LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-04-2007, 09:52 AM   #1
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Rep: Reputation: 15
Postfix problems on FC4 server


Fedora Core 4, recently installed on 128MB PIII 700 w/40GB hda, 60GB hdb. Postfix is 2.2.2, I believe... let's see... yep, 2.2.2 is the one.

I have four domains - let's call them a.com, b.org, c.net, and d.biz - and I'd like to set up an internet server to handle them, using my SBC DSL line. There will initially be four users: Arno, Bjorn, Carla, and Deirdre – more to come, presumably added just like these four, once everything is working.

Actually, I've already started. Parts of it are working pretty much okay. I've got apache 2 running, and all four domains respond to browsers from the web. I've got vsftp running, and other than the fact that a small group of d!psh!ts are trying to log in (unsuccessfully, so far, and through ssh as well), it's working okay, too. I've got mysql running and a couple of wordpress blogs using it are working properly. There's probably some other stuff that's good, but those are the main ones that come to mind.

What's left out? Email.

Problems galore with email. I've been working (if that's really the right word) with Postfix, and I've gone from not working at all, to working internally only, to working all over for receiving but not sending, to not working at all, and back to working internally only for receiving. I can do “echo akk splutt ferkle erk | mail arno” and it gets delivered; I also have spammers sending comments on the blogs, which of course are delivered from "inside". I'm guessing that I could send webmail from Bjorn to Carla and have that delivered okay, but I haven't tried.

The original culprit was SBC – they wouldn't let direct email be sent, so I tried setting up relayhost, and in the middle of that (it didn't want sasl authorization) the whole thing fell apart on me. Actually, in retrospect, I think it was working pretty well on the incoming side, and everything cratered when I was trying to add spamassassin... I'm not really sure I got anything sent, now, although it was trying valiantly. And, yes, I know outgoing mail works because I've been sending (and receiving) email through sbc (although most receiving's been from the managed server I dumped to DIY) with T-bird from both Windoze and Linux boxes for over a year. I can do it now, if I connect my LAN back to the DSL box (actually, the LAN goes through a SonicWall, but that's a whole different issue...).

So, tried to restore Postfix's default .cf's and work my way forward again, but right this instant I'm not receiving anything from outside (or more properly, mail from outside is being rejected).

I don't know enough about email (yet...) to know whether to look at smtp or postfix or what, and I'm not sure how to go about testing to see what's wrong, so any help at all will be greatly appreciated.

Seems like I need to see some debug output... so what parameters should I set in which programs, and where should I look for the output?

If you need to see the .cf's, just ask... but I didn't want to clutter this up much more.
 
Old 05-05-2007, 02:57 AM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Your best friend is about to be /var/log/maillog, it will tell you plenty.

The trick (as I hear things) is to get a basic postfix setup working and then start adding bits one at a time. That means don't try and get virtual hosting going on try one.

Quick question - are the users true userts in that they have accounts on the linux box or are they purely virtual?

Rgds
 
Old 05-05-2007, 05:35 PM   #3
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by billymayday
Your best friend is about to be /var/log/maillog, it will tell you plenty.

The trick (as I hear things) is to get a basic postfix setup working and then start adding bits one at a time. That means don't try and get virtual hosting going on try one.

Quick question - are the users true userts in that they have accounts on the linux box or are they purely virtual?

Rgds
Aye, been looking at maiollog plenty, but so far it ain't telling me sh!t - not that I understand, anyway.

I'd be plenty happy right now just to get incoming mail working again, but I don't seem to see anything in maillog telling me why it's rejecting incoming stuff...

all the users are "true" users so far... I figgered I'd get a little bit working and then move on... that is - first receive incoming mail, then get outgoing working, and so on.

Thanks for the response.
 
Old 05-05-2007, 06:40 PM   #4
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by longtex
Aye, been looking at maiollog plenty, but so far it ain't telling me sh!t - not that I understand, anyway.

I'd be plenty happy right now just to get incoming mail working again, but I don't seem to see anything in maillog telling me why it's rejecting incoming stuff...

all the users are "true" users so far... I figgered I'd get a little bit working and then move on... that is - first receive incoming mail, then get outgoing working, and so on.

Thanks for the response.
FYI

Plugging along... found this site: http://www.arschkrebs.de/postfix
(my limited deutsch tells me this is "ass cancer" or "ass crabs" - not sure which one applies here) which is by Ralf Hildebrandt, who is the man on Postfix, apparently - author of a book on Postfix that seems to have uniformly wowish reviews. From there, you can link to http://www.postfix-book.com/debugging.html, which Chapter 25 from that book (The Book of Postfix), entitled... Troubleshooting Postfix... so I'm all over that, right after a supper break (it's 18:40 here, and my total intake for the day is a couple of cups of joe, slice of toast, and 1/2 gallon of water... time for a giant bowl of pasta and a cold Shiner Blonde). After I've et, I'll get into the debugging and try to keep things posted here.
 
Old 05-06-2007, 10:48 AM   #5
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by longtex
FYI

Plugging along... found this site: http://www.arschkrebs.de/postfix
(my limited deutsch tells me this is "ass cancer" or "ass crabs" - not sure which one applies here) which is by Ralf Hildebrandt, who is the man on Postfix, apparently - author of a book on Postfix that seems to have uniformly wowish reviews. From there, you can link to http://www.postfix-book.com/debugging.html, which Chapter 25 from that book (The Book of Postfix), entitled... Troubleshooting Postfix... so I'm all over that, right after a supper break (it's 18:40 here, and my total intake for the day is a couple of cups of joe, slice of toast, and 1/2 gallon of water... time for a giant bowl of pasta and a cold Shiner Blonde). After I've et, I'll get into the debugging and try to keep things posted here.
Getting there - following that troubleshooting guide, I found that I had set the inet_interfaces parameter to my domains, which meant that it was only listening for messages FROM them. I deleted all of those and put back inet_interfaces = all and presto! Incoming email - lots of it.

Now... two more major tasks to go: being able to send, and getting spamassassin to start cleaning up the piles of sh!t. Other tasks, of course, such as killing unauthorized relaying, sh!t-canning messages to unknown users... and no doubt, much, much more...

One thing at a time. I think sending is only a matter of getting saslauthd to look at the password file I create, instead of at the system user passwords, which is apparently what it's doing. Here goes...
 
Old 05-06-2007, 01:57 PM   #6
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by longtex
Getting there - following that troubleshooting guide, I found that I had set the inet_interfaces parameter to my domains, which meant that it was only listening for messages FROM them. I deleted all of those and put back inet_interfaces = all and presto! Incoming email - lots of it.

Now... two more major tasks to go: being able to send, and getting spamassassin to start cleaning up the piles of sh!t. Other tasks, of course, such as killing unauthorized relaying, sh!t-canning messages to unknown users... and no doubt, much, much more...

One thing at a time. I think sending is only a matter of getting saslauthd to look at the password file I create, instead of at the system user passwords, which is apparently what it's doing. Here goes...
Boy, I dunno... I'm wading through the tails of maillog and messages, not really much jumping out at me. Also looking at packets captured with ethereal... more or less ditto... although, there is a reference close to the end of the transactions where it's something about TLS ... I'm pretty sure sbc doesn't use TLS. I look at main.cf for references to it, and find one I'm having trouble figuring out

smtp_sasl_tls_security_options = $var_smtp_sasl_opts

I can't find any reference to $varetc, and where I think iot counts, we have

smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_cipherlist =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 1
#smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no

which appears to be telling postfix not to do tls.

WTF?
 
Old 05-06-2007, 05:20 PM   #7
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Why not just comment out the smtp_tls parameters. Any that are needed will take on default values anyway.

Post the output of postconf -n
 
Old 05-06-2007, 06:07 PM   #8
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by billymayday
Why not just comment out the smtp_tls parameters. Any that are needed will take on default values anyway.

Post the output of postconf -n
I started another thread, specifically about sasl_auth, the postconf output is there.

I tried commenting t=the tls entries. All that happened was there was no reference to tls in the logs/packets - the message still didn't go through sbc (at least, not in a couple of minutes that I looked.).

Not sure what to look for in the way of requesting/sending the user/password, but I don't see it (should be plaintext, I think).

Thanks again.
 
Old 05-06-2007, 06:30 PM   #9
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
That's one nasty setup you have going there.

Perhaps a dumb question, but why the "[" and "]" around you relayhost? If I set mine I don't get these brackets
 
Old 05-06-2007, 07:08 PM   #10
longtex
Member
 
Registered: Aug 2004
Location: Texhuahua
Distribution: RedHat 6,7,9,EL; SuSE 9.2 Pro, Knoppix 3.4/.7/.9, Fedora Core 4
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by billymayday
That's one nasty setup you have going there.

Perhaps a dumb question, but why the "[" and "]" around you relayhost? If I set mine I don't get these brackets
Believe me, I've looked at a sh!tload of how-to's over the last couple of weeks, and it was repeatedly stated "you may have to enclose the relay in square brackets like [smtp.*.yahoo.com] so the bogus MX record will be ignored."

I've tried it both ways (with / without brackets) - I can't send at all without the brackets; with the brackets, I can at least send to sbc.
 
  


Reply

Tags
mail, postfix


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fc4 iptables blocking yum and smtp (postfix) dtra Linux - Networking 1 04-30-2006 12:05 AM
mail server setup fc4 (postfix, qmail with mysql 5?) sendmail dtra Linux - Software 1 04-10-2006 10:17 PM
Postfix Cyrus IMAP/POP3 configuration on FC4 tomashelgi Fedora 0 08-31-2005 05:05 PM
Relay Server<-> GatewayServer<->filtering server: PostFix, amavis,spamassassin, cyrus admore Linux - General 0 11-02-2004 08:46 AM
move postfix mails from server to another postfix server onetwo Linux - Software 2 03-18-2003 02:22 PM


All times are GMT -5. The time now is 08:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration