maillog error found
Hi
I have postfix in my centos 6.4 testing in same lan ip address i can able to connect thru thunderbird and any mail apps. but when i go home using my laptop i trying to setup my account in thunderbird i got always failed to connect check username and password but i believe it is correct. so what i did is to get the logfile under maillog logfile: set to auto for SSL Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2 Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2 logfile: IMAP forcing to port 993, SSL/TLS and authetication Autodetect SMTP forcing to port 25, None and Autodetect Oct 4 10:27:44 mail dovecot: imap-login: Disconnected (no auth attempts): rip=180.191.139.31, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 i was hoping someone can help and fix thanks |
Quote:
|
Quote:
Hi searching in google last 2 weeks ago and till now still not fix. i wish someone can guide me and pinpoint the exact problem of my configuration. thanks |
So you need some pre-requisites;
1. A DNS 'A' record to be set at a minimum. 2. check if you are able to Code:
telnet your_mail_server.com 25 This could be of help. |
hi cheesewizz, what SAbhi is pointing out. It works okay on your Local network.
But to work outside your LAN, you need to configure postfix on these items below: 1. DNS Host Record "A" record (configure on your DNS server or in your ISP) 2. Domain Name 3. If you are behind a firewall, or your server is on DMZ. You will need to do port forwarding. Natted IP to Public IP and of course also Public IP to Natted IP (which is the IP Address of your server) 4. On your server, router or firewall you need to open the ports to the external world such as port 25,port 993, port 465 or check postfix documentation which ports are needed NOTE: don't open all the ports you will get a nasty surprise, just open the ports needed 5. Once you configured to open the ports in your router or firewall and have setup the port forwarding also. You need to check in SELINUX CentOS Firewall if indeed the ports are open. (but I believe its open since it works on your LAN but it doesn't hurt to double check) 6. To check if the ports are open to the external world. You can use dyndns port checker tool. http://dyn.com/support/ (scroll down to Open Port Tool, you will need an account to use the tool) Good luck!!! |
Quote:
Seems to be getting to it OK, but the SSL handshake is failing. Check your SSL setup (presumably it is not used on LAN?). Maybe Tbird is rejecting it for being self-signed or not matching the servername? |
Quote:
My Postfix mail its not behind the firewall my public ip is directly assigned I disable the ipables. the domain name its working fine port 25, 993,465 or 995 are open headeache :( |
Quote:
thanks |
Quote:
Now, check your SSL setup (presumably it is not used on LAN?). Maybe Tbird is rejecting it for being self-signed or not matching the servername? |
Quote:
How do i check my SSL setup? thanks |
from the site that you followed, set the settings below just to isolate whether SASL is causing the issue.
if it doesn't work, revert it back to the original settings. smtpd_sasl_auth_enable = no broken_sasl_auth_clients = no try adding this one as well: smtpd_tls_security_level = none if it works without the tls security then you need to consider looking on the certificate files that you generated http://www.krizna.com/centos/setup-m...r-in-centos-6/ Quote:
|
in dovecot.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = no |
Aah why there are multiple meanings derived from my post ??
