[SOLVED] Postfix w/TLS, virtual domain, non-unix account

Sum1 · 04-26-2011, 05:35 AM

I've got postfix working with TLS in a virtual domain configuration.
The postfix server is accepting mail with no problems; per log:

Code:

Apr 26 06:05:23 sato postfix/smtpd[26962]: connect from mail-iy0-f180.google.com[209.85.210.180]
Apr 26 06:05:23 sato postfix/smtpd[26962]: setting up TLS connection from mail-iy0-f180.google.com[209.85.210.180]
Apr 26 06:05:23 sato postfix/smtpd[26962]: mail-iy0-f180.google.com[209.85.210.180]: TLS cipher list "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL:!MD5"
Apr 26 06:05:23 sato postfix/smtpd[26962]: SSL_accept:before/accept initialization
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 read client hello A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 write server hello A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 write certificate A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 write server done A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 flush data
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 read client key exchange A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 read finished A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 write change cipher spec A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 write finished A
Apr 26 06:05:24 sato postfix/smtpd[26962]: SSL_accept:SSLv3 flush data
Apr 26 06:05:24 sato postfix/smtpd[26962]: mail-iy0-f180.google.com[209.85.210.180]: save session E5A2DA12F11C1EA1AB910C8F09FB58861FF2A0=smtp to smtpd cache
Apr 26 06:05:24 sato postfix/tlsmgr[26964]: put smtpd session id=E5A2DA12F11C1EA1AB910C8F09FB58861FF2A0=smtp [data 127 bytes]
Apr 26 06:05:24 sato postfix/tlsmgr[26964]: write smtpd TLS cache entry E5A2DA12F11C1EA1AB910C8F09FB58861FF2A0=smtp: time=1303812324 [data 127 bytes]
Apr 26 06:05:24 sato postfix/smtpd[26962]: Anonymous TLS connection established from mail-iy0-f180.google.com[209.85.210.180]: TLSv1 with cipher AES128-SHA (128/128 bits)
Apr 26 06:05:24 sato postfix/smtpd[26962]: 80D101840715: client=mail-iy0-f180.google.com[209.85.210.180]
Apr 26 06:05:24 sato postfix/cleanup[26967]: 80D101840715: message-id=<BANLkTin10Mf+ECEaopNCp2pp1f-07hk5aw@mail.gmail.com>
Apr 26 06:05:24 sato postfix/qmgr[26958]: 80D101840715: from=<ertertert@gmail.com>, size=1564, nrcpt=1 (queue active)
Apr 26 06:05:24 sato postfix/virtual[26968]: 80D101840715: to=<user@example.com>, relay=virtual, delay=0.36, delays=0.28/0.04/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Apr 26 06:05:24 sato postfix/qmgr[26958]: 80D101840715: removed
Apr 26 06:05:54 sato postfix/smtpd[26962]: disconnect from mail-iy0-f180.google.com[209.85.210.180]
Apr 26 06:09:14 sato postfix/anvil[26965]: statistics: max connection rate 1/60s for (smtp:209.85.210.180) at Apr 26 06:05:23
Apr 26 06:09:14 sato postfix/anvil[26965]: statistics: max connection count 1 for (smtp:209.85.210.180) at Apr 26 06:05:23
Apr 26 06:09:14 sato postfix/anvil[26965]: statistics: max cache size 1 at Apr 26 06:05:23

Next, I've tried to connect to the postfix server with Thunderbird 3.1 email client. Upon initial adding user@example.com account in Tbird, it tries to auto-configure the connection to the mail server. It appears to "find" or connect to the smtp outgoing server, but the incoming server fails. I've tried many different settings for the incoming server: pop, imap, ports 110,143,993,995; I've tried addressing the incoming server as mail.example.com, example.com, etc. Everything has failed thus far.

I've been reviewing the postfix TLS and basic configuration docs., but I'm not progressing.

Looking for guidance how to properly connect an email client to the "incoming server" and get postfix to send emails.

Here's postconf -n output:

Code:

command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = /usr/doc/postfix-2.6.1/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/doc/postfix-2.6.1/README_FILES
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/mycert.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 7200s
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vmailbox
virtual_mailbox_domains = example.com
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 100
virtual_uid_maps = static:5000

Sum1 · 04-26-2011, 08:18 AM

Code:

root@box:~# openssl s_client -host localhost:110 -starttls smtp
gethostbyname failure
connect:errno=0

root@box:~# openssl s_client -host localhost:143 -starttls smtp
gethostbyname failure
connect:errno=0

root@box:~# openssl s_client -host localhost:993 -starttls smtp
gethostbyname failure
connect:errno=0

root@box:~# openssl s_client -host localhost:995 -starttls smtp
gethostbyname failure
connect:errno=0

root@box:~# openssl s_client -host localhost:587 -starttls smtp
gethostbyname failure
connect:errno=0

cincindie · 04-27-2011, 05:37 AM

Did you try setting up Tbird on the server, and setting the incoming server name to the local IP address of the email server? you can start by setting up pop3 (or imap) before moving on to pop3s/imaps. Also, did the Tbird logs say anything?

Sum1 · 04-29-2011, 02:04 PM

Quote:

Originally Posted by cincindie

Did you try setting up Tbird on the server, and setting the incoming server name to the local IP address of the email server? you can start by setting up pop3 (or imap) before moving on to pop3s/imaps. Also, did the Tbird logs say anything?

Cincin, thanks for your response.
I haven't tried your suggestion, as I don't have X setup on the server.

I've done some more reading and asked a question on the postfix users mailing list. It seems I'm at the point where I need to go ahead and set up a pop or imap server to connect and authenticate with. MUA (TBird) >>> MDA (Dovecot) >>> MTA (Postfix).