Cannot send email using Outlook: 554 5.7.1: Client host rejected: Access denied

Follow

Comments

5 comments

  • Avatar
    Rafa

    Of all the steps, I only had to do point 4 (comment the line "smtpd_sasl_security_options = noplaintext") to be able to send emails again from Windows Live Mail and Outlook.

    My questions are: is correct to apply only step 4? Are we descending security with this methode?

  • Avatar
    Ivan Postnikov

    @Rafa

    > My questions are: is correct to apply only step 4?

    Step 1 is required anyway to connect to the server. Step 2 is used to backup the original configuration file in case it will be wrongly changed.

    In general Step 3,5 is required, probably on your server these settings were already set correctly. 

    > Are we descending security with this method?

    These steps slightly decrease mail server security in terms of authentication. However, this is required to work with some mail clients.  

  • Avatar
    Rafa

    Thanks for the reply! Some time ago I had problems with another server that was compromised, and had that option active, it was Plesk (it was version 11), and the same configuration (I could send emails without problems with Microsoft software). In what sense is security compromised when changing this method? I'm afraid that activating this option will lower the security level and have problems and compromise the security of the server. Can you tell me it's not that bad?

    Searching in the net I read that when activating this, it was best to force the encryption, so I activated this in main.cf:

    smtpd_tls_security_level = may
    to
    smtpd_tls_security_level = encrypt

    Unfortunately, it gave some problems when receiving from certain recipients, so I had to deactivate it.

    Thanks Ivan!

  • Avatar
    Rafa

    I don't know if the coincidences exist, but today I upgraded to Plesk 17.8.11, and included a superior version of Roundcube... that has stopped working precisely because a similar SMTP issue, specifically "ERROR SMTP (535)" in Roundcube.

    I have applied the changes of "point 4" (comment the line "smtpd_sasl_security_options = noplaintext") and Roundcube has worked again. It was destiny... The truth is that I continue worrierd about lowering security in this way, but if experts recommend it and indicate that there is no problem, I will trust.

     

  • Avatar
    Denis Bykov

    @Rafa
    When setting `smtpd_tls_security_level` to `may` you are allowing unencrypted connection to SMTP service. If mail client using an unencrypted connection, your mailbox credentials and outgoing message theoretically can be intercepted. You have to rely either on that the route between mail client and the server is not compromised (for example if client and server are located in the same isolated network) or that the mail client will be using secure connection (which is not the case here, since the article describes case when Outlook cannot establish secure connection when it enforced).
    Basically, as a result, it is up to the mail user to ensure wheither their sensitive data will be compromised.
    For Roundcube it is safe enough, since the mail client (Roundcube) and the mail servece are located on the same computer, and their intercommunications cannot be intercepted unless the server itself is compromised.
    I hope these explanations were helpful.

Please sign in to leave a comment.

Have more questions? Submit a request