LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-24-2010, 03:41 PM   #1
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Rep: Reputation: 0
centOS 5 - postfix setup, connecting with telnet not responding


Trying to setup a postfix mail server

when ever I try connecting to port 25 through telnet:
telnet localhost 25

I get:

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.

Then what ever I type after that I won't get a response.

I think the problem might be postfix isn't listening on port 25.

When I run: fuser -v -n tcp 25
USER PID ACCESS COMMAND
25/tcp: root 25388 F.... master


and when I do: service postfix status
master (pid 25388) is running...


Any help is appreciated.
 
Old 07-24-2010, 04:25 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Hi,
After connection give EHLO to get a response from server

Regards

Last edited by bathory; 07-24-2010 at 04:30 PM.
 
Old 07-24-2010, 05:55 PM   #3
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
Hey thanks,

I've given that a try and not able to get a response back.
It doesn't seem to respond to anything I type.


telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.

EHLO
 
Old 07-25-2010, 01:13 AM   #4
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
Not sure if it helps but this:
openssl s_client -starttls smtp -connect localhost:25 -debug

gave:
CONNECTED(00000003)
read from 0x1d3da1c0 [0x1d3db0b0] (4096 bytes => 47 (0x2F))
0000 - 32 32 30 20 6d 61 69 6c-2e 63 72 69 6d 69 6e 61 220 mail.crimina
0010 - 6c 2d 73 79 6e 64 69 63-61 74 65 2e 63 6f 6d 20 l-syndicate.com
0020 - 45 53 4d 54 50 20 50 6f-73 74 66 69 78 0d 0a ESMTP Postfix..
write to 0x1d3da1c0 [0x1d3dc0c0] (25 bytes => 25 (0x19))
0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0a ent.net..
read from 0x1d3da1c0 [0x1d3db0b0] (4096 bytes => 150 (0x96))
0000 - 32 35 30 2d 6d 61 69 6c-2e 63 72 69 6d 69 6e 61 250-mail.crimina
0010 - 6c 2d 73 79 6e 64 69 63-61 74 65 2e 63 6f 6d 0d l-syndicate.com.
0020 - 0a 32 35 30 2d 50 49 50-45 4c 49 4e 49 4e 47 0d .250-PIPELINING.
0030 - 0a 32 35 30 2d 53 49 5a-45 20 31 30 32 34 30 30 .250-SIZE 102400
0040 - 30 30 0d 0a 32 35 30 2d-56 52 46 59 0d 0a 32 35 00..250-VRFY..25
0050 - 30 2d 45 54 52 4e 0d 0a-32 35 30 2d 53 54 41 52 0-ETRN..250-STAR
0060 - 54 54 4c 53 0d 0a 32 35-30 2d 45 4e 48 41 4e 43 TTLS..250-ENHANC
0070 - 45 44 53 54 41 54 55 53-43 4f 44 45 53 0d 0a 32 EDSTATUSCODES..2
0080 - 35 30 2d 38 42 49 54 4d-49 4d 45 0d 0a 32 35 30 50-8BITMIME..250
0090 - 20 44 53 4e 0d 0a DSN..
write to 0x1d3da1c0 [0x7fff2ef78770] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
read from 0x1d3da1c0 [0x1d34b1d0] (8192 bytes => 50 (0x32))
0000 - 34 35 34 20 34 2e 33 2e-30 20 54 4c 53 20 6e 6f 454 4.3.0 TLS no
0010 - 74 20 61 76 61 69 6c 61-62 6c 65 20 64 75 65 20 t available due
0020 - 74 6f 20 6c 6f 63 61 6c-20 70 72 6f 62 6c 65 6d to local problem
0030 - 0d 0a ..
write to 0x1d3da1c0 [0x1d3db0b0] (121 bytes => 121 (0x79))
0000 - 80 77 01 03 01 00 4e 00-00 00 20 00 00 39 00 00 .w....N... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../.......
0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @...............
0050 - 00 00 03 02 00 80 00 00-ff 63 c2 d2 0b f9 37 02 .........c....7.
0060 - 29 bc d7 cf d3 2b fc 62-49 55 9c 17 8e de 90 46 )....+.bIU.....F
0070 - a8 96 de 99 a1 10 98 fb-24 ........$
read from 0x1d3da1c0 [0x1d3e0610] (7 bytes => 7 (0x7))
0000 - 35 30 32 20 35 2e 35 502 5.5
32342:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588:

I'm not sure whats going on, am I missing a dependency some where?
 
Old 07-25-2010, 04:58 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Take a look here to see how to debug postfix.

Regards
 
Old 07-25-2010, 04:07 PM   #6
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
hi bathory,
Thanks that helped me fix a misspelling configuration that wasn't coming up in the maillog. telnet seems to be working and able to authenticate users:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.criminal-syndicate.com ESMTP Postfix
EHLO mail.criminal-syndicate.com
250-mail.criminal-syndicate.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHR1c3QAMTIzNDU=
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

But when I try:

openssl s_client -starttls smtp -connect localhost:25

still getting:
32342:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588:

I've made sure that mod_ssl, cyrus-sasl, cyrus-sasl-lib, and syrus-sasl-plain are all installed.

Any suggestions?
 
Old 07-25-2010, 05:04 PM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Maybe you hit this bug
 
Old 07-25-2010, 09:56 PM   #8
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
Hey thanks a ton, that is defiantly the problem.

I haven't had to apply a patch in Linux yet.

I'm not able to find the file s_client.c on my system guessing I will need to download the source code for openssl and then add the patch with patch -u command. Then rebuild it in gcc?

Or is there an easier way I'm not aware of?

Sorry for all the questions .
 
Old 07-26-2010, 01:01 AM   #9
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
What is the version of openssl installed in your box? Because this bug is from 2005, so I guess there should be already fixed.
Anyway you might use your package manager to upgrade openssl version if possible, or d/l the srpm, patch and install. Dunno how it's done because I don't use an rpm based distro

Regards
 
Old 07-26-2010, 11:53 AM   #10
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks,
The version I have is 0.9.8e which is the latest for YUM, the bug was for 0.9.8a.

Installed 1.0.0 with:
wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz && tar xzf openssl-1.0.0a.tar.gz && cd openssl-1.0.0a && ./config && make && make test && make install

I think it might be using the old version still though is there any config I need to change to show it when the new install is?
 
Old 07-26-2010, 02:50 PM   #11
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Hi,

Since you've use just a plain ./config, openssl is installed under /usr/local/ssl
So you can use:
Code:
/usr/local/ssl/bin/openssl s_client -starttls smtp -connect localhost:25
Can't you test starttls with gnutls-cli?
 
Old 07-26-2010, 11:37 PM   #12
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
haven't used gnutls-cli, i might be using the command wrong but when I try something like:
gnutls-cli --crlf --starttls
I get:
-bash: gnutls-cli: command not found

I can see it's installed in my rpm:
Package gnutls-1.4.1-3.el5_4.8.x86_64 already installed and latest version


When I try: /usr/local/ssl/bin/openssl s_client -starttls smtp -connect localhost:25

still seem to be getting the same error, and some additional ones but I think its they way I have the location of my certs setup in config:
CONNECTED(00000003)
47923882121184:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:683:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 298 bytes and written 245 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
 
Old 07-27-2010, 01:48 AM   #13
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Hi,

Take a look at this (need to scroll down to the end of the page), to see the settings you need to change in postfix configuration when you meet this error.

Regards
 
Old 07-27-2010, 12:38 PM   #14
Cendent
LQ Newbie
 
Registered: Jul 2010
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks a ton provided a lot of information.

After turning that extra debug on saw that there was problems loading the auth_key. Once I unencrypted the key was able to get the correct output from: openssl s_client -starttls smtp -connect localhost:25

But when I try sending email to host that require user verification getting this in the maillog:

to=<cendent@syndicate-gaming.com>, relay=syndicate-gaming.com[70.40.210.80]:25, delay=0.4, delays=0.02/0.01/0.29/0.08, dsn=5.0.0, status=bounced (host syndicate-gaming.com[70.40.210.80] said: 550-Verification failed for <cendent@criminal-syndicate.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))


Not sure if it helps but here's my postconf -n
alias_database = hash:/etc/postfix/virtual
alias_maps = hash:/etc/postfix/virtual
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 20
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost
mydomain = criminal-syndicate.com
myhostname = mail.criminal-syndicate.com
myorigin = criminal-syndicate.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destinations, reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sas1_authenticated check_sender_access hash:/etc/postfix/access reject_unknown_sender_domain, reject_non_fqdn_sender, reject_rhsbl_sender dsn.rfc-ignorant.org
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mail_criminal-syndicate_com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail_criminal-syndicate_com.key
smtpd_tls_security_level = may
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
 
Old 07-27-2010, 02:49 PM   #15
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,524

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Quote:
550-Verification failed for <cendent@criminal-syndicate.com> 550-No Such User Here
I'm not a postfix expert, but does this user actually exists? Can you send an email to that account from elsewhere (e.g. gmail)?

Last edited by bathory; 07-27-2010 at 06:30 PM. Reason: typo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setup Postfix as Null Client (CentOS) novice32 Linux - Software 3 04-15-2010 07:09 PM
Centos 5.x: Postfix not sending emails via telnet, no error on logs? klabacita Linux - Server 2 12-09-2009 03:47 AM
How to setup reverse dns check in Postfix ( CENTOS 5 ) ? dlugasx Linux - Server 1 11-04-2009 08:51 AM
How to setup ASSP-1.5.x + Postfix in Redhat Linux 5.2 or Centos? abhandari Red Hat 1 08-20-2009 10:25 PM
How to setup mysql and saslauthd with postfix (CentOS 5.3) Guardian-Mage Linux - Server 10 04-21-2009 07:05 AM


All times are GMT -5. The time now is 07:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration