maillog error found
 

Hi

I have postfix in my centos 6.4 testing in same lan ip address i can able to connect thru thunderbird and any mail apps.

but when i go home using my laptop i trying to setup my account in thunderbird
i got always failed to connect check username and password but i believe it is correct.

so what i did is to get the logfile under maillog

logfile: set to auto for SSL
Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
Oct 4 09:43:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2

logfile:
IMAP forcing to port 993, SSL/TLS and authetication Autodetect
SMTP forcing to port 25, None and Autodetect
Oct 4 10:27:44 mail dovecot: imap-login: Disconnected (no auth attempts): rip=180.191.139.31, lip=10.0.0.2,
TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42


i was hoping someone can help and fix


thanks

So that means postfix is not configured to work out of your LAN. you may need to configure it a bit more. Search on google uncle has many solutions.

Hi

searching in google last 2 weeks ago and till now
still not fix.


i wish someone can guide me and pinpoint the exact problem of my configuration.


thanks

So you need some pre-requisites;

1. A DNS 'A' record to be set at a minimum.
2. check if you are able to 3. inet_interfaces = all # is set in main.cf


This could be of help.

hi cheesewizz, what SAbhi is pointing out. It works okay on your Local network.

But to work outside your LAN, you need to configure postfix on these items below:

1. DNS Host Record "A" record (configure on your DNS server or in your ISP)

2. Domain Name

3. If you are behind a firewall, or your server is on DMZ.
You will need to do port forwarding.
Natted IP to Public IP and of course also Public IP to Natted IP (which is the IP Address of your server)

4. On your server, router or firewall you need to open the ports to the external world
such as port 25,port 993, port 465 or check postfix documentation which ports are needed
NOTE: don't open all the ports you will get a nasty surprise, just open the ports needed

5. Once you configured to open the ports in your router or firewall and have setup the port forwarding also.
You need to check in SELINUX CentOS Firewall if indeed the ports are open.
(but I believe its open since it works on your LAN but it doesn't hurt to double check)

6. To check if the ports are open to the external world.
You can use dyndns port checker tool.
http://dyn.com/support/ (scroll down to Open Port Tool, you will need an account to use the tool)

Good luck!!!

^^This.
Seems to be getting to it OK, but the SSL handshake is failing.
Check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?

Hi

My Postfix mail its not behind the firewall my public ip is directly assigned
I disable the ipables.

the domain name its working fine
port 25, 993,465 or 995 are open


headeache :(

I followed this site here


thanks

That's nice dear ...

Now, check your SSL setup (presumably it is not used on LAN?).
Maybe Tbird is rejecting it for being self-signed or not matching the servername?

Hi

How do i check my SSL setup?


thanks

from the site that you followed, set the settings below just to isolate whether SASL is causing the issue.

if it doesn't work, revert it back to the original settings.

smtpd_sasl_auth_enable = no
broken_sasl_auth_clients = no

try adding this one as well:
smtpd_tls_security_level = none

if it works without the tls security then you need to consider looking on the certificate files that you generated

http://www.krizna.com/centos/setup-m...r-in-centos-6/

in dovecot.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no

Aah why there are multiple meanings derived from my post ??

check back to telnet the server to port 25... see how its rejecting the connections ..

share what's there in /etc/postfix/master.cf

the issue may lies there if connections are rejected by SASL.

Hi

Using telnet before it was ok
but now
[root@mail postfix]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root
250 2.1.0 Ok
rcpt to: rtest
554 5.7.1 <localhost[::1]>: Client host rejected: Access denied


[root@mail postfix]# telnet mail.example.com 25
Trying xxx.xxx.xxx.xxx
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root
250 2.1.0 Ok
rcpt to: rtest
554 5.7.1 <mail.example.com[xxx.xxx.xxx]>: Client host rejected: Access denied
554 5.5.1 Error: no valid recipients


thanks

---------- Post added 10-05-13 at 12:52 AM ----------


# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes

ok i modified some

but stil got failed

Oct 5 08:52:46 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2
Oct 5 08:52:47 mail dovecot: imap-login: Aborted login (no auth attempts): rip=180.191.139.31, lip=10.0.0.2

here is my main.cf

[root@mail postfix]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = example.com
myhostname = mail.example.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = none
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
[root@mail postfix]#

master.cf

# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_reject_unlisted_sender=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================

maillog file:

Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42

Maillog:

Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Oct 5 08:59:23 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.92.56.74, lip=10.0.0.2, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42

It is doing exactly what you have told it.

You also still seem to have an SSL problem.