check back to telnet the server to port 25... see how its rejecting the connections .. share what's there in /etc/postfix/master.cf the issue may lies there if connections are rejected by SASL. |
Quote:
Hi Using telnet before it was ok but now [root@mail postfix]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.example.com ESMTP Postfix ehlo localhost 250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: root 250 2.1.0 Ok rcpt to: rtest 554 5.7.1 <localhost[::1]>: Client host rejected: Access denied [root@mail postfix]# telnet mail.example.com 25 Trying xxx.xxx.xxx.xxx Connected to mail.example.com. Escape character is '^]'. 220 mail.example.com ESMTP Postfix ehlo localhost 250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: root 250 2.1.0 Ok rcpt to: rtest 554 5.7.1 <mail.example.com[xxx.xxx.xxx]>: Client host rejected: Access denied 554 5.5.1 Error: no valid recipients thanks ---------- Post added 10-05-13 at 12:52 AM ---------- Quote:
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> #ssl = yes |
Quote:
ok i modified some but stil got failed Oct 5 08:52:46 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2 Oct 5 08:52:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2 |
here is my main.cf
[root@mail postfix]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = example.com myhostname = mail.example.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_bcc_maps = hash:/etc/postfix/sender_bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = cyrus smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_received_header = yes smtpd_tls_security_level = none smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 [root@mail postfix]# |
master.cf
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt -o smtpd_reject_unlisted_sender=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o broken_sasl_auth_clients=yes # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== |
maillog file:
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 |
Maillog:
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 |
Quote:
Quote:
You also still seem to have an SSL problem. |
I have BIND which installed same machine
here is my config: $ttl 38400 @ IN SOA mail.example.com. root.mail.example.com. ( 930201302 10801 3600 604800 38400 ) @ IN NS mail.example.com. @ IN MX 11 mail.example.com. mail.example.com. IN A xxx.xxx.xxx.xxx www IN CNAME mail.example.com. thanks |
yesterday i setup new centos 6.4 in other machine
with postfix basic setup postfix is up and dovecot is up but ssl not yet configure still in same network or subnet i can able to connect using thunderbird send and recieved but if im going to connect using other Internet Connection for example broadband still im getting failed i checked on the log maillog Oct 5 11:12:25 ns2 dovecot: imap-login: Aborted login (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx settings under thunderbird: Incoming IMAP Server hostname: xxx.xxx.xxx.xxx Port: 143 SSL: none Authentication : Autodetect Outgoing: SMTP Server hostname: xxx.xxx.xxx.xxx Port:25 SSL: none Authentication: No Authentication so meaning i dont have SSL in my centos 6.4 but i still got error thanks |
Hi
i followed this site to enable the logging here is my log: Oct 05 11:29:39 auth: Debug: client out: OK 1 user=rsumook Oct 05 11:29:39 auth: Debug: master in: REQUEST 2933260289 2348 1 09b0344d35547bcdee746a337b3d17e5 Oct 05 11:29:39 auth: Debug: passwd(rsumook,119.92.56.75): lookup Oct 05 11:29:39 auth: Debug: master out: USER 2933260289 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook Oct 05 11:29:39 pop3-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=2352, secured Oct 05 11:29:39 pop3(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook Oct 05 11:29:39 pop3(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir Oct 05 11:29:39 pop3(rsumook): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Oct 05 11:32:24 master: Warning: Killed with signal 15 (by pid=2368 uid=0 code=kill) Oct 05 11:32:25 master: Info: Dovecot v2.0.9 starting up (core dumps disabled) Oct 05 11:32:38 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Oct 05 11:32:38 auth: Debug: auth client connected (pid=2392) Oct 05 11:32:38 auth: Debug: client in: AUTH 1 PLAIN service=pop3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx lport=110 rport=52214 resp=AHJzdW1vb2sAc3Vtb29rcg== Oct 05 11:32:38 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Oct 05 11:32:38 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): lookup service=dovecot Oct 05 11:32:38 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): #1/1 style=1 msg=Password: Oct 05 11:32:38 auth: Debug: client out: OK 1 user=rsumook Oct 05 11:32:38 auth: Debug: master in: REQUEST 562561025 2392 1 706a93a28533dcfc7c55ce4f0264d18f Oct 05 11:32:38 auth: Debug: passwd(rsumook,xxx.xxx.xxx.xxx): lookup Oct 05 11:32:38 auth: Debug: master out: USER 562561025 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook Oct 05 11:32:38 pop3-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=2398, secured Oct 05 11:32:38 pop3(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook Oct 05 11:32:38 pop3(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir Oct 05 11:32:38 pop3(rsumook): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Oct 05 11:32:51 auth: Debug: auth client connected (pid=2403) Oct 05 11:32:52 imap-login: Info: Aborted login (no auth attempts): rip=xxx.xxx.xxx.xxx1, lip=xxx.xxx.xxx.xxx |
