550 Envelope domain 'domain.com' doesn't match AUTH domain 'null'

Question

550 Envelope domain 'domain.com' doesn't match AUTH domain 'null'

ravivgolov opened this issue 6 months ago · comments

Hi
The first time setting the server, I tried the last command from the docs but i am getting error:
[almalinux@relay domain]$ swaks --to test2@domain.com --from test@domain.com --server relay.domain.com --port 587 --auth-user user --auth-password 1234567789 --helo domain.com
=== Trying relay.domain.com:587...
=== Connected to relay.domain.com.
<- 220 relay.domain.com ESMTP Haraka/3.0.3 ready
-> EHLO domain.com
<- 250-relay.domain.com Hello localhost.localdomain [127.0.0.1]Haraka is at your service.
<- 250-PIPELINING
<- 250-8BITMIME
<- 250-SMTPUTF8
<- 250-SIZE 0
<- 250-STARTTLS
<- 250 AUTH PLAIN LOGIN CRAM-MD5
-> AUTH CRAM-MD5
<- 334 PDQyODRiLjE4ZWU0M2I5ZWQzQHJlbGF5Lm1haWx3aXNoLmNvbT4=
-> bWFpbHdpc2ggZmI3MzMxMGRjMzhmMzE2MTY0NDMwZTBiYjMzODYxNTQ=
<- 235 2.7.0 Authentication successful
-> MAIL FROM:test@domain.com
<** 550 Envelope domain 'domain.com' doesn't match AUTH domain 'null'
-> QUIT
<- 221 relay.domain.com closing connection. Have a jolly good day.
=== Connection closed with remote host.

What I am doing wrong that I receive the error:
<** 550 Envelope domain 'domain.com' doesn't match AUTH domain 'null'

Thanks,
Raviv

Matt Simerson · Answer 1 · Tue Apr 16 2024 08:17:37 GMT+0800 (China Standard Time)

Your AUTH user has a null/empty domain name. The solution (at least for now) is to authenticate with a full email address.

Ravgrg · Answer 2 · Tue Apr 16 2024 08:22:07 GMT+0800 (China Standard Time)

I have followed the instructions (auth_flat_file.ini):
[core]
methods=PLAIN,LOGIN,CRAM-MD5

[users]
user=123456789

I am trying to send email using only relay, this is not possible?

Thanks

Matt Simerson · Answer 3 · Tue Apr 16 2024 08:23:07 GMT+0800 (China Standard Time)

Another solution: set constrain_sender=false in the auth plugin you are using.

Ravgrg · Answer 4 · Tue Apr 16 2024 08:24:44 GMT+0800 (China Standard Time)

Do you mean under [core] like that:
[core]
methods=PLAIN,LOGIN,CRAM-MD5
constrain_sender=false

Sorry for the newbie questions.

Matt Simerson · Answer 5 · Tue Apr 16 2024 08:26:16 GMT+0800 (China Standard Time)

Do you mean under [core] like that:

Yes, exactly.

Or include a domain name with your auth info:

[users]
user@example.com=123456789

Ravgrg · Answer 6 · Tue Apr 16 2024 08:33:15 GMT+0800 (China Standard Time)

I can't include the domain and make it one domain usage, I want the relay will work out of the box with any domain provided.
If I add like your example, Can I still choose any domain in MAIL FROM? The intention of the MTA is to use it as an MTA for other servers.

Another 2 questions, How i sign all outgoing emails with DKIM - ESP level? I mean if the email has no DKIM set, haraka will use my default relay domain to sign the outbound emails?

2nd, Is it possible to set DMARC on the ESP level?

I am starting out with Haraka, and so far I love the structure, very well and easier than every other MTA I have used.
Where can I read about IP warmup? I want to warm up the ips and send max 50 per IP per hour.

Thanks

Matt Simerson · Answer 7 · Tue Apr 16 2024 08:35:53 GMT+0800 (China Standard Time)

If I add like your example, Can I still choose any domain in MAIL FROM? The intention of the MTA is to use it as an MTA for other servers.

I already told you it would. Try it and see.

