RCPT TO command))
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                        RSET
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                        250 2.0.0 Ok
                        May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                        QUIT
                      • mouss
                        ... borked proxy/router/firewall. ... with HELO, there is no smtp extensions, and thus no authentication. for extended smtp, EHLO is needed instead of HELO.
                        Message 11 of 12 , May 2 11:37 AM
                        • 0 Attachment
                          Gregorics Tamas a écrit :
                          > On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
                          > Venema) wrote:
                          >> Gregorics Tamás:
                          >>>> Does this command:
                          >>>>
                          >>>> $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
                          >>>>
                          >>>> Produce the expected output? There is no need to post
                          >>>> your username or password to the mailing list.
                          >>>>
                          >>> Yes, I get the username and password.
                          >> Now you can turn on verbose logging:
                          >>
                          >> # postconf -e "debug_peer_list = mail.t-online.hu"
                          >> # postfix reload
                          >>
                          >> Try sending mail, post logs, and replace username, password, and other
                          >> confidential stuff by XXX. Don't word-wrap the logs into destruction.
                          >>
                          >> Wietse
                          >
                          > Here is the verbose log:
                          >
                          > May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                          > 220 *******************************************************

                          borked proxy/router/firewall.

                          > May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                          > HELO xxx.hu

                          with HELO, there is no smtp extensions, and thus no authentication.

                          for extended smtp, EHLO is needed instead of HELO.

                          from here:

                          $ telnet mail.t-online.hu 25
                          Trying 84.2.46.3...
                          Connected to mail.t-online.hu.
                          Escape character is '^]'.
                          220 mail01d.mail.t-online.hu ESMTP You must authenticate before sending mail
                          EHLO imlil.netoyen.net
                          250-mail01d.mail.t-online.hu
                          250-PIPELINING
                          250-SIZE 26214400
                          250-VRFY
                          250-ETRN
                          250-STARTTLS
                          250-AUTH LOGIN PLAIN
                          250-AUTH=LOGIN PLAIN
                          250-ENHANCEDSTATUSCODES
                          250-8BITMIME
                          250 DSN
                          QUIT
                          221 2.0.0 Bye


                          so the broken gateway is between you and t-online, probably on your
                          side. if you have a PIX, disable the smtp f*up "feature" (something like
                          “no fixup protocol smtp 25”). if it's something else, find out what is...

                          > [snip]
                        • Gregorics Tamas
                          ... Thank you very much! Indeed I had a PIX515 (8.0(2)) as a gateway. As soon as I disabled esmtp inspection everything worked perfectly.
                          Message 12 of 12 , May 2 11:47 AM
                          • 0 Attachment
                            On Sat, 02 May 2009 20:37:01 +0200, mouss <mouss@...> wrote:
                            > Gregorics Tamas a écrit :
                            >> On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
                            >> Venema) wrote:
                            >>> Gregorics Tamás:
                            >>>>> Does this command:
                            >>>>>
                            >>>>> $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
                            >>>>>
                            >>>>> Produce the expected output? There is no need to post
                            >>>>> your username or password to the mailing list.
                            >>>>>
                            >>>> Yes, I get the username and password.
                            >>> Now you can turn on verbose logging:
                            >>>
                            >>> # postconf -e "debug_peer_list = mail.t-online.hu"
                            >>> # postfix reload
                            >>>
                            >>> Try sending mail, post logs, and replace username, password, and other
                            >>> confidential stuff by XXX. Don't word-wrap the logs into destruction.
                            >>>
                            >>> Wietse
                            >>
                            >> Here is the verbose log:
                            >>
                            >> May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
                            >> 220 *******************************************************
                            >
                            > borked proxy/router/firewall.
                            >
                            >> May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
                            >> HELO xxx.hu
                            >
                            > with HELO, there is no smtp extensions, and thus no authentication.
                            >
                            > for extended smtp, EHLO is needed instead of HELO.
                            >
                            > from here:
                            >
                            > $ telnet mail.t-online.hu 25
                            > Trying 84.2.46.3...
                            > Connected to mail.t-online.hu.
                            > Escape character is '^]'.
                            > 220 mail01d.mail.t-online.hu ESMTP You must authenticate before sending
                            > mail
                            > EHLO imlil.netoyen.net
                            > 250-mail01d.mail.t-online.hu
                            > 250-PIPELINING
                            > 250-SIZE 26214400
                            > 250-VRFY
                            > 250-ETRN
                            > 250-STARTTLS
                            > 250-AUTH LOGIN PLAIN
                            > 250-AUTH=LOGIN PLAIN
                            > 250-ENHANCEDSTATUSCODES
                            > 250-8BITMIME
                            > 250 DSN
                            > QUIT
                            > 221 2.0.0 Bye
                            >
                            >
                            > so the broken gateway is between you and t-online, probably on your
                            > side. if you have a PIX, disable the smtp f*up "feature" (something like
                            > “no fixup protocol smtp 25”). if it's something else, find out what
                            > is...
                            >
                            >> [snip]


                            Thank you very much!
                            Indeed I had a PIX515 (8.0(2)) as a gateway. As soon as I disabled esmtp
                            inspection everything worked perfectly.
                          Your message has been successfully submitted and would be delivered to recipients shortly.