Quote:
and see below for master.cf: Quote:
|
Quote:
i revert it back alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = mail.example.com myhostname = mail.example.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_bcc_maps = hash:/etc/postfix/sender_bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = cyrus smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 master.cf smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_reject_unlisted_sender=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o broken_sasl_auth_clients=yes # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_reject_unlisted_sender=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o broken_sasl_auth_clients=yes # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd but i still get error: Oct 5 14:33:20 mail dovecot: imap-login: Disconnected (no auth attempts): rip=112.72.46.74, lip=10.0.0.2 Oct 5 14:37:24 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.93.123.187, lip=10.0.0.2 thanks |
I still get error (no auth attempts)
im so hopeless ;( |
Quote:
|
Quote:
|
Quote:
http://nl.globalsign.com/en/support/...l+certificate/ check it out it might help. got the idea from this link: http://www.dovecot.org/list/dovecot/...ry/062981.html Cheers!! hope you nail it. Keep us posted. |
Quote:
|
Hi
i have good news i installed again my centos 6.4 x86_64 so right now i have basic configuration alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = localhost.$mydomain, localhost, $mydomain mydomain = example.com myhostname = mail.example.com mynetworks = xxx.xxx.xxx.xxx/xx, 192.168.50.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 # OS: Linux 2.6.32-358.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login listen = * log_path = /var/log/dovecot.log login_greeting = Hi everyone Welcome to exmaple!! mail_debug = yes mail_location = maildir:~/Maildir mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = </etc/pki/tls/certs/server.crt ssl_cipher_list = ALL:!LOW:!SSLv2 ssl_key = </etc/pki/tls/certs/server.key userdb { driver = passwd } verbose_ssl = yes using my broadband here at my house i can able to recieve using port 993 but i still have problem i cannot send file i suspect my port 25 smtp when i checked to my maillog theres no activity or information or hint please help thanks |
sorry for duplicate
|
Quote:
|
Quote:
you can do what @UnSpawn mentioned.. well i recommend @unspawn's suggestion. Also try logging in without using encryption: telnet localhost 143 login "loginname" "password" check the output and logs .. It may be a issue with dovecot, it appears that you are forcing ssl connections which is not suggested untill you know what version end users are running and what are you suppose to do with it... |
Quote:
Ohhh sorry i didnt saw the latest one, please ignore my previous comment. |
I thank you for all your time and suggestions im so happy that i can able to recieved messages using my broadbband in my house.
I wish also my postfix mailserver able to send even my Internet connection are broadband at my house. please i need your help again right now i have no idea why i cannot send or even reply my messages using thunderbird "sending of message failed. The message could not be sent because the connection SMTP mail.example.com timed out. Try again or contact your network administrator" i used ssh to access my centos 6.4, checking logfile no clues appear i believe the information is about dovecot imap log Oct 06 18:38:16 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [xxx.xxx.xxx.xxx] Oct 06 18:38:16 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [xxx.xxx.xxx.xxx] Oct 06 18:38:17 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx lport=993 rport=48866 resp=AHJzdW1vb2sAc3Vtb29rcg== Oct 06 18:38:17 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): lookup service=dovecot Oct 06 18:38:17 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): #1/1 style=1 msg=Password: Oct 06 18:38:17 auth: Debug: client out: OK 1 user=rsumook Oct 06 18:38:17 auth: Debug: master in: REQUEST 26214401 13730 1 1a0a5daf8e5e4da3daa6c0f0c5375fb2 Oct 06 18:38:17 auth: Debug: passwd(rsumook,xxx.xxx.xxx.xxx): lookup Oct 06 18:38:17 auth: Debug: master out: USER 26214401 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook Oct 06 18:38:17 imap-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=13734, TLS Oct 06 18:38:17 imap(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook Oct 06 18:38:17 imap(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir Oct 06 18:38:20 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [xxx.xxx.xxx.xxx] Oct 06 18:38:20 imap(rsumook): Info: Disconnected: Disconnected in IDLE bytes=77/707 Oct 06 18:38:30 imap(rsumook): Info: Disconnected: Logged out bytes=219/2625 Oct 06 18:38:30 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [xxx.xxx.xxx.xxx] Oct 06 18:38:30 imap(rsumook): Info: Disconnected: Logged out bytes=882/44472 Oct 06 18:38:30 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [xxx.xxx.xxx.xxx] thanks in advance. |