How i sign all outgoing emails with DKIM - ESP level?

Read the dkim docs

Ravgrg · Answer 8 · Tue Apr 16 2024 08:46:49 GMT+0800 (China Standard Time)

What would be the best option for the MTA to connect to outgoing servers?
[users]
user@example.com=123456789

Or
[users]
user=123456789

I prefer the simple user authentication. Is there any significant difference between the methods?

I need some help choosing between a single domain and another option from the guide. I'm confused about whether I need to generate a DKIM for each domain individually, or if I can select one primary domain to sign all outbound messages. Can you please clarify this for me?

Is it correct when there are multiple listeners in the output? I added that(Ports are working):
; address to listen on (default: all IPv6 and IPv4 addresses, port 25)
; use "[::0]:25" to listen on IPv6 and IPv4 (not all OSes)
listen=[::0]:587,[::0]:465,[::0]:25

[NOTICE] [-] [core] worker 4 listening on [::0]:465
[WARN] [-] [dnsbl] zone 'zen.spamhaus.org' did not respond to test point (null)
[WARN] [-] [dnsbl] disabling zone 'zen.spamhaus.org'
[NOTICE] [-] [core] Listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:25
[NOTICE] [-] [core] worker 5 listening on [::0]:465
[INFO] [-] [core] Creating TLS server on [::0]:465
[NOTICE] [-] [core] worker 2 listening on [::0]:25
[INFO] [-] [core] Creating TLS server on [::0]:465
[INFO] [-] [core] Creating TLS server on [::0]:465
[NOTICE] [-] [core] worker 1 listening on [::0]:25
[NOTICE] [-] [core] worker 3 listening on [::0]:25
[NOTICE] [-] [core] worker 4 listening on [::0]:25
[INFO] [-] [core] Creating TLS server on [::0]:465
[INFO] [-] [core] Creating TLS server on [::0]:465
[INFO] [-] [core] Creating TLS server on [::0]:465
[INFO] [-] [core] Creating TLS server on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:587
[NOTICE] [-] [core] Listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:25
[NOTICE] [-] [core] worker 5 listening on [::0]:25
[INFO] [-] [karma] connected to redis://127.0.0.1:6379
[NOTICE] [-] [core] worker 8 listening on [::0]:587
[NOTICE] [-] [core] worker 8 listening on [::0]:465
[INFO] [-] [karma] connected to redis://127.0.0.1:6379
[NOTICE] [-] [core] Listening on [::0]:587
[INFO] [-] [karma] connected to redis://127.0.0.1:6379
[NOTICE] [-] [core] worker 11 listening on [::0]:587
[NOTICE] [-] [core] Listening on [::0]:587
[WARN] [-] [dnsbl] zone 'zen.spamhaus.org' did not respond to test point (null)
[NOTICE] [-] [core] worker 7 listening on [::0]:587
[WARN] [-] [dnsbl] zone 'zen.spamhaus.org' did not respond to test point (null)
[WARN] [-] [dnsbl] disabling zone 'zen.spamhaus.org'
[WARN] [-] [dnsbl] disabling zone 'zen.spamhaus.org'
[INFO] [-] [karma] connected to redis://127.0.0.1:6379
[NOTICE] [-] [core] Listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:465
[NOTICE] [-] [core] worker 11 listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:25
[NOTICE] [-] [core] worker 7 listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:25
[NOTICE] [-] [core] Listening on [::0]:587
[NOTICE] [-] [core] worker 6 listening on [::0]:587
[WARN] [-] [dnsbl] zone 'zen.spamhaus.org' did not respond to test point (null)
[NOTICE] [-] [core] Listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:587
[WARN] [-] [dnsbl] disabling zone 'zen.spamhaus.org'
[NOTICE] [-] [core] worker 6 listening on [::0]:465
[NOTICE] [-] [core] Listening on [::0]:25
[NOTICE] [-] [core] Listening on [::0]:465
[NOTICE] [-] [core] worker 10 listening on [::0]:587
[NOTICE] [-] [core] Listening on [::0]:25
[NOTICE] [-] [core] worker 10 listening on [::0]:465