I have BIND which installed same machine

here is my config:

$ttl 38400
@ IN SOA mail.example.com. root.mail.example.com. (
930201302
10801
3600
604800
38400 )
@ IN NS mail.example.com.
@ IN MX 11 mail.example.com.
mail.example.com. IN A xxx.xxx.xxx.xxx
www IN CNAME mail.example.com.

thanks

yesterday i setup new centos 6.4 in other machine
with postfix basic setup

postfix is up and dovecot is up
but ssl not yet configure

still in same network or subnet i can able to connect using thunderbird send and recieved

but

if im going to connect using other Internet Connection for example broadband
still im getting failed

i checked on the log maillog
Oct 5 11:12:25 ns2 dovecot: imap-login: Aborted login (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx


settings under thunderbird:

Incoming IMAP
Server hostname: xxx.xxx.xxx.xxx
Port: 143
SSL: none
Authentication : Autodetect

Outgoing: SMTP
Server hostname: xxx.xxx.xxx.xxx
Port:25
SSL: none
Authentication: No Authentication


so meaning i dont have SSL in my centos 6.4 but i still got error




thanks

Hi

i followed this site to enable the logging

here is my log:


Oct 05 11:29:39 auth: Debug: client out: OK 1 user=rsumook
Oct 05 11:29:39 auth: Debug: master in: REQUEST 2933260289 2348 1 09b0344d35547bcdee746a337b3d17e5
Oct 05 11:29:39 auth: Debug: passwd(rsumook,119.92.56.75): lookup
Oct 05 11:29:39 auth: Debug: master out: USER 2933260289 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook
Oct 05 11:29:39 pop3-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=2352, secured
Oct 05 11:29:39 pop3(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook
Oct 05 11:29:39 pop3(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir
Oct 05 11:29:39 pop3(rsumook): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Oct 05 11:32:24 master: Warning: Killed with signal 15 (by pid=2368 uid=0 code=kill)
Oct 05 11:32:25 master: Info: Dovecot v2.0.9 starting up (core dumps disabled)
Oct 05 11:32:38 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Oct 05 11:32:38 auth: Debug: auth client connected (pid=2392)
Oct 05 11:32:38 auth: Debug: client in: AUTH 1 PLAIN service=pop3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx lport=110 rport=52214 resp=AHJzdW1vb2sAc3Vtb29rcg==
Oct 05 11:32:38 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 05 11:32:38 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Oct 05 11:32:38 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): lookup service=dovecot
Oct 05 11:32:38 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): #1/1 style=1 msg=Password:
Oct 05 11:32:38 auth: Debug: client out: OK 1 user=rsumook
Oct 05 11:32:38 auth: Debug: master in: REQUEST 562561025 2392 1 706a93a28533dcfc7c55ce4f0264d18f
Oct 05 11:32:38 auth: Debug: passwd(rsumook,xxx.xxx.xxx.xxx): lookup
Oct 05 11:32:38 auth: Debug: master out: USER 562561025 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook
Oct 05 11:32:38 pop3-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=2398, secured
Oct 05 11:32:38 pop3(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook
Oct 05 11:32:38 pop3(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir
Oct 05 11:32:38 pop3(rsumook): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Oct 05 11:32:51 auth: Debug: auth client connected (pid=2403)
Oct 05 11:32:52 imap-login: Info: Aborted login (no auth attempts): rip=xxx.xxx.xxx.xxx1, lip=xxx.xxx.xxx.xxx

you are your self confusing the setup.. see above your configs.

and see below for master.cf:
i strongly recommend undo what you have done so far have your configs works as simple first and then follow a good step by step documentation. decide first what you want enabling tls, ssl, SASL.. or not.

Hi

i revert it back

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = mail.example.com
myhostname = mail.example.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550


master.cf
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_reject_unlisted_sender=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd


but i still get error:

Oct 5 14:33:20 mail dovecot: imap-login: Disconnected (no auth attempts): rip=112.72.46.74, lip=10.0.0.2
Oct 5 14:37:24 mail dovecot: imap-login: Disconnected (no auth attempts): rip=119.93.123.187, lip=10.0.0.2



thanks

I still get error (no auth attempts)


im so hopeless ;(

It's a self-signed cert, try explicitly retrieving it: Thunderbird > Edit > Preferences > Advanced > Certificates > Servers > Add Exception. Enter host name and port and accept the exception. Now connect and see it IMAPS works.

This is not how LQ should work: please avoid redirecting people to a search engine.

Pre, check out this link install Intermediate Dovecot Certificate:

http://nl.globalsign.com/en/support/...l+certificate/

check it out it might help.

got the idea from this link:
http://www.dovecot.org/list/dovecot/...ry/062981.html

Cheers!! hope you nail it. Keep us posted.

agree with you unSpawn.. two thumbs up!!!

