Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-13-2009, 12:05 PM
|
#1
|
Member
Registered: Dec 2009
Posts: 67
Rep:
|
DOVECOT SSL/TLS connection problem on port 993 or 995
I installed Postfix with Dovecot and SASL authentication. My external DNS use for MX record is godaddy.com. And i have my DNS internally.
Postfix working well here output of connection on port 465
Connected to mail.skillsearch.ca (XXX.XXX.XXX.XXX).
Escape character is '^]'.
220 mail.skillsearch.ca ESMTP Postfix
ehlo skillsearch.ca
250-mail.skillsearch.ca
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
#######################################
But with Dovecot no luck, POP3 110 and IMAP 143 working well without SSL/TLS, but only on server machine.
If i issue command:
openssl s_client -starttls imap -crlf -connect mail.skillsearch.ca:143
CONNECTED(00000003)
depth=0 /C=CA/ST=Ontario/L=Ottawa/O=Skillsearch Recruting/OU=Mail Server linux/CN=skillsearch.ca/emailAddress=webmaster@skillsearch.ca
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=CA/ST=Ontario/L=Ottawa/O=Skillsearch Recruting/OU=Mail Server linux/CN=skillsearch.ca/emailAddress=webmaster@skillsearch.ca
verify return:1
---
Certificate chain
0 s:/C=CA/ST=Ontario/L=Ottawa/O=Skillsearch Recruting/OU=Mail Server linux/CN=skillsearch.ca/emailAddress=webmaster@skillsearch.ca
i:/C=CA/ST=Ontario/L=Ottawa/O=Skillsearch Recruting/OU=Mail Server linux/CN=skillsearch.