|
postfix relay problem
Hi,
I've installed debian woody running as my web server and I've just installed Postfix to act as the mail server. I'm having problems sending and receiving mail from within my mail client Thunderbird. I am using an external SMTP server at the minute to send mail and get: <<< 554 <me@mydomain.org>: Relay access denied 554 5.0.0 <me@mydomain.org>... Service unavailable My main.cf looks like this: # see /usr/share/postfix/main.cf.dist for a commented, fuller # version of this file. # Do not change these directory settings - they are critical to Postfix # operation. command_directory = /usr/sbin daemon_directory = /usr/lib/postfix program_directory = /usr/lib/postfix smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) setgid_group = postdrop biff = no # appending .domain is the MUA's job. append_dot_mydomain = no myhostname = lobo alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain relayhost = mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination mail_owner = postfix Has anyone got any ideas please. Thanks Steve |
is $mydomain properly defined?
try adding the ip range of you system to mynetworks = 127.0.0.0/8 otherwise you are limited to connections to localhost |
that's sorted it ... thanks very much.
I'm still having a few problems with DNS though. I can send and receive mail to and from me@mydomain.com but that is because I have the pop and smtp servers set to my internal IP address. Has anyone got any pointers to getting the DNS piece sorted. Links to detailed HowTos or FAQs or a detailed explanation here for a struggling newbie will be much appreciated !! Cheers |
|
I'm not sure if I'm asking the right question here ....
My broadband router is allowing NAT which is also my DNS server, so I don't really need to set my mail server up as a DNS server. My domain is pointing to my IP address fine. I am able to e-mail from a totally different e-mail account, which is outside of my network, and I receive that mail when the pop server is set to 192.168.4.10. I suspect there are some simple config files settings that will allow me to use my router as it's primary DNS server. I'm really having trouble understanding how this setup will resolve DNS. Any other ideas ? Thanks |
Hi there,
the howto above is definitely a great reference, and thorough too. I put together my own (small) DNS about a month ago and documented it as simply as I could, (I'm trying to do this for everything I set up) it just walks through the very minimum of steps i took to get my own DNS up and running from a fresh SuSE installation. If you want to take a look (I can't promise its perfect) its written from a newbie (my) point of view. You can read it here: http://www.bostonst.com/cgi-bin/Linu...num=1107228844 If you look, let me know if you find mistakes! thanks. Good luck getting everything up and running Best Regards, Tommy |
Just reading your most recent post
If i understand you correctly - you are not receiving email from the outside world on your new email server is that correct? Not sure I understand correctly what you're asking? If that's the case I think its likely you need to run named and set up an MX 10 record to indicate the location of your mailserver to the outside world? Do I mis-understand? Thanks, Tommy |
Tommy,
not quite ... I do receive mail if sent to my e-mail address me@mydomain.org. But at the moment the pop server within my e-mail client, Thunderbird, is set to 192.168.4.10. So mail is getting all the way through from outside of my domain. But, if I set the pop server name to mail.mydomain.org instead of 192.168.4.10, I get nada, nothing. Like the HowTo ! It's making sense .. I don't have a named running anywhere or a named.conf or /var/lib/named directory. I feel as though I am missing something. I'm running Debian Woody with apt-get available if that is any help. Thanks Steve |
Oh, ok I see
So one more question -- is your mail client running on the same machine as your server? If so the answer is easy edit /etc/hosts add the line 192.168.x.x mail.mydomain.com (where x.x is you local ip) that should fix it if it doesn't check /etc/nsswitch.conf and make sure the line for hosts reads: hosts: files dns Tommy |
I am running 3 machines .. the webserver/e-mail server/192.168.4.10 is separate from my other 2 PCs. It is running Debian and my other 2 PCs are running XP [ssshhh].
I've tried what you have suggested but I get this error when I start postfix warning: /var/spool/postfix/etc/hosts and /etc/hosts differ I've amended them both but still get the error, so I think there might be something wrong here. I've checked /etc/nsswitch.conf and it does have the line : hosts: files dns Any more clues ? Thanks Steve |
Ok,
Keeping in mind I'm new to this also (anyone feel free to jump in here). What I was doing with the /etc/hosts file was essentially telling your linux box that it is named "mail.domain.com". Since you're using other machines on your network I don't think the quick and dirty hosts file modification is going to do the trick. You can keep 192.168.4.10 as your mailserver if you want to -- (and it works right?) but if you want your internal network to be able to resolve 192.168.4.10 as mail.domain.net I think you're going to have to set up a small dns. The reason why you can't find "named" or any of the directories i mentioned earlier i think is likely because you don't have BIND installed on your host machine. the BIND package comes with the DNS server (named) which you'll have to run and configure to do this (per my earlier post). Since I'm not really knowledgable on Debian (I use RPM's on SuSE) I can't give you good instructions on how to install BIND.... but I think you can find them here: http://www.debian.org/doc/manuals/ne...r/ch-bind.html So simply put - get BIND installed, configure named, and start the named server. That's the 3 things you need to do (i think). Anyone else feel free to contradict me! Thanks, Tommy |
Tommy,
I've found this link: http://www.falkotimme.com/howtos/deb...root/index.php which I think will help me install BIND and configure named.conf Thanks for your help ! I'll let you know how I get on. Steve |
Yeah,
looking at that page - it should get BIND installed and started --- remember you still have to configure named with your information (ie. add a forward and reverse lookup database) Good luck with it! Let me know how it goes. Tommy |
OK .. done all of that ... as per this HowTo: http://www.falkotimme.com/howtos/de...hroot/index.php
everything seemed to restart OK ... I am getting the mail into my server and it is sitting in /var/mail/steve ... but it still seems to be the same as before .. If I set my pop server to 192.168.4.10 it comes through ... but when it is set to mail.mydomain.org it just sits there until I go back to 192.168.4.10. I can feel it's just a short step away ! ;-) Anymore help will be gratefully received - just a shame I can't offer a beer as thanks ! Steve |
Lol - yeah and I could use one too!
So sounds like you have BIND installed which is good. You're getting there quickly. There are some more steps for you to complete to get everything working properly. First - check to make sure that your installation is working and your booted up running the DNS server 'named' to do so type the following in your shell: ps -C named Its should spit out what process named is running -- this is good and means it is running. if it comes back blank or without mentioning named then you don't have your named server running. If this is the case (named is not running) stop here and try to start it. In SuSE 9.2 the command is 'rcnamed start' which spits out some-on screen text confirming that named did begin. Reading through the article you installed from - you may have to type: '/etc/init.d/bind9 start' which should do the same thing. then do another 'ps -C named' and see if its running Assuming you've got it going now you need to configure to your network entries. Right now, you see, your DNS is only running a 'cache' server which doesn't help you alot (it mirrors whats already out there on the internet). So you have to ADD your own records to make named work for you. So what do you do: create a forward lookup database create a rev lookup database edit named.conf to refer to these databases (create your zones) which hold the name -- ip address information for your network to do this follow step #2 at this site here. if the directory /var/lib/named doesn't exist go ahead and create it. http://www.bostonst.com/cgi-bin/Linu...num=1107228844 if you things don't quite make sense just write back and I'll do my best to explain better. Tommy. |
Hey Tommy ... did that ... and followed your instructions to build the 2 lookup files: smurphy.db and rev.192 and have referenced them in named.conf. I have added them here, I don't have static IPs for my internal machines at the minute so haven't added the entries, not sure if that will be necessary, can certainly do so if need be :
"smurphy.db" $TTL 604800 @ IN SOA domain.org. adminemail.domain.com ( 10800 ; Refresh every 30 minutes 1800 ; retry every 30 minute 1209600 ; Expire in 2 weeks 604800 ) ; Minimum 1 week IN NS 193.189.244.197 ; DNS server used by my router IN MX 10 mail.domain.org IN A 192.168.4.1 ; internet gateway lobo IN A 82.82.82.82 ; debian box [actually DSL public IP] "rev.192" $TTL 604800 @ IN SOA 4.168.192.in-addr.arpa.admin.domain.org ( 10800 ; refreah every 3 hours 1800 ; retry every 30 mins 604800 ; minmum 1 week IN NS 193.189.244.197 IN MX 10 mail.domain.org "named.conf" - lines left out to save space but above this is the standard default file settings // add entries for other zones below here zone "domain.org" { type master; file "smurphy.db"; }; zone "4.168.192.in-addr-arpa" { type master; file "192.rev"; }; Following the ps -C named command - even after issuing "/etc/init.d/bind9 start" named does not appear in the process list and there is nothing with named when I do ps ax, although there is no error when the start command is sent. Thanks Steve |