Hi

i have good news

i installed again my centos 6.4 x86_64
so right now i have basic configuration

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost.$mydomain, localhost, $mydomain
mydomain = example.com
myhostname = mail.example.com
mynetworks = xxx.xxx.xxx.xxx/xx, 192.168.50.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550


# OS: Linux 2.6.32-358.el6.x86_64 x86_64 CentOS release 6.4 (Final)
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
listen = *
log_path = /var/log/dovecot.log
login_greeting = Hi everyone Welcome to exmaple!!
mail_debug = yes
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
passdb {
driver = pam
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_key = </etc/pki/tls/certs/server.key
userdb {
driver = passwd
}
verbose_ssl = yes



using my broadband here at my house i can able to recieve using port 993
but i still have problem i cannot send file

i suspect my port 25 smtp


when i checked to my maillog
theres no activity or information or hint



please help


thanks

sorry for duplicate

I know, just helping people try to get somthing on their own so that they can learn.. I will take care next time.. :)

this error is because your security certificate was treated invalid the the end user or you do not have any. Any ways there are no auth attempts.
you can do what @UnSpawn mentioned.. well i recommend @unspawn's suggestion.

Also try logging in without using encryption:

telnet localhost 143
login "loginname" "password"

check the output and logs ..

It may be a issue with dovecot, it appears that you are forcing ssl connections which is not suggested untill you know what version end users are running and what are you suppose to do with it...

Ohhh sorry i didnt saw the latest one, please ignore my previous comment.

I thank you for all your time and suggestions im so happy that i can able to recieved messages using my broadbband in my house.

I wish also my postfix mailserver able to send even my Internet connection are broadband at my house.

please i need your help again

right now i have no idea why i cannot send or even reply my messages
using thunderbird "sending of message failed. The message could not be sent because the connection SMTP mail.example.com timed out. Try again or contact your network administrator"

i used ssh to access my centos 6.4, checking logfile
no clues appear i believe the information is about dovecot imap log

Oct 06 18:38:16 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [xxx.xxx.xxx.xxx]
Oct 06 18:38:16 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [xxx.xxx.xxx.xxx]
Oct 06 18:38:17 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx lport=993 rport=48866 resp=AHJzdW1vb2sAc3Vtb29rcg==
Oct 06 18:38:17 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): lookup service=dovecot
Oct 06 18:38:17 auth: Debug: pam(rsumook,xxx.xxx.xxx.xxx): #1/1 style=1 msg=Password:
Oct 06 18:38:17 auth: Debug: client out: OK 1 user=rsumook
Oct 06 18:38:17 auth: Debug: master in: REQUEST 26214401 13730 1 1a0a5daf8e5e4da3daa6c0f0c5375fb2
Oct 06 18:38:17 auth: Debug: passwd(rsumook,xxx.xxx.xxx.xxx): lookup
Oct 06 18:38:17 auth: Debug: master out: USER 26214401 rsumook system_groups_user=rsumook uid=500 gid=500 home=/home/rsumook
Oct 06 18:38:17 imap-login: Info: Login: user=<rsumook>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=13734, TLS
Oct 06 18:38:17 imap(rsumook): Debug: Effective uid=500, gid=500, home=/home/rsumook
Oct 06 18:38:17 imap(rsumook): Debug: maildir++: root=/home/rsumook/Maildir, index=, control=, inbox=/home/rsumook/Maildir
Oct 06 18:38:20 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [xxx.xxx.xxx.xxx]
Oct 06 18:38:20 imap(rsumook): Info: Disconnected: Disconnected in IDLE bytes=77/707
Oct 06 18:38:30 imap(rsumook): Info: Disconnected: Logged out bytes=219/2625
Oct 06 18:38:30 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [xxx.xxx.xxx.xxx]
Oct 06 18:38:30 imap(rsumook): Info: Disconnected: Logged out bytes=882/44472
Oct 06 18:38:30 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [xxx.xxx.xxx.xxx]



thanks in advance.

Hi unSpawn


Before i reformat my HDD and install new Centos6.4
i tried many times manually add exemption
typing of location like xxx.xxx.xxx.xxx:143 or 110 or 993 or 995
result:

No information available
Unable to obtain identification status for the given site.


thats why i decided to start from the scratch.


now i can able to access my imap using port 993 at my house using thunderbird and broadband internet connection

but the problem is about sending checking on log file from the server side, there is no clues if what kind of errors.


thanks

LQ should help all people with the same problem so before you ask for help it would be good to list the steps you took to get whatever wasn't working working (again). The concept is called reciprocity.

Thanks unSpawn
i will post tomorrow my step by step.

Hi

here is my steps:

Steps on Postfix Setup under Centos 6.4 x86_64

service iptables save
service iptables stop
chkconfig iptables off

1. yum install postfix -y
review and update main.cf
########## BASIC CONFIG ##########
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain

inet_interfaces = all
inet_protocols = all

mydestination = localhost.$mydomain, localhost, $mydomain
mynetworks_style = subnet
mynetworks = 192.168.50.0/24, 127.0.0.0/8

relay_domains = $mydestination
home_mailbox = Maildir

2. service stop and start
3. chkconfig postfix on
4. telnet localhost 25

telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root
250 2.1.0 Ok
rcpt to:myaccount
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
this is a test email message part2
.
250 2.0.0 Ok: queued as 4F17840792
quit
221 2.0.0 Bye
Connection closed by foreign host.

5. yum install dovecot -y
dovecot.conf:
protocols = imap pop3 lmtp
listen = *
login_greeting = Hi everyone Welcome to mail.example.com!!

10-auth.conf:
disable_plaintext_auth = no
auth_mechanisms = plain login

10-mail.conf:
mail_location = mail:~/Maildir

10-master.conf:
unix_listener auth-userdb {
mode = 0600
user = postfix
group = postfix
}


6. service dovecot stop/start
7. chkconfig dovecot on
8. telnet localhost 110

Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Hi everyone Welcome to mail.example.com!!
user myaccount
+OK
pass ......
+OK Logged in.
list
+OK 4 messages:
1 853
2 853
3 1187
4 1171
.
retr 3
+OK 1187 octets
Return-Path: <...>
X-Original-To: myaccount@mail.example.com
Delivered-To: myaccount@mail.example.com
Received: from mail.example.com (unknown [x.x.x.x)
by mail.example.com (Postfix) with ESMTP id C4063407B4
for <myaccount@tmail.example.com>; Sat, 5 Oct 2013 09:53:48 +0800 (PHT)
Received: from mail.example.com (localhost.localdomain [127.0.0.1])
by mail.example.com (8.13.8/8.13.8) with ESMTP id r951rhQx001006
for <mail.example.com>; Sat, 5 Oct 2013 09:53:43 +0800
Received: (from root@localhost)
by mail.example.com (8.13.8/8.13.8/Submit) id r951rg2p001000
for mail.example.com; Sat, 5 Oct 2013 09:53:42 +0800
From: mail.example.com
To: @mail.example.com
Cc:
Subject: 224 - test - Saturday
Date: Sat, 05 Oct 2013 09:53:40 +0800 (PHT)
Message-Id: <1380938020.31152.1@gmail.example.com>

testing


9. Installing cyrus-sasl

yum -y install cyrus-sasl*

Package cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-ntlm-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64 already installed and latest version
Package cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 already installed and latest version

rpm -qa | grep cyrus-sasl
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-ntlm-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64

10. update smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

11. review and update saslauthd
from PAM change to SHADOW

SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=

service postfix stop
service saslauthd stop
service postfix start
service saslauthd start

[root@ns2 ~]ps -ef | grep sasl
root 16589 1 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 16591 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 16592 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 16593 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 16594 16589 0 08:14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 16948 6899 0 08:37 pts/0 00:00:00 grep sasl

[root@ns2 ~]saslauthd -a pam
saslauthd[16962] :detach_tty : Cannot start saslauthd
saslauthd[16962] :detach_tty : Another instance of saslauthd is currently running

[root@ns2 ~]service saslauthd stop
[root@ns2 ~]# saslauthd -a pam
[root@ns2 ~]# ps -ef | grep sasl
root 17006 1 0 08:40 ? 00:00:00 saslauthd -a pam
root 17007 17006 0 08:40 ? 00:00:00 saslauthd -a pam
root 17008 17006 0 08:40 ? 00:00:00 saslauthd -a pam
root 17009 17006 0 08:40 ? 00:00:00 saslauthd -a pam
root 17010 17006 0 08:40 ? 00:00:00 saslauthd -a pam
root 17013 6899 0 08:40 pts/0 00:00:00 grep sasl

[root@ns2 ~]# service saslauthd restart
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
[root@ns2 ~]# ps -ef | grep sasl
root 17041 1 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 17043 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 17044 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 17045 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 17046 17041 0 08:41 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 17049 6899 0 08:41 pts/0 00:00:00 grep sasl


[root@ns2 ~]postconf -a
cyrus
dovecot

[root@ns2 ~]postconf -A
cyrus

12. update main.cf
##### SASL #####
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_seurity_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination


13. update dovecot/master.cf

service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
===========
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
===========

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
===========

SASL Testing:

saslpasswd2 - myaccount
enter password:

[root@ns2 ~]# sasl2-sample-server -s rcmd -p 8000
trying 2, 1, 6
trying 10, 1, 6
bind: Address already in use
accepted new connection
send: {53}
PLAIN LOGIN ANONYMOUS NTLM CRAM-MD5 GSSAPI DIGEST-MD5
recv: {5}
PLAIN
recv: {1}
Y
recv: {23}
myaccount[0]myaccount[0]mypassword
successful authentication 'myaccount'
closing connection

other console:
[root@ns2 ~]# sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1
receiving capability list... recv: {53}
PLAIN LOGIN ANONYMOUS NTLM CRAM-MD5 GSSAPI DIGEST-MD5
PLAIN LOGIN ANONYMOUS NTLM CRAM-MD5 GSSAPI DIGEST-MD5
please enter an authentication id: myaccount
please enter an authorization id: myaccount
Password:
send: {5}
PLAIN
send: {1}
Y
send: {23}
myaccount[0]myaccount[0]mypassword
successful authentication
closing connection
[root@ns2 ~]#

[root@ns2 ~]# testsaslauthd -u myaccount -p mypassword
0: NO "authentication failed"
[root@ns2 ~]#


Testing SMTP authentication:

perl -MMIME::Base64 -e 'print encode_base64("\000myaccount\000mypassword");'

[root@ns2 postfix]# telnet mail.example.com 25
Trying x.x.x.x...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
ehlo localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AHJzdW1vb2sAc3Vtb29rcg==
235 2.7.0 Authentication successful
==================================

sending testing:

mail -vs "sasl test" myaccount@mydomain < /etc/passwd
Mail Delivery Status Report will be mailed to <root>.

==================================


14. TLS Authentication

a. create SSL certificate
/etc/pki/tls/certs - make server key
openssl rsa -in server.eky -out server.key
make server.csr
openssl x509 -in server.csr -out server.crt req -signkey server.key -days 365

results:
cd /etc/pki/ttls/certs
-rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt
-rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt
-rw-r--r--. 1 root root 2242 Mar 5 2013 Makefile
-rwxr-xr-x. 1 root root 610 Mar 5 2013 make-dummy-cert
-rw-------. 1 root root 1679 Oct 5 15:39 server.key
-rw-------. 1 root root 1135 Oct 5 15:40 server.csr
-rw-r--r--. 1 root root 1468 Oct 5 15:41 server.crt

update main.cf
##### TLS Only #####
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = no


update dovecot for ssl certification location:
10-ssl.conf

ssl = yes
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/certs/server.key
ssl_cipher_list = ALL:!LOW:!SSLv2

service dovecot restart
service postfix restart

========================
Client configuration
a. Thunderbird
IMAP Setting:
Server setting: port 993
Security settings: ssl/tls
Normal password

SMTP Setting:
Outgoing server: STARTLS, no authentication
=========================



Thanks

Hi

i dont know if the problem why i cant send outside if im using broadband internet connection

i tried to telnet my remote server using my macintosh
command:
telnet x.x.x.x 25

trying x.x.x.x

telnet: connect to address x.x.x.x: connection refused
telnet: Unable to connect to remote host


thanks

maybe this is the reason why i cant send email outside


thanks

may be your machine at home is not able to communicate to your machine with the postfix server configs...

EDIT: with your output from telnet i can say this is the reason but not sure, will review this..

but trying other email server i can able to access
using my broadband internet connection



thanks

Hi

just want to ask if someone already review and idea if what possible error.



thanks

have you setup a webmail? if yes, can you access it at home?

our email server is also hosted in Linux, if i'm in the local network i can telnet to 25 but if i'm outside the office i can't telnet to it.
but our email server is working fine, I don't want to deep dig into this. I was not the one who started this from scratch.

i'm just sharing with you, that even though you can't telnet to port 25 if the settings are set correctly on Postfix config it should work fine.

i'm not familiar with postfix, hope someone can help you out.

Good luck!!

So, things you tried till now are:

* telnet [your mail server] port ---> from your home location
* you don't have firewall enabled.
* your ports are opened for the mail server to communicate.

Did'nt get time to dig into this further and honestly i don't have anything to suggest at present.

Hi

i just want to update

as of now everythings works fine i believed my issue is only a DNS
i can able to send and received wherever where i am as long as i have internet connection even broadband.


thanks everyone


cheers :)

Wow..cool.. Thanks for updating.. :)

Please mark the thread as resolved..