centOS 5 - postfix setup, connecting with telnet not responding
Trying to setup a postfix mail server
when ever I try connecting to port 25 through telnet: telnet localhost 25 I get: Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. Then what ever I type after that I won't get a response. I think the problem might be postfix isn't listening on port 25. When I run: fuser -v -n tcp 25 USER PID ACCESS COMMAND 25/tcp: root 25388 F.... master and when I do: service postfix status master (pid 25388) is running... Any help is appreciated. |
Hi,
After connection give EHLO to get a response from server Regards |
Hey thanks,
I've given that a try and not able to get a response back. It doesn't seem to respond to anything I type. telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. EHLO |
Not sure if it helps but this:
openssl s_client -starttls smtp -connect localhost:25 -debug gave: CONNECTED(00000003) read from 0x1d3da1c0 [0x1d3db0b0] (4096 bytes => 47 (0x2F)) 0000 - 32 32 30 20 6d 61 69 6c-2e 63 72 69 6d 69 6e 61 220 mail.crimina 0010 - 6c 2d 73 79 6e 64 69 63-61 74 65 2e 63 6f 6d 20 l-syndicate.com 0020 - 45 53 4d 54 50 20 50 6f-73 74 66 69 78 0d 0a ESMTP Postfix.. write to 0x1d3da1c0 [0x1d3dc0c0] (25 bytes => 25 (0x19)) 0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli 0010 - 65 6e 74 2e 6e 65 74 0d-0a ent.net.. read from 0x1d3da1c0 [0x1d3db0b0] (4096 bytes => 150 (0x96)) 0000 - 32 35 30 2d 6d 61 69 6c-2e 63 72 69 6d 69 6e 61 250-mail.crimina 0010 - 6c 2d 73 79 6e 64 69 63-61 74 65 2e 63 6f 6d 0d l-syndicate.com. 0020 - 0a 32 35 30 2d 50 49 50-45 4c 49 4e 49 4e 47 0d .250-PIPELINING. 0030 - 0a 32 35 30 2d 53 49 5a-45 20 31 30 32 34 30 30 .250-SIZE 102400 0040 - 30 30 0d 0a 32 35 30 2d-56 52 46 59 0d 0a 32 35 00..250-VRFY..25 0050 - 30 2d 45 54 52 4e 0d 0a-32 35 30 2d 53 54 41 52 0-ETRN..250-STAR 0060 - 54 54 4c 53 0d 0a 32 35-30 2d 45 4e 48 41 4e 43 TTLS..250-ENHANC 0070 - 45 44 53 54 41 54 55 53-43 4f 44 45 53 0d 0a 32 EDSTATUSCODES..2 0080 - 35 30 2d 38 42 49 54 4d-49 4d 45 0d 0a 32 35 30 50-8BITMIME..250 0090 - 20 44 53 4e 0d 0a DSN.. write to 0x1d3da1c0 [0x7fff2ef78770] (10 bytes => 10 (0xA)) 0000 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 0x1d3da1c0 [0x1d34b1d0] (8192 bytes => 50 (0x32)) 0000 - 34 35 34 20 34 2e 33 2e-30 20 54 4c 53 20 6e 6f 454 4.3.0 TLS no 0010 - 74 20 61 76 61 69 6c 61-62 6c 65 20 64 75 65 20 t available due 0020 - 74 6f 20 6c 6f 63 61 6c-20 70 72 6f 62 6c 65 6d to local problem 0030 - 0d 0a .. write to 0x1d3da1c0 [0x1d3db0b0] (121 bytes => 121 (0x79)) 0000 - 80 77 01 03 01 00 4e 00-00 00 20 00 00 39 00 00 .w....N... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../....... 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................ 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @............... 0050 - 00 00 03 02 00 80 00 00-ff 63 c2 d2 0b f9 37 02 .........c....7. 0060 - 29 bc d7 cf d3 2b fc 62-49 55 9c 17 8e de 90 46 )....+.bIU.....F 0070 - a8 96 de 99 a1 10 98 fb-24 ........$ read from 0x1d3da1c0 [0x1d3e0610] (7 bytes => 7 (0x7)) 0000 - 35 30 32 20 35 2e 35 502 5.5 32342:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588: I'm not sure whats going on, am I missing a dependency some where? |
|
hi bathory,
Thanks that helped me fix a misspelling configuration that wasn't coming up in the maillog. telnet seems to be working and able to authenticate users: telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.criminal-syndicate.com ESMTP Postfix EHLO mail.criminal-syndicate.com 250-mail.criminal-syndicate.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN AHR1c3QAMTIzNDU= 235 2.0.0 Authentication successful quit 221 2.0.0 Bye Connection closed by foreign host. But when I try: openssl s_client -starttls smtp -connect localhost:25 still getting: 32342:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588: I've made sure that mod_ssl, cyrus-sasl, cyrus-sasl-lib, and syrus-sasl-plain are all installed. Any suggestions? |
Maybe you hit this bug
|
Hey thanks a ton, that is defiantly the problem.
I haven't had to apply a patch in Linux yet. I'm not able to find the file s_client.c on my system guessing I will need to download the source code for openssl and then add the patch with patch -u command. Then rebuild it in gcc? Or is there an easier way I'm not aware of? Sorry for all the questions :). |
What is the version of openssl installed in your box? Because this bug is from 2005, so I guess there should be already fixed.
Anyway you might use your package manager to upgrade openssl version if possible, or d/l the srpm, patch and install. Dunno how it's done because I don't use an rpm based distro Regards |
Thanks,
The version I have is 0.9.8e which is the latest for YUM, the bug was for 0.9.8a. Installed 1.0.0 with: wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz && tar xzf openssl-1.0.0a.tar.gz && cd openssl-1.0.0a && ./config && make && make test && make install I think it might be using the old version still though is there any config I need to change to show it when the new install is? |
Hi,
Since you've use just a plain ./config, openssl is installed under /usr/local/ssl So you can use: Code:
/usr/local/ssl/bin/openssl s_client -starttls smtp -connect localhost:25 |
haven't used gnutls-cli, i might be using the command wrong but when I try something like:
gnutls-cli --crlf --starttls I get: -bash: gnutls-cli: command not found I can see it's installed in my rpm: Package gnutls-1.4.1-3.el5_4.8.x86_64 already installed and latest version When I try: /usr/local/ssl/bin/openssl s_client -starttls smtp -connect localhost:25 still seem to be getting the same error, and some additional ones but I think its they way I have the location of my certs setup in config: CONNECTED(00000003) 47923882121184:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:683: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 298 bytes and written 245 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- |
Hi,
Take a look at this (need to scroll down to the end of the page), to see the settings you need to change in postfix configuration when you meet this error. Regards |
Thanks a ton provided a lot of information.
After turning that extra debug on saw that there was problems loading the auth_key. Once I unencrypted the key was able to get the correct output from: openssl s_client -starttls smtp -connect localhost:25 But when I try sending email to host that require user verification getting this in the maillog: to=<cendent@syndicate-gaming.com>, relay=syndicate-gaming.com[70.40.210.80]:25, delay=0.4, delays=0.02/0.01/0.29/0.08, dsn=5.0.0, status=bounced (host syndicate-gaming.com[70.40.210.80] said: 550-Verification failed for <cendent@criminal-syndicate.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command)) Not sure if it helps but here's my postconf -n alias_database = hash:/etc/postfix/virtual alias_maps = hash:/etc/postfix/virtual broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 html_directory = no inet_interfaces = all local_destination_concurrency_limit = 2 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost mydomain = criminal-syndicate.com myhostname = mail.criminal-syndicate.com myorigin = criminal-syndicate.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_use_tls = yes smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destinations, reject_rbl_client bl.spamcop.net smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sas1_authenticated check_sender_access hash:/etc/postfix/access reject_unknown_sender_domain, reject_non_fqdn_sender, reject_rhsbl_sender dsn.rfc-ignorant.org smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/mail_criminal-syndicate_com.crt smtpd_tls_key_file = /etc/pki/tls/private/mail_criminal-syndicate_com.key smtpd_tls_security_level = may soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual |
Quote:
|
yea, I can send and email to the account from my gmail account fine. Logged in with the user cendent, and read the mail from the gmail account.
I can also send mail to my gmail account with user cendent, I think this is because gmail doesn't require a user auth. |
Well I don't, since you can send to gmail. From what I can understand, the other server (syndicate-gaming.com gets) gets confused about the user (same uid) at your server (criminal-syndicate.com), when it tries to verify if that user actually exists.
|
Yea your 100% right about that :)
I have my domains registered through a different hosting company with the dns pointing to the correct servers. But when I'm sending between two of the domains it looks for a local user and never bothers to do an actual dns lookup makes sense, all is working. Thanks a bunch for all your help. |
All times are GMT -5. The time now is 11:53 PM. |