Getting there - A couple more things I have noticed here:
1) you will have to associate your mailserver IP with its 'mail.domain.com' in your lookup this is because your mail clients will actually access the DNS entry to 'resolve' the IP for mail.domain.com as 192.168.x.x and then communicate with that. So Modify in smurphy.db: IN MX 10 mail.domain.org. ; which is good you have that already IN NS ns2.domain.org. ; This is the DNS your are setting up linuxbox IN A 192.168.x.x; internal IP address of your linux box (need to set this) mail IN CNAME linuxbox ; here you say the IP of your mail.domain.org is same as your linuxbox ns2 IN CNAME linuxbox ; here you say your DNS is also running on your linux box's IP Notes: Of course replace 'linuxbox' with the name of your linux machine. You need to have at least a local static IP configured on your linux box, becuase what's going to happen here is you will add your linux box IP to your list of DNS servers on the other (nonlinux) machines you're using in your network, so they can use the DNS service you just set up. if that IP changes they won't be able to find this DNS service make sense? What this lets them do is use the lookup table we just made to resolve any entry ie. mail.domain.org to its IP address which is 192.168.x.x (fill in the x's) and find your server. 2) check to make sure you have modified the line in named.conf that reads something like this: options { directory "/var/lib/named" you need to make sure this points to the directory you stored smurphy.db in so that when named loads its config file it can find the .db file you made 3) if named is not finding your .db or .rev files or if you have a typo in any of the config files, named will exit immediately when you try to start it. So it won't run. When you do a ps -C named and don't see it running after you called it you should check it's log file to see what it's complaining about. That will help you run down the last couple typo's etc. you have. It can be an iterative process. fix your named.conf and .db files and try to start named. if it isn't running - check your log files and see what its complaining about. (you can post here if you want) fix that and wash, rinse, repeat. 4) oh you also need to change domain.org (if you havn't already) to whatever your qualified domain name is. I'll be checking today to see how it goes. Good luck! |
Lobo [the mail server] does have a static IP - 192.168.4.10, but this is the only machine that does.
1. I've made the changes to smurphy.db and hope they are correct: $TTL 604800 @ IN SOA domain.org. postmaster.domain.org ( 200518021 : serial number 10800 ; Refresh every 30 minutes 1800 ; retry every 30 minute 1209600 ; Expire in 2 weeks 604800 ) ; Minimum 1 week IN MX 10 mail.domain.org. ;Name Servers IN A 192.168.4.1 ; internet gateway IN NS ns2.domain.org. ; ; Addresses for canonical names localhost IN A 127.0.0.1 gateway IN A 192.168.4.1 lobo IN A 192.168.4.10 ;Aliases mail IN CNAME lobo ns2 IN CNAME lobo 2. I have checked my named.conf and all is in order: options { directory "/var/lib/named" 3. errors in /var/log/syslog when I start bind with /etc/init.d/bind9 start are below: Feb 18 20:24:26 lobo named[384]: starting BIND 9.2.1 -u nobody -t /var/lib/named Feb 18 20:24:26 lobo named[384]: using 1 CPU Feb 18 20:24:26 lobo named[386]: loading configuration from '/etc/bind/named.conf' Feb 18 20:24:26 lobo named[386]: /etc/bind/named.conf:9: change directory to '/var/lib/named' failed: file not found Feb 18 20:24:26 lobo named[386]: /etc/bind/named.conf:9: parsing failed Feb 18 20:24:26 lobo named[386]: loading configuration: file not found Feb 18 20:24:26 lobo named[386]: exiting (due to fatal error) I have tried copying named.conf to /var/lib/named but that didn't seem to make any difference. 4. domain.org is amended in the life file on the server to be the correct domain name. Do the errors in the logs give any clues to where the problem lies ? Thanks Steve |
Yes,
Looking at your log -- its loading your named.conf file and it can't locate the directory /var/lib/named which is where your .db files are. you can fix this two ways i think. you could specify an absolute path to your db files and remove the directory element zone "domain.org" { type master; file "/var/lib/named/smurphy.db"; }; zone "4.168.192.in-addr-arpa" { type master; file "/var/lib/named/192.rev"; }; try that or the other possible issue I can see with that error log is maybe you don't have permissions set right for 'named' to access this directory? you could try leaving everything as is and chown nobody /var/lib/named and the two db files..... since it looks like you're running named as nobody? Let me know if either of these fix your error log or change it? |
Oh,
one other thing in addition to what i just posted - its looking for named.conf in /etc/bind/named.conf, and I've been talking about having named.conf in your /etc directory -- for your implementation you should have named.conf in your /etc/bind directory insted. |
Oh dear ... I've tried all that and still no joy .. same error as before.
any other ideas ? Thanks Steve |
hey .. wouldn't you believe it. Been having some problems with the HDD aswell the last couple of days and about 30 mins ago .. it's dead as a doornail. So I guess it's back to the drawing board for now, someone will get some cash outta me for a new harddrive tomorrow.
As I will be installing fresh, are there any suggestions as to best or easiest to configure distros. I'm pretty easy about what to use and chose Debian as I'd never used it before. It was OK but will just as easy go for something else. I've touched on RedHat and Fedora in the past but am open to suggestions. Anyone got any suggestions !!? Thanks for all your help over the last few days Tommy ! Off for now ! Steve |
LOL,
And we were so close man! Well what you gonna do anyways -- hey I really like SuSE, I had used Mandrake before but SuSE is even easier and more comprehensive. Personally I was really impressed and so I do recommend. Not really a Fedora fan (although you will find that's a personal opinion) We tried to use it for some development work and it wasn't very friendly to our hardware. Feel free to write again - I like to debug especially topics I know pretty well in Linux! Have a great weekend. Tommy |
Well, I'm back up and running .. Installed a new shiny 40Gb HDD, re-installed Debian [including named from the install packages this time - and named is in the process listing - whoopee].
I think this is an easier problem now. I recreated the smurphy.db and 192.rev files and when I restart bind "/etc/init.d/bind9 restart" I get the error below. Now I think there is a syntax error in 192.rev at line 6 but I have tried moving the ")" to the line below but that doesn't seem to make any difference. /var/lib/named/192.rev looks like this [where domain = my proper domainname] $TTL 604800 @ IN SOA 4.168.192.in-addr.arpa.admin.domain.org ( 200502180 ; serial number 10800 ; refresh every 3 hours 1800 ; retry every 30 mins 604800 ) ; minimum 1 week ;Addresses point to canonical names 1 IN PTR mail.domain.org. /var/log/syslog looks like this after I issue /etc/init.d/bind9 restart: Feb 19 22:22:15 lobo named[6829]: dns_rdata_fromtext: 192.rev:6: near eol: unexpected end of input Feb 19 22:22:15 lobo named[6829]: zone 4.168.192.in-addr-arpa/IN: loading master file 192.rev: unexpected end of input Feb 19 22:22:15 lobo named[6829]: zone localhost/IN: loaded serial 1 Feb 19 22:22:15 lobo named[6829]: zone domain.org/IN: loaded serial 200518021 Feb 19 22:22:15 lobo named[6829]: running Any help is, as always, much appreciated ! Thanks Steve |
I found your error!