Quote:
Before i reformat my HDD and install new Centos6.4 i tried many times manually add exemption typing of location like xxx.xxx.xxx.xxx:143 or 110 or 993 or 995 result: No information available Unable to obtain identification status for the given site. thats why i decided to start from the scratch. now i can able to access my imap using port 993 at my house using thunderbird and broadband internet connection but the problem is about sending checking on log file from the server side, there is no clues if what kind of errors. thanks |
Quote:
|
Quote:
i will post tomorrow my step by step. |
Quote:
here is my steps: Steps on Postfix Setup under Centos 6.4 x86_64 service iptables save service iptables stop chkconfig iptables off 1. yum install postfix -y review and update main.cf ########## BASIC CONFIG ########## myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all inet_protocols = all mydestination = localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.50.0/24, 127.0.0.0/8 relay_domains = $mydestination home_mailbox = Maildir 2. service stop and start 3. chkconfig postfix on 4. telnet localhost 25 telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.example.com ESMTP Postfix ehlo localhost 250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:root 250 2.1.0 Ok rcpt to:myaccount 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> this is a test email message part2 . 250 2.0.0 Ok: queued as 4F17840792 quit 221 2.0.0 Bye Connection closed by foreign host. 5. yum install dovecot -y dovecot.conf: protocols = imap pop3 lmtp listen = * login_greeting = Hi everyone Welcome to mail.example.com!! 10-auth.conf: disable_plaintext_auth = no auth_mechanisms = plain login 10-mail.conf: mail_location = mail:~/Maildir 10-master.conf: unix_listener auth-userdb { mode = 0600 user = postfix group = postfix } 6. service dovecot stop/start 7. chkconfig dovecot on 8. telnet localhost 110 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Hi everyone Welcome to mail.example.com!! user myaccount +OK pass ...... +OK Logged in. list +OK 4 messages: 1 853 2 853 3 1187 4 1171 . retr 3 +OK 1187 octets Return-Path: <...> X-Original-To: myaccount@mail.example.com Delivered-To: myaccount@mail.example.com Received: from mail.example.com (unknown [x.x.x.x) by mail.example.com (Postfix) with ESMTP id C4063407B4 for <myaccount@tmail.example.com>; Sat, 5 Oct 2013 09:53:48 +0800 (PHT) Received: from mail.example.com (localhost.localdomain [127.0.0.1]) by mail.example.com (8.13.8/8.13.8) with ESMTP id r951rhQx001006 for <mail.example.com>; Sat, 5 Oct 2013 09:53:43 +0800 Received: (from root@localhost) by mail.example.com (8.13.8/8.13.8/Submit) id r951rg2p001000 for mail.example.com; Sat, 5 Oct 2013 09:53:42 +0800 From: mail.example.com To: @mail.example.com Cc: Subject: 224 - test - Saturday Date: Sat, 05 Oct 2013 09:53:40 +0800 (PHT) Message-Id: <1380938020.31152.1@gmail.example.com> testing 9. Installing cyrus-sasl yum -y install cyrus-sasl* Package cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-ntlm-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64 already installed and latest version Package cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 already installed and latest version rpm -qa | grep cyrus-sasl cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-ntlm-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 10. update smtpd.conf pwcheck_method: saslauthd mech_list: plain login 11. review and update saslauthd from PAM change to SHADOW SOCKETDIR=/var/run/saslauthd MECH=shadow FLAGS= service postfix stop service saslauthd stop service postfix start service saslauthd start [root@ns2 ~]ps -ef | grep sasl root 16589 1 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 16591 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 16592 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 16593 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 16594 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 16948 6899 0 08:37 pts/0 00:00:00 grep sasl [root@ns2 ~]saslauthd -a pam saslauthd[16962] :detach_tty : Cannot start saslauthd saslauthd[16962] :detach_tty : Another instance of saslauthd is currently running [root@ns2 ~]service saslauthd stop [root@ns2 ~]# saslauthd -a pam [root@ns2 ~]# ps -ef | grep sasl root 17006 1 0 08:40 ? 00:00:00 saslauthd -a pam root 17007 17006 0 08:40 ? 00:00:00 saslauthd -a pam root 17008 17006 0 08:40 ? 00:00:00 saslauthd -a pam root 17009 17006 0 08:40 ? 00:00:00 saslauthd -a pam root 17010 17006 0 08:40 ? 