LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-04-2013, 08:58 PM   #16
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15

here is my main.cf

[root@mail postfix]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = example.com
myhostname = mail.example.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = none
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
[root@mail postfix]#
 
Old 10-04-2013, 08:59 PM   #17
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
master.cf

# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_reject_unlisted_sender=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
 
Old 10-04-2013, 09:01 PM   #18
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
maillog file:

Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
 
Old 10-04-2013, 09:03 PM   #19
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Maillog:

Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
 
Old 10-04-2013, 09:48 PM   #20
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,380

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Code:
smtpd_sasl_auth_enable = no
Quote:
Code:
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
It is doing exactly what you have told it.

You also still seem to have an SSL problem.
 
Old 10-04-2013, 11:05 PM   #21
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
I have BIND which installed same machine

here is my config:

$ttl 38400
@ IN SOA mail.example.com. root.mail.example.com. (
930201302
10801
3600
604800
38400 )
@ IN NS mail.example.com.
@ IN MX 11 mail.example.com.
mail.example.com. IN A xxx.xxx.xxx.xxx
www IN CNAME mail.example.com.

thanks
 
Old 10-04-2013, 11:15 PM   #22
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
yesterday i setup new centos 6.4 in other machine
with postfix basic setup

postfix is up and dovecot is up
but ssl not yet configure

still in same network or subnet i can able to connect using thunderbird send and recieved

but

if im going to connect using other Internet Connection for example broadband
still im getting failed

i checked on the log maillog
Oct 5 11:12:25 ns2 dovecot: imap-login: Aborted login (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx


settings under thunderbird:

Incoming IMAP
Server hostname: xxx.xxx.xxx.xxx
Port: 143
SSL: none
Authentication : Autodetect

Outgoing: SMTP
Server hostname: xxx.xxx.xxx.xxx
Port:25
SSL: none
Authentication: No Authentication


so meaning i dont have SSL in my centos 6.4 but i still got error




thanks
 
Old 10-04-2013, 11:37 PM   #23
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Hi

i followed this site to enable the logging

here is my log:


Oct 05 11:29:39 auth: Debug: client out: OK 1 user=rsumook
Oct 05 11:29:39 auth: Debug: master in: REQUEST 2933260289 2348 1 09b0344d35547bcdee746a337b3d17e5
Oct 05 11:29:39 auth: Debug: passwd(rsumook,119.92.56.75): lookup
Oct 05 11:29:39 auth: Debug: master out: USER 2933260289 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook
Oct 05 11:29:39 pop3-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=2352, secured
Oct 05 11:29:39 pop3(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook
Oct 05 11:29:39 pop3(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir
Oct 05 11:29:39 pop3(rsumook): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Oct 05 11:32:24 master: Warning: Killed with signal 15 (by pid=2368 uid=0 code=kill)
Oct 05 11:32:25 master: Info: Dovecot v2.0.9 starting up (core dumps disabled)
Oct 05 11:32:38 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Oct 05 11:32:38 auth: Debug: auth client connected (pid=2392)
Oct 05 11:32:38 auth: Debug: client in: AUTH 1 PLAIN service=pop3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx lport=110 rport=52214 resp=AHJzdW1vb2sAc3Vtb29rcg==
Oct 05 11:32:38 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Oct 05 11:32:38 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): lookup service=dovecot
Oct 05 11:32:38 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): #1/1 style=1 msg=Password:
Oct 05 11:32:38 auth: Debug: client out: OK 1 user=rsumook
Oct 05 11:32:38 auth: Debug: master in: REQUEST 562561025 2392 1 706a93a28533dcfc7c55ce4f0264d18f
Oct 05 11:32:38 auth: Debug: passwd(rsumook,xxx.xxx.xxx.xxx): lookup
Oct 05 11:32:38 auth: Debug: master out: USER 562561025 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook
Oct 05 11:32:38 pop3-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=2398, secured
Oct 05 11:32:38 pop3(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook
Oct 05 11:32:38 pop3(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir
Oct 05 11:32:38 pop3(rsumook): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Oct 05 11:32:51 auth: Debug: auth client connected (pid=2403)
Oct 05 11:32:52 imap-login: Info: Aborted login (no auth attempts): rip=xxx.xxx.xxx.xxx1, lip=xxx.xxx.xxx.xxx
 
Old 10-05-2013, 01:35 AM   #24
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
Quote:
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = none
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
you are your self confusing the setup.. see above your configs.

and see below for master.cf:
Quote:
# -o smtpd_tls_security_level=encrypt
-o smtpd_reject_unlisted_sender=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
i strongly recommend undo what you have done so far have your configs works as simple first and then follow a good step by step documentation. decide first what you want enabling tls, ssl, SASL.. or not.
 
Old 10-05-2013, 02:39 AM   #25
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by SAbhi View Post
you are your self confusing the setup.. see above your configs.

and see below for master.cf:


i strongly recommend undo what you have done so far have your configs works as simple first and then follow a good step by step documentation. decide first what you want enabling tls, ssl, SASL.. or not.
Hi

i revert it back

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = mail.example.com
myhostname = mail.example.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550


master.cf
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_reject_unlisted_sender=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd


but i still get error:

Oct 5 14:33:20 mail dovecot: imap-login: Disconnected (no auth attempts): rip=112.72.46.74, lip=10.0.0.2
Oct 5 14:37:24 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.93.123.187, lip=10.0.0.2



thanks

Last edited by cheesewizz; 10-05-2013 at 02:44 AM.
 
Old 10-05-2013, 02:53 AM   #26
cheesewizz
Member
 
Registered: Aug 2004
Location: Philippines
Distribution: Centos
Posts: 221

Original Poster
Rep: Reputation: 15
I still get error (no auth attempts)


im so hopeless ;(
 
Old 10-05-2013, 04:10 AM   #27
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by cheesewizz View Post
Code:
Oct  5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
It's a self-signed cert, try explicitly retrieving it: Thunderbird > Edit > Preferences > Advanced > Certificates > Servers > Add Exception. Enter host name and port and accept the exception. Now connect and see it IMAPS works.
 
Old 10-05-2013, 04:12 AM   #28
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by SAbhi View Post
Search on google uncle has many solutions.
This is not how LQ should work: please avoid redirecting people to a search engine.
 
1 members found this post helpful.
Old 10-05-2013, 05:09 AM   #29
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
Smile

Quote:
Originally Posted by cheesewizz View Post
maillog file:

Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Pre, check out this link install Intermediate Dovecot Certificate:

http://nl.globalsign.com/en/support/...l+certificate/

check it out it might help.

got the idea from this link:
http://www.dovecot.org/list/dovecot/...ry/062981.html

Cheers!! hope you nail it. Keep us posted.
 
Old 10-05-2013, 06:37 AM   #30
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
Cool

Quote:
Originally Posted by unSpawn View Post
This is not how LQ should work: please avoid redirecting people to a search engine.
agree with you unSpawn.. two thumbs up!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The problem found on maillog,please help. ggirls Linux - Newbie 9 08-23-2011 09:53 AM
The problem found on maillog, please help ggirls Linux - Enterprise 1 08-20-2011 03:12 AM
DSN 5.1.3 Error in MailLog nixusr Linux - Server 0 02-15-2008 04:36 PM
why is maillog on my server getting created in /var/log/maillog.3 ? weblink_dipti Linux - Software 2 06-16-2007 05:47 AM
Error 10216 in Maillog? SlowCoder Linux - General 1 02-08-2007 08:13 AM


All times are GMT -5. The time now is 06:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration