Bootstrap FreeKB - Postfix (Email) - Resolve "Unauthenticated senders not allowed" with SendGrid relay
Postfix (Email) - Resolve "Unauthenticated senders not allowed" with SendGrid relay
Updated:   |  Postfix (Email) articles

Let's say you have Postfix configured to relay email through SendGrid. In this scenario, /etc/postfix/main.cf should have the following.

relayhost = [smtp.sendgrid.com]:587

 

Let's say you are getting 550 Unauthenticated senders not allowed. In this example, the "sender" is jeremy.canfield@freekb.net (that's me).

Feb 12 02:55:55 ip-172-31-19-227 postfix/smtp[24083]: 272F38B9CB7: to=<jane.doe@example.com>, relay=smtp.sendgrid.net[167.89.115.53]:587, delay=0.26, delays=0.24/0.01/0.01/0, dsn=5.0.0, status=bounced (host smtp.sendgrid.net[167.89.115.53] said: 550 Unauthenticated senders not allowed (in reply to MAIL FROM command))

 

Include the following in /etc/postfix/main.cf.

AVOID TROUBLE

There are similar directives, one that starts with smtp_ and the other that starts with smtpd_. For SendGrid you must use the smtp_ directives.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000

 

Verify Sender

In your SendGrid account, ensure your "sender" is "verified".

 

Notice in this example that a relay is being used (relay=smtp.sendgrid.net). Check out my article on setting up Postfix with a relay. In this scenario, the credentials being used to authenticate to the relay will be in the /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db files.

~]# cat /etc/postfix/sasl_passwd
[smtp.sendgrid.net]:587 apikey:SA.14Hj6fh1RBSXoatMt4f5hg.zOhdOFKuitjqOtWatZXmGefxDMFDWIIElNhe7vb78z9

 

The strings command can be used to view the contents of the sasl_passwd.db file.

~]# strings /etc/postfix/sasl_passwd.db
apikey:SA.14Hj6fh1RBSXoatMt4f5hg.zOhdOFKuitjqOtWatZXmGefxDMFDWIIElNhe7vb78z9
[smtp.sendgrid.net]:587

 

SASL

The credentials being used to authenticate to the relay will be in the /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db files.

~]# cat /etc/postfix/sasl_passwd
[smtp.sendgrid.net]:587 apikey:SA.14Hj6fh1RBSXoatMt4f5hg.zOhdOFKuitjqOtWatZXmGefxDMFDWIIElNhe7vb78z9

 

The strings command can be used to view the contents of the sasl_passwd.db file.

~]# strings /etc/postfix/sasl_passwd.db
apikey:SA.14Hj6fh1RBSXoatMt4f5hg.zOhdOFKuitjqOtWatZXmGefxDMFDWIIElNhe7vb78z9
[smtp.sendgrid.net]:587

 

API KEY

With SendGrid in particular, the SendGrid REST API can be used to determine if you are able to authenticate with the API Key.

curl --header "Authorization: Bearer SA.14Hj6fh1RBSXoatMt4f5hg.zOhdOFKuitjqOtWatZXmGefxDMFDWIIElNhe7vb78z9" --request GET --url https://api.sendgrid.com/v3/api_keys

 

If the authentication is successful, something like this should be returned, listing the API Keys for the user.

{
    "result": [
        {
            "api_key_id": "5dKz6fh1RBSXVk34twvI23",
            "name": "default"
        }
    ]
}

 

If you are getting this error when using an email client, such as Outlook or Mozilla Thunderbird or emClient, ensure the client is using the appropriate SMTP port (587 in this example).

 

If running an EC2 instance on AWS, ensure the Security Group allows incoming on SMTP port 587.

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 721d0e in the box below so that we can be sure you are a human.