LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   maillog error found (https://www.linuxquestions.org/questions/linux-newbie-8/maillog-error-found-4175479551/)

cheesewizz 10-03-2013 10:24 PM

maillog error found
 
Hi

I have postfix in my centos 6.4 testing in same lan ip address i can able to connect thru thunderbird and any mail apps.

but when i go home using my laptop i trying to setup my account in thunderbird
i got always failed to connect check username and password but i believe it is correct.

so what i did is to get the logfile under maillog

logfile: set to auto for SSL
Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2

logfile:
IMAP forcing to port 993, SSL/TLS and authetication Autodetect
SMTP forcing to port 25, None and Autodetect
Oct 4 10:27:44 mail dovecot: imap-login: Disconnected (no auth attempts): rip=180.191.139.31, lip=10.0.0.2,
TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42


i was hoping someone can help and fix


thanks

SAbhi 10-03-2013 10:51 PM

Quote:

I have postfix in my centos 6.4 testing in same lan ip address i can able to connect thru thunderbird and any mail apps.

but when i go home using my laptop i trying to setup my account in thunderbird
i got always failed to connect check username and password but i believe it is correct.
So that means postfix is not configured to work out of your LAN. you may need to configure it a bit more. Search on google uncle has many solutions.

cheesewizz 10-04-2013 12:02 AM

Quote:

Originally Posted by SAbhi (Post 5039747)
So that means postfix is not configured to work out of your LAN. you may need to configure it a bit more. Search on google uncle has many solutions.


Hi

searching in google last 2 weeks ago and till now
still not fix.


i wish someone can guide me and pinpoint the exact problem of my configuration.


thanks

SAbhi 10-04-2013 12:37 AM

So you need some pre-requisites;

1. A DNS 'A' record to be set at a minimum.
2. check if you are able to
Code:

telnet your_mail_server.com 25
3. inet_interfaces = all # is set in main.cf


This could be of help.

JJJCR 10-04-2013 01:10 AM

hi cheesewizz, what SAbhi is pointing out. It works okay on your Local network.

But to work outside your LAN, you need to configure postfix on these items below:

1. DNS Host Record "A" record (configure on your DNS server or in your ISP)

2. Domain Name

3. If you are behind a firewall, or your server is on DMZ.
You will need to do port forwarding.
Natted IP to Public IP and of course also Public IP to Natted IP (which is the IP Address of your server)

4. On your server, router or firewall you need to open the ports to the external world
such as port 25,port 993, port 465 or check postfix documentation which ports are needed
NOTE: don't open all the ports you will get a nasty surprise, just open the ports needed

5. Once you configured to open the ports in your router or firewall and have setup the port forwarding also.
You need to check in SELINUX CentOS Firewall if indeed the ports are open.
(but I believe its open since it works on your LAN but it doesn't hurt to double check)

6. To check if the ports are open to the external world.
You can use dyndns port checker tool.
http://dyn.com/support/ (scroll down to Open Port Tool, you will need an account to use the tool)

Good luck!!!

descendant_command 10-04-2013 01:17 AM

Quote:

Originally Posted by cheesewizz (Post 5039737)
Oct 4 10:27:44 mail dovecot: imap-login: Disconnected (no auth attempts): rip=180.191.139.31, lip=10.0.0.2,
TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42

^^This.
Seems to be getting to it OK, but the SSL handshake is failing.
Check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?

cheesewizz 10-04-2013 01:48 AM

Quote:

Originally Posted by JJJCR (Post 5039799)
hi cheesewizz, what SAbhi is pointing out. It works okay on your Local network.