00:00:00 saslauthd -a pam root 17013 6899 0 08:40 pts/0 00:00:00 grep sasl [root@ns2 ~]# service saslauthd restart Stopping saslauthd: [ OK ] Starting saslauthd: [ OK ] [root@ns2 ~]# ps -ef | grep sasl root 17041 1 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 17043 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 17044 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 17045 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 17046 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow root 17049 6899 0 08:41 pts/0 00:00:00 grep sasl [root@ns2 ~]postconf -a cyrus dovecot [root@ns2 ~]postconf -A cyrus 12. update main.cf ##### SASL ##### smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_seurity_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 13. update dovecot/master.cf service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes =========== service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes =========== # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } =========== SASL Testing: saslpasswd2 - myaccount enter password: [root@ns2 ~]# sasl2-sample-server -s rcmd -p 8000 trying 2, 1, 6 trying 10, 1, 6 bind: Address already in use accepted new connection send: {53} PLAIN LOGIN ANONYMOUS NTLM CRAM-MD5 GSSAPI DIGEST-MD5 recv: {5} PLAIN recv: {1} Y recv: {23} myaccount[0]myaccount[0]mypassword successful authentication 'myaccount' closing connection other console: [root@ns2 ~]# sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1 receiving capability list... recv: {53} PLAIN LOGIN ANONYMOUS NTLM CRAM-MD5 GSSAPI DIGEST-MD5 PLAIN LOGIN ANONYMOUS NTLM CRAM-MD5 GSSAPI DIGEST-MD5 please enter an authentication id: myaccount please enter an authorization id: myaccount Password: send: {5} PLAIN send: {1} Y send: {23} myaccount[0]myaccount[0]mypassword successful authentication closing connection [root@ns2 ~]# [root@ns2 ~]# testsaslauthd -u myaccount -p mypassword 0: NO "authentication failed" [root@ns2 ~]# Testing SMTP authentication: perl -MMIME::Base64 -e 'print encode_base64("\000myaccount\000mypassword");' [root@ns2 postfix]# telnet mail.example.com 25 Trying x.x.x.x... Connected to mail.example.com. Escape character is '^]'. 220 mail.example.com ESMTP Postfix ehlo localhost 250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AHJzdW1vb2sAc3Vtb29rcg== 235 2.7.0 Authentication successful ================================== sending testing: mail -vs "sasl test" myaccount@mydomain < /etc/passwd Mail Delivery Status Report will be mailed to <root>. ================================== 14. TLS Authentication a. create SSL certificate /etc/pki/tls/certs - make server key openssl rsa -in server.eky -out server.key make server.csr openssl x509 -in server.csr -out server.crt req -signkey server.key -days 365 results: cd /etc/pki/ttls/certs -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 2242 Mar 5 2013 Makefile -rwxr-xr-x. 1 root root 610 Mar 5 2013 make-dummy-cert -rw-------. 1 root root 1679 Oct 5 15:39 server.key -rw-------. 1 root root 1135 Oct 5 15:40 server.csr -rw-r--r--. 1 root root 1468 Oct 5 15:41 server.crt update main.cf ##### TLS Only ##### smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_security_level = may smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_auth_only = no update dovecot for ssl certification location: 10-ssl.conf ssl = yes ssl_cert = </etc/pki/tls/certs/server.crt ssl_key = </etc/pki/tls/certs/server.key ssl_cipher_list = ALL:!LOW:!SSLv2 service dovecot restart service postfix restart ======================== Client configuration a. Thunderbird IMAP Setting: Server setting: port 993 Security settings: ssl/tls Normal password SMTP Setting: Outgoing server: STARTLS, no authentication ========================= Thanks |
Hi
i dont know if the problem why i cant send outside if im using broadband internet connection i tried to telnet my remote server using my macintosh command: telnet x.x.x.x 25 trying x.x.x.x telnet: connect to address x.x.x.x: connection refused telnet: Unable to connect to remote host thanks |
maybe this is the reason why i cant send email outside
thanks |
may be your machine at home is not able to communicate to your machine with the postfix server configs...
EDIT: with your output from telnet i can say this is the reason but not sure, will review this.. |
Quote:
using my broadband internet connection thanks |
Hi
just want to ask if someone already review and idea if what possible error. thanks |
have you setup a webmail? if yes, can you access it at home?
Quote:
but our email server is working fine, I don't want to deep dig into this. I was not the one who started this from scratch. i'm just sharing with you, that even though you can't telnet to port 25 if the settings are set correctly on Postfix config it should work fine. i'm not familiar with postfix, hope someone can help you out. Good luck!! |
Quote:
* telnet [your mail server] port ---> from your home location * you don't have firewall enabled. * your ports are opened for the mail server to communicate. Did'nt get time to dig into this further and honestly i don't have anything to suggest at present. |
Hi
i just want to update as of now everythings works fine i believed my issue is only a DNS i can able to send and received wherever where i am as long as i have internet connection even broadband. thanks everyone cheers :) |
Wow..cool.. Thanks for updating.. :)
Please mark the thread as resolved.. |
All times are GMT -5. The time now is 04:50 PM. |