You need a space between 4.168.192.in-addr. and admin.domain.org. That should do it!! Let me know if it works! Thanks Tommy |
Hey,
I'm pretty sure these are right now - don't get the errors I was getting before when restarting bind9 and named starts correctly: rev.192 [was missing line 6 completely] $TTL 604800 @ IN SOA 4.168.192.in-addr-arpa. admin.domain.org. ( 200521023 ; serial number 10800 ; refresh every 3 hours 1800 ; retry every 30 mins 1209600 ; expire in 2 weeks 604800 ; minmum 1 week ) ;Name Servers IN A 192.168.4.1 ; internet gateway IN NS ns2.domain.org. ; ;Addresses point to canonical names 1 IN PTR mail.domain.org. smurphy.db $TTL 604800 @ IN SOA domain.org. postmaster.domain.org ( 200521022 ; serial number 10800 ; Refresh every 30 minutes 1800 ; retry every 30 minute 1209600 ; Expire in 2 weeks 604800 ) ; Minimum 1 week IN MX 10 mail.domain.org. ;Name Servers IN A 192.168.4.1 ; internet gateway IN NS ns2.domain.org. ; ; Addresses for canonical names localhost IN A 127.0.0.1 gateway IN A 192.168.4.1 lobo IN A 192.168.4.10 ;Aliases mail IN CNAME lobo ns2 IN CNAME lobo but getting this deferred error now when trying to send mail from command line [domain in the following is an external domain]: Feb 22 00:05:20 lobo postfix/qmgr[7415]: A1786425EF3: from=<root@domain.org>, size=299, nrcpt=1 (queue active) Feb 22 00:05:20 lobo postfix/qmgr[7415]: A1786425EF3: to=<username@domain.com>, relay=none, delay=0, status=deferred (Name service error for domain.com: Host not found, try again) and when I try to send mail from within Thunderbird I get this error: Feb 22 00:07:59 lobo postfix/smtpd[8042]: warning: restriction `permit_sasl_authenticated' ignored: no SASL support Feb 22 00:08:00 lobo postfix/smtpd[8042]: BE630425EF4: client=unknown[192.168.4.2] Feb 22 00:08:00 lobo postfix/smtpd[8042]: warning: restriction `permit_sasl_authenticated' ignored: no SASL support here is my main.cf: # see /usr/share/postfix/main.cf.dist for a commented, fuller # version of this file. # Do not change these directory settings - they are critical to Postfix # operation. command_directory = /usr/sbin daemon_directory = /usr/lib/postfix program_directory = /usr/lib/postfix smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) setgid_group = postdrop biff = no # appending .domain is the MUA's job. append_dot_mydomain = yes myhostname = lobo.domain.org alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydomain = domain.org myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain relayhost = relay_domain = 127.0.0.1 mynetworks = 127.0.0.0/8, 192.168.4.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mail_owner = postfix recipient_delimiter = + smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination mailbox_transport = cyrus mailbox_size_limit = 0 recipient_delimiter = + empty_address_recipient = MAILER-DAEMON message_size_limit = 33554432 bounce_size_limit = 65536 header_size_limit = 32768 smtpd_recipient_limit = 128 smtpd_timeout = 180 readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail html_directory = no manpage_directory = /usr/man newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq queue_directory = /var/spool/postfix unknown_local_recipient_reject_code = 450 smtpd_sasl_auth_enable = yes #header_checks = regexp:/usr/local/etc/postfix/header_checks #body_checks = regexp:/usr/local/etc/postfix/body_checks what do you reckon ? ;-) Steve |
Hi, Sorry It took a while here
So two questions about the problem you're having -- (oh and by the way congrats on getting named to run!). So I can understand -- the first error you document <username@domain.org> is an external person you're trying to mail to? I would check to make sure you have the "caching" zone setup in your DNS -- I skip over that one entry because it is already configured in SuSE and I think when you were installing BIND the instructions you were following instructed you to create it in your config files for named. Anyway - what the caching zone does is essentially mimic everything else that's out there outside of your box - if you have something wrong with that I guess it could be causing this problem. check your named.conf for the following: zone "." in { type hint; file "root.hint"; }; Second, so looking at your main.cf (and I am not a postfix pro by any means) it looks like you are requiring that anyone who uses your system is SASL authenticated Hence the line in your Main.cf: (this is probably a good thing, but looking at how your email client is complaining I suggest the following line might be the problem, try deleting it and see what happens) smtpd_sasl_auth_enable = yes Now that could be doing something totally different and I could be all wrong about that --- It also looks like you have IMAP setup and are using Cyrus as your mail Transport. I'm doing the same. Now my main.cf is nowhere near great but it does work. you might want to try it out or look at the differences. You can find it Here: http://www.bostonst.com/cgi-bin/Linu...6387;start=0#1 its on the first reply below the initial write-up about squirrel mail. Got my fingers crossed. Tommy |
| All times are GMT -5. The time now is 02:55 PM. |