Opened 9 years ago

Closed 5 years ago

#2072 closed Bug/Something is broken (worksforme)

unable to configure email accounts

Reported by: https://id.mayfirst.org/tomas Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: email Cc: josue@…
Sensitive: no

Description

We recently joined mayfirst.

Two things:

We cannot use our Zoho Mail as an email client. We can receive mail there but we cannot send from the account. We get an error message that reads: Sending failed 554.5.7.1 Relay access denied

With our previous webhost we used Zoho Mail.

Will it be possible to use Zoho Mail with Mayfirst?

Change History (13)

comment:1 Changed 9 years ago by https://id.mayfirst.org/alfredo

Hi Tomas,

It's helpful to know which site and/or membership you're referring to. We have so many member sites that it's tough to remember who's who.

I don't know much about Zoho mail but is that a service or was the program installed on some server or do you have copies of that on your local computers?

You can use outside services by bouncing email from our servers but the better idea is to use our own webmail programs and, of course, configure any email clients you may have on your own computers.

That information would help us answer your questions. :-)

Alfredo

comment:2 Changed 9 years ago by https://id.mayfirst.org/jamie

I'm scratching my head on this zoho thing to. Is this what you are referring to: http://mail.zoho.com?

It looks like a corporate, web-based proprietary email client. Yikes. Are you sure you want to be using that to access your email? I see that they offer a seductive array of web based programs (like spread sheets, etc.). However, the terms of service (as is usually the case with things that seem to good to be true) are not a basis for a solid relationship around something as important as email. I would be particularly wary of:

  • "AdventNet may modify the Terms upon notice to you at any time. These modifications may include, without limitation, payment for the Services." [Fairly straight forward - but with one caveat: since it's not free software, if they start charging, you can't simply pick up your data and move elsewhere because you can't take the software with you.]
  • "You agree not to use the Services for the transmission of "junk mail", "spam", "chain letters", or unsolicited mass distribution of email." [Unsolicited mass distribution of email sounds a lot like organizing online on a topic that Zoho decides they don't like.]
  • "By using the any of the Services and transmitting or publishing any content using such service, you expressly consent to determination of questions of illegality or infringement of third party rights in such content by the agent designated by AdventNet for this purpose." [Meaning any spurious claim about intellectual property violations (like re-posting news articles, etc.) could result in your content being taken offline].

This is just a quick read.

Judging from the error you are reporting: "Sending failed 554.5.7.1 Relay access denied", my guess is that zoho is trying to send mail to port 25 on our servers (instead of 587) and/or is not properly authenticating before sending. Unfortunately, since it's a closed system, we can't trouble shoot their servers :(.

Jamie

comment:3 follow-up: Changed 9 years ago by https://id.mayfirst.org/josue

tomas,

you have done quite a bit of research on these terms of service. you have some good reasons for using some of these tools. i think that this is an important conversation to be had and this is a great place for it.

as for the zoho error, the configuration allows us to set the port to 587 and this is still the error. what does that mean jamie? can we see from our logs whether they are trying to authenticate? we are creating this response, no? why do we respond that way?

gracias,

--josue

comment:4 in reply to: ↑ 3 Changed 9 years ago by https://id.mayfirst.org/jamie

Hi Josue and Tomas,

Replying to https://id.mayfirst.org/josue:

tomas,

you have done quite a bit of research on these terms of service. you have some good reasons for using some of these tools. i think that this is an important conversation to be had and this is a great place for it.

I'm not sure if this is addressed to me or Tomas? Can we discuss the reasons for using the tools - I agree, this is an important conversation to be having so I want to be sure that we actually have it :).

as for the zoho error, the configuration allows us to set the port to 587 and this is still the error. what does that mean jamie? can we see from our logs whether they are trying to authenticate? we are creating this response, no? why do we respond that way?

We are creating this response because our servers will only accept mail under two conditions:

  • the final destination is a mailbox run
  • the user has properly authenticated and is using port 587

So - if you are using 587 - maybe you are authenticating with your username and password?

jamie

comment:5 Changed 9 years ago by https://id.mayfirst.org/josue

  • Priority changed from High to Medium

i was addressing tomas, encouraging him to engage in this conversation. his is an important voice and i want it in here!

as for zoho, tomas and i must've done something wrong. i just tested zoho mail with a mayfirst email account and it worked! i think jamie changed something and just did not tell us ;-)

comment:6 Changed 9 years ago by https://id.mayfirst.org/josue

from an email by tomas:

Hello,

I’ve been reading your responses to my query. Thanks for your replies.

A few comments:

  • On the most basic level, we are trying to get our email working to where it was. I think we are making progress.
  • Zoho: Yea, it is a for-profit entity but it (and others like Google Calendar) has been meeting our needs. I have read the Terms-Of- Service (TOS) and while not perfect by any means, they are better than many well-known companies. Things I like about them are:
    • They have always been very responsive to our needs. I can open up a chat and chat with the same person about our needs. They usually respond quickly. One time I erased my personal account including all my data (but I had my own back ups!) and they restored everything even though it took them time and I personally am not a paying customer!
    • We own our data. Our data can be easily be taken with us in a variety of formats. Also, I am always backing up our data to our machines.
    • They do not advertise. Up to now they have been explicit that they will not advertise.
    • They are humble. They make mistakes but always own up to them. It’s refreshing.
    • We’ve been using their products for several years now. We like most of them. We really like the fact that one does not have to be a developer to tinker with their products. I have learned a great deal about databases from them by using Zoho Creator.
  • Colectivo members would like to have tools that are ready to go and just work. We are not asking for perfection by any means but we just do not have the resources to take classes or to hire a tech person. A lot of the friends and allies we work with are in the same boat. I understand that one has to always put in time to learn and maintain tools. I am always preaching this to friends when I try to help them with their tech-tool needs. Actually, as I mentioned before Josue, I would love to include open source and Mayfirst at a 5 hour training we are doing at Western States Center. The workshop is about organizing tools of the trade and we will be doing it in both Spanish and English! A component of the training deals with technology and its use in organizing and social change. (By the way, as you know our friend TJ is making a website for us. He is learning Drupal. He’s a good designer too! He also give a lot back to the community. We are trying to raise some funds to pay him.)
  • Mayfirst: we love the politics. I have been resisting open source because I knew that one had to have a basic level of skills that I do not have (such as knowing how to use Drupal, etc.) Still, we decided to go forward and switch to Mayfirst. I think things will go well. I know the email issue will be resolved and I’ll commit to learning as much as I can.
  • Our needs: we are trying to use an email client such as Zoho (or even maybe even Zimbra if Zoho doesn’t work) out that we can use as our main email client. We had finally gotten used to using Zoho Mail and for us it worked fine. Again, Zoho isn’t perfect and we are open to other products too, but we have invested a lot of energy in Zoho and it’s mostly worked for us. And it’s almost completely free (we pay a minimal amount for our project management account, Zoho Projects.)
    • We like that in using Zoho Mail we always have access to several accounts on any computer.
    • It works on Mac or PC. I believe folks use it on Linux machines too since it’s browser-based and works well with Firefox.
    • We like that it connects with our other Zoho products.
    • We like that one can even use it offline via Google Gears.
    • Zimbra is good but has a few bugs. It’s open source and has a nice user interface. I think it’s built on Mozilla Prism but I am not sure. (I can use Zimbra but only with Yahoo and Gmail. Before I was using it for our Colectivo account and it worked. As of last night I still was not able to get it to work with Mayfirst.)

I appreciate all the advice and assistance you have given us. I’ll try to be better about figuring things out and using the ticket system (it’s all new to me.) I would also like to find out how Jamie got Zoho Mail to work if that is indeed the case!

Thanks again for your time and energy!

Tomas

comment:7 Changed 9 years ago by https://id.mayfirst.org/josue

  • Priority changed from Medium to High

hey folks,

did a little bit of testing with zoho. wondering if the server june is configured differently. can't check the logs cuz i do not have access to june :-(

i set up a zoho email account from viewsic and i was able to send and receive email.

i set up a zoho account from june and i was able to receive email but not send email.

just to be clear, zoho lets me enter the ports i need to use to send and receive. i use port 587 to send. i am using authentication.

i tried to send an email to josue@… and got:

Sending failed; Reason:554 5.7.1 <josue@…>: Relay access denied

so, i think that there is something on our end.

paz,

--josue

comment:8 Changed 9 years ago by https://id.mayfirst.org/jamie

Hi Tomas and Josue,

Thanks Tomas for the thoughtful responses and discussion about the use of tools.

I think a lot, if not most, people on the left approach technology from the perspective you describe, and for good reasons. As technology becomes more important in our organizing, people are recognizing that we need really good tools that work and are easy to use, competent and friendly people who support the tools, and expanding functionality of those tools so we can continue doing new and better things with our organizing. Compared to where we were in the nineties when it took an argument just to get many activist to consider using the Internet, we've come a long way!! In addition, corporate entities like Zoho and even Google meet these needs.

I think the next transition is a really important one: moving from seeing technology as a tool that complements our organizing to understanding it as an integral part of our organizing. In other words - it's one thing when we are doing all of this off line organizing and occasionally use our email lists, etc. to supplement that work.

It's a whole different situation when the Internet and technology become crucial lynch pins to our organizing itself. As we start using the Internet to build national and international alliances, as we start relying on web sites rather than mainstream media to reach mass audiences at critical times - we find ourselves increasingly dependent on the Internet. Just like previously, if we were doing an environmental campaign, we were dependent on our environmental activist partner or if we were organizing a health care campaign, we would only be as good as our health care partner. For most of our work, it's the technology partner that is often critical to our success.

In these situations - being friendly and having good skills is really not enough - the question is: are our technology partners going to follow through when things get tough? Are we fighting for the same things? Do we have solid, democratic technology organizations available? How do we build them? And, broadly speaking, are we, as a movement, developing the tools that we need?

The question I think is way bigger than zoho or not zoho. Not sure if you saw the recent NY Times article about the US government using the Internet to attack Al Queda. Despite the technology bumbling of most law enforcement, the feds really do have people who know how to use the Internet to f* things up. Unlike in previous periods of US history (e.g. Cointelpro), they're not really paying attention to the left now. If that were to change: is our use of technology able to withstand this attention? How do we build Internet infrastructure that can?

From this perspective, I think investing (by this I mean any kind of investment: money, time, training, etc.) in corporate and/or proprietary software is flushing our resources down the toilet. As a renter, I understand that we sometimes make short term decisions that are not in our long term interested :) - but I think it's important to be conscious of this decision and the impact while we work the transition.

I know I'm pretty close to this topic (and spent most of today fighting a DMCA take down challenge against a member: http://shelljazzfest.com/) so I'm a bit more riled than usual :). So - I hope my tone isn't off base! I am interested in hearing your thoughts.

We're really happy to have you as members and to be engaging in this discussion. I also hope we can work together on USSF 2010 stuff as well (where the conversation will most certainly continue).

abrazos,

jamie

comment:9 Changed 9 years ago by https://id.mayfirst.org/jamie

As for the tech question ... :)

Josue: you now should have root on june.

SASL is the method we use to handle logins from remote users wanting to send email and I don't see any sasl logins for the josuecf account:

0 june:~# zgrep josuecf /var/log/mail.log* | grep sasl
1 june:~#

On viewsic, we're still running pop before smtp - a service that allows relaying if you first download your email. I'm pretty sure that's why you got it to work on viewsic, but not on june (in other words, viewsic is the exception, not june).

On june I'm seeing connections from zoho, and even a successful negotiation of a secure smtp connection:

Apr 26 17:40:13 june postfix/smtpd[3968]: connect from sv4-smtp2.zoho.com[72.5.230.67]
Apr 26 17:40:13 june postfix/smtpd[3968]: setting up TLS connection from sv4-smtp2.zoho.com[72.5.230.67]
Apr 26 17:40:13 june postfix/smtpd[19816]: connect from unknown[92.83.134.154]
Apr 26 17:40:13 june postfix/smtpd[3968]: Anonymous TLS connection established from sv4-smtp2.zoho.com[72.5.230.67]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

However, I'm not seeing an attempt to login. Does zoho give you a login method option (should be plain or login).

Have you asked zoho support?

Jamie

comment:10 Changed 9 years ago by https://id.mayfirst.org/josue

hey chico,

this is the error message in the mail log when i try to send from zoho:

May  1 22:28:31 june postfix/smtpd[11304]: connect from sender1.zohomail.com[72.5.230.103]
May  1 22:28:31 june postfix/smtpd[11304]: NOQUEUE: reject: RCPT from sender1.zohomail.com[72.5.230.103]: 554 5.7.1 <josue@mayfirst.org>: Relay access denied; from=<josue@colectivoflatlander.org> to=<josue@mayfirst.org> proto=ESMTP helo=<172.31.252.127>
May  1 22:28:31 june postfix/smtpd[11304]: disconnect from sender1.zohomail.com[72.5.230.103]

here is the log from viewsic when it successfully sends:

May  1 22:34:18 viewsic postfix/smtpd[26993]: connect from sender1.zohomail.com[72.5.230.103]
May  1 22:34:19 viewsic postfix/smtpd[26993]: 2DB90200BB: client=sender1.zohomail.com[72.5.230.103]
May  1 22:34:19 viewsic postfix/cleanup[26880]: 2DB90200BB: message-id=<120ff2c0c29.-8346640708725186726.2371139433401469724@thepraxisproject.org>
May  1 22:34:19 viewsic postfix/qmgr[2192]: 2DB90200BB: from=<rodney@thepraxisproject.org>, size=1101, nrcpt=1 (queue active)
May  1 22:34:19 viewsic postfix/smtpd[26993]: disconnect from sender1.zohomail.com[72.5.230.103]

still trying to verify if it is us or not. zoho asks for incoming mail server and port (which seems to work on both june and viewsic) and outgoing server and port (viewsic and 587 works but june and 587 does not). there is a check box for "Using secure connection (SSL) - which i check - and "Outgoing Mail Server requires authentication" which when i check offers up 2 options: "Use same settings as my Incoming mail server" and "Log on using." i check the first one. the second one offers an opportunity to put in a username and password.

not sure what the above tells us. thoughts?

comment:11 Changed 9 years ago by https://id.mayfirst.org/josue

more research, don't know if this means anything...

one difference between the main.cf files in viewsic and june:

although both machines run postfix version 2.3.8 (ran postconf | grep version), on viewsic we have:

# sever side tls - offer tls encryption when an smtp client
# (either user email program or sending smtp server) can use it
# use this line for postfix >= 2.3: smtpd_tls_security_level = may
# instead of smtpd_use_tls
smtpd_use_tls = yes

while on june we have:

# sever side tls - offer tls encryption when an smtp client
# (either user email program or sending smtp server) can use it
smtpd_tls_security_level = may
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_loglevel = 1

so, is viewsic misconfigured? should this not work in viewsic?

no, apparently although "smtpd_use_tls = yes" is obsolete, it still works. i replaced this line with "smtpd_tls_security_level = may" and i was still able to send.

bleech... time to get some sleep...

comment:12 Changed 9 years ago by https://id.mayfirst.org/jamie

Hi Josue,

I'm pretty sure that the reason it works on viewsic is because we are running "pop before smtp". In other words, the reason is works on viewsic is not because authenticated smtp is working with zoho/viewsic - but because viewsic is allowing you to relay provided you pop your mail first. This setup is a legacy, insecure setup that we decided to move away from years ago.

Also - june and viewsic are running different versions of postfix (june is running debian lenny, viewsic is running debian etch):

0 viewsic:~# postconf | grep "mail_version ="
mail_version = 2.3.8
0 viewsic:~#

0 june:~#  postconf | grep "mail_version ="
mail_version = 2.5.5
0 june:~#

However, since both are greater than 2.3, it seems like the new setting change that you made should work.

We do know that authenticated sending works on june (and viewsic for that matter) - it can be tested using Thunderbird or any other email client.

We don't know that authenticated sending works with zoho.

Here's an example on june of authenticated smtp working (this is based on a connection I setup using Thunderbird):

May  2 11:38:13 june postfix/smtpd[18201]: connect from ool-182d0ce5.dyn.optonline.net[24.45.12.229]
May  2 11:38:13 june postfix/smtpd[18201]: setting up TLS connection from ool-182d0ce5.dyn.optonline.net[24.45.12.229]
May  2 11:38:13 june postfix/smtpd[18201]: Anonymous TLS connection established from ool-182d0ce5.dyn.optonline.net[24.45.12.229]: TLSv1 with cipher DHE-RSA-AES256-SHA (2
56/256 bits)
May  2 11:38:29 june postfix/smtpd[18201]: D83C7220A5: client=ool-182d0ce5.dyn.optonline.net[24.45.12.229], sasl_method=PLAIN, sasl_username=jamie-june@june.mayfirst.org
May  2 11:38:29 june postfix/cleanup[18611]: D83C7220A5: message-id=<49FC68F1.3000506@june.jamie.mayfirst.org>
May  2 11:38:29 june postfix/qmgr[8066]: D83C7220A5: from=<jamie@june.jamie.mayfirst.org>, size=719, nrcpt=1 (queue active)
May  2 11:38:29 june postfix/smtpd[18201]: disconnect from ool-182d0ce5.dyn.optonline.net[24.45.12.229]

In contrast, in your example above, neither tls negotiation nor a sasl login attempt happens.

Can you try unchecking "SSL" and seeing if zohomail will fall back to starttls? SSL says start an SSL connection right off the bat. starttls says: start in plain mode and then try to switch to a secure connection. Alternatively, keep SSL and try port 465 (which is the deprecated port for a complete SSL/TLS connection).

We support just about every variation of authenticated sending - it's just a question of deciphering the connecting client's options.

I'm pretty sure the problem here is either zoho or zoho configuration. Has anyone requested support from zoho on this issue?

jamie

comment:13 Changed 5 years ago by https://id.mayfirst.org/ross

  • Resolution set to worksforme
  • Status changed from new to closed

It's hard to imagine that this has not been resolved. I'm closing the ticket.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.