But to work outside your LAN, you need to configure postfix on these items below:

1. DNS Host Record "A" record (configure on your DNS server or in your ISP)

2. Domain Name

3. If you are behind a firewall, or your server is on DMZ.
You will need to do port forwarding.
Natted IP to Public IP and of course also Public IP to Natted IP (which is the IP Address of your server)

4. On your server, router or firewall you need to open the ports to the external world
such as port 25,port 993, port 465 or check postfix documentation which ports are needed
NOTE: don't open all the ports you will get a nasty surprise, just open the ports needed

5. Once you configured to open the ports in your router or firewall and have setup the port forwarding also.
You need to check in SELINUX CentOS Firewall if indeed the ports are open.
(but I believe its open since it works on your LAN but it doesn't hurt to double check)

6. To check if the ports are open to the external world.
You can use dyndns port checker tool.
http://dyn.com/support/ (scroll down to Open Port Tool, you will need an account to use the tool)

Good luck!!!

Hi

My Postfix mail its not behind the firewall my public ip is directly assigned
I disable the ipables.

the domain name its working fine
port 25, 993,465 or 995 are open


headeache :(

cheesewizz 10-04-2013 02:05 AM

Quote:

Originally Posted by descendant_command (Post 5039802)
^^This.
Seems to be getting to it OK, but the SSL handshake is failing.
Check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?

I followed this site here


thanks

descendant_command 10-04-2013 02:28 AM

Quote:

Originally Posted by cheesewizz (Post 5039820)
I followed this site here

That's nice dear ...

Now, check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?

cheesewizz 10-04-2013 03:49 AM

Quote:

Originally Posted by descendant_command (Post 5039832)
That's nice dear ...

Now, check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?

Hi

How do i check my SSL setup?


thanks

JJJCR 10-04-2013 03:57 AM

from the site that you followed, set the settings below just to isolate whether SASL is causing the issue.

if it doesn't work, revert it back to the original settings.

smtpd_sasl_auth_enable = no
broken_sasl_auth_clients = no

try adding this one as well:
smtpd_tls_security_level = none

if it works without the tls security then you need to consider looking on the certificate files that you generated

http://www.krizna.com/centos/setup-m...r-in-centos-6/

Quote:

myhostname = mail.krizna.com
mydomain = krizna.com
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

JJJCR 10-04-2013 04:20 AM

in dovecot.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no

SAbhi 10-04-2013 05:30 AM

Aah why there are multiple meanings derived from my post ??

check back to telnet the server to port 25... see how its rejecting the connections ..

share what's there in /etc/postfix/master.cf

the issue may lies there if connections are rejected by SASL.

cheesewizz 10-04-2013 07:51 PM

Quote:

Originally Posted by SAbhi (Post 5039779)
So you need some pre-requisites;

1. A DNS 'A' record to be set at a minimum.
2. check if you are able to
Code:

telnet your_mail_server.com 25
3. inet_interfaces = all # is set in main.cf


This could be of help.


Hi

Using telnet before it was ok
but now
[root@mail postfix]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root
250 2.1.0 Ok
rcpt to: rtest
554 5.7.1 <localhost[::1]>: Client host rejected: Access denied


[root@mail postfix]# telnet mail.example.com 25
Trying xxx.xxx.xxx.xxx
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root
250 2.1.0 Ok
rcpt to: rtest
554 5.7.1 <mail.example.com[xxx.xxx.xxx]>: Client host rejected: Access denied
554 5.5.1 Error: no valid recipients


thanks

---------- Post added 10-05-13 at 12:52 AM ----------

Quote:

Originally Posted by JJJCR (Post 5039885)
in dovecot.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no


# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes

cheesewizz 10-04-2013 07:53 PM

Quote:

Originally Posted by JJJCR (Post 5039876)
from the site that you followed, set the settings below just to isolate whether SASL is causing the issue.

if it doesn't work, revert it back to the original settings.

smtpd_sasl_auth_enable = no
broken_sasl_auth_clients = no

try adding this one as well:
smtpd_tls_security_level = none

if it works without the tls security then you need to consider looking on the certificate files that you generated

http://www.krizna.com/centos/setup-m...r-in-centos-6/


ok i modified some

but stil got failed

Oct 5 08:52:46 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
Oct 5 08:52:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2


All times are GMT -5. The time now is 12:56 AM.