LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-03-2013, 11:24 PM   #1
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Rep: Reputation: 15
maillog error found


Hi

I have postfix in my centos 6.4 testing in same lan ip address i can able to connect thru thunderbird and any mail apps.

but when i go home using my laptop i trying to setup my account in thunderbird
i got always failed to connect check username and password but i believe it is correct.

so what i did is to get the logfile under maillog

logfile: set to auto for SSL
Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2

logfile:
IMAP forcing to port 993, SSL/TLS and authetication Autodetect
SMTP forcing to port 25, None and Autodetect
Oct 4 10:27:44 mail dovecot: imap-login: Disconnected (no auth attempts): rip=180.191.139.31, lip=10.0.0.2,
TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42


i was hoping someone can help and fix


thanks

Last edited by cheesewizz; 10-03-2013 at 11:30 PM.
 
Old 10-03-2013, 11:51 PM   #2
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
Quote:
I have postfix in my centos 6.4 testing in same lan ip address i can able to connect thru thunderbird and any mail apps.

but when i go home using my laptop i trying to setup my account in thunderbird
i got always failed to connect check username and password but i believe it is correct.
So that means postfix is not configured to work out of your LAN. you may need to configure it a bit more. Search on google uncle has many solutions.

Last edited by SAbhi; 10-03-2013 at 11:58 PM.
 
Old 10-04-2013, 01:02 AM   #3
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by SAbhi View Post
So that means postfix is not configured to work out of your LAN. you may need to configure it a bit more. Search on google uncle has many solutions.

Hi

searching in google last 2 weeks ago and till now
still not fix.


i wish someone can guide me and pinpoint the exact problem of my configuration.


thanks
 
Old 10-04-2013, 01:37 AM   #4
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
So you need some pre-requisites;

1. A DNS 'A' record to be set at a minimum.
2. check if you are able to
Code:
telnet your_mail_server.com 25
3. inet_interfaces = all # is set in main.cf


This could be of help.
 
Old 10-04-2013, 02:10 AM   #5
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
hi cheesewizz, what SAbhi is pointing out. It works okay on your Local network.

But to work outside your LAN, you need to configure postfix on these items below:

1. DNS Host Record "A" record (configure on your DNS server or in your ISP)

2. Domain Name

3. If you are behind a firewall, or your server is on DMZ.
You will need to do port forwarding.
Natted IP to Public IP and of course also Public IP to Natted IP (which is the IP Address of your server)

4. On your server, router or firewall you need to open the ports to the external world
such as port 25,port 993, port 465 or check postfix documentation which ports are needed
NOTE: don't open all the ports you will get a nasty surprise, just open the ports needed

5. Once you configured to open the ports in your router or firewall and have setup the port forwarding also.
You need to check in SELINUX CentOS Firewall if indeed the ports are open.
(but I believe its open since it works on your LAN but it doesn't hurt to double check)

6. To check if the ports are open to the external world.
You can use dyndns port checker tool.
http://dyn.com/support/ (scroll down to Open Port Tool, you will need an account to use the tool)

Good luck!!!

Last edited by JJJCR; 10-04-2013 at 02:10 AM. Reason: edit
 
Old 10-04-2013, 02:17 AM   #6
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,382

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Quote:
Originally Posted by cheesewizz View Post
Oct 4 10:27:44 mail dovecot: imap-login: Disconnected (no auth attempts): rip=180.191.139.31, lip=10.0.0.2,
TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
^^This.
Seems to be getting to it OK, but the SSL handshake is failing.
Check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?
 
Old 10-04-2013, 02:48 AM   #7
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Unhappy

Quote:
Originally Posted by JJJCR View Post
hi cheesewizz, what SAbhi is pointing out. It works okay on your Local network.

But to work outside your LAN, you need to configure postfix on these items below:

1. DNS Host Record "A" record (configure on your DNS server or in your ISP)

2. Domain Name

3. If you are behind a firewall, or your server is on DMZ.
You will need to do port forwarding.
Natted IP to Public IP and of course also Public IP to Natted IP (which is the IP Address of your server)

4. On your server, router or firewall you need to open the ports to the external world
such as port 25,port 993, port 465 or check postfix documentation which ports are needed
NOTE: don't open all the ports you will get a nasty surprise, just open the ports needed

5. Once you configured to open the ports in your router or firewall and have setup the port forwarding also.
You need to check in SELINUX CentOS Firewall if indeed the ports are open.
(but I believe its open since it works on your LAN but it doesn't hurt to double check)

6. To check if the ports are open to the external world.
You can use dyndns port checker tool.
http://dyn.com/support/ (scroll down to Open Port Tool, you will need an account to use the tool)

Good luck!!!
Hi

My Postfix mail its not behind the firewall my public ip is directly assigned
I disable the ipables.

the domain name its working fine
port 25, 993,465 or 995 are open


headeache
 
Old 10-04-2013, 03:05 AM   #8
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by descendant_command View Post
^^This.
Seems to be getting to it OK, but the SSL handshake is failing.
Check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?
I followed this site here


thanks
 
Old 10-04-2013, 03:28 AM   #9
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,382

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Quote:
Originally Posted by cheesewizz View Post
I followed this site here
That's nice dear ...

Now, check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?
 
Old 10-04-2013, 04:49 AM   #10
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by descendant_command View Post
That's nice dear ...

Now, check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?
Hi

How do i check my SSL setup?


thanks
 
Old 10-04-2013, 04:57 AM   #11
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
from the site that you followed, set the settings below just to isolate whether SASL is causing the issue.

if it doesn't work, revert it back to the original settings.

smtpd_sasl_auth_enable = no
broken_sasl_auth_clients = no

try adding this one as well:
smtpd_tls_security_level = none

if it works without the tls security then you need to consider looking on the certificate files that you generated

http://www.krizna.com/centos/setup-m...r-in-centos-6/

Quote:
myhostname = mail.krizna.com
mydomain = krizna.com
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Last edited by JJJCR; 10-04-2013 at 09:39 AM. Reason: edit
 
Old 10-04-2013, 05:20 AM   #12
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
in dovecot.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no
 
Old 10-04-2013, 06:30 AM   #13
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
Aah why there are multiple meanings derived from my post ??

check back to telnet the server to port 25... see how its rejecting the connections ..

share what's there in /etc/postfix/master.cf

the issue may lies there if connections are rejected by SASL.

Last edited by SAbhi; 10-04-2013 at 06:33 AM.
 
Old 10-04-2013, 08:51 PM   #14
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by SAbhi View Post
So you need some pre-requisites;

1. A DNS 'A' record to be set at a minimum.
2. check if you are able to
Code:
telnet your_mail_server.com 25
3. inet_interfaces = all # is set in main.cf


This could be of help.

Hi

Using telnet before it was ok
but now
[root@mail postfix]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root
250 2.1.0 Ok
rcpt to: rtest
554 5.7.1 <localhost[::1]>: Client host rejected: Access denied


[root@mail postfix]# telnet mail.example.com 25
Trying xxx.xxx.xxx.xxx
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root
250 2.1.0 Ok
rcpt to: rtest
554 5.7.1 <mail.example.com[xxx.xxx.xxx]>: Client host rejected: Access denied
554 5.5.1 Error: no valid recipients


thanks

---------- Post added 10-05-13 at 12:52 AM ----------

Quote:
Originally Posted by JJJCR View Post
in dovecot.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes

Last edited by cheesewizz; 10-04-2013 at 08:57 PM.
 
Old 10-04-2013, 08:53 PM   #15
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by JJJCR View Post
from the site that you followed, set the settings below just to isolate whether SASL is causing the issue.

if it doesn't work, revert it back to the original settings.

smtpd_sasl_auth_enable = no
broken_sasl_auth_clients = no

try adding this one as well:
smtpd_tls_security_level = none

if it works without the tls security then you need to consider looking on the certificate files that you generated

http://www.krizna.com/centos/setup-m...r-in-centos-6/

ok i modified some

but stil got failed

Oct 5 08:52:46 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
Oct 5 08:52:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The problem found on maillog,please help. ggirls Linux - Newbie 9 08-23-2011 09:53 AM
The problem found on maillog, please help ggirls Linux - Enterprise 1 08-20-2011 03:12 AM
DSN 5.1.3 Error in MailLog nixusr Linux - Server 0 02-15-2008 04:36 PM
why is maillog on my server getting created in /var/log/maillog.3 ? weblink_dipti Linux - Software 2 06-16-2007 05:47 AM
Error 10216 in Maillog? SlowCoder Linux - General 1 02-08-2007 08:13 AM


All times are GMT -5. The time now is 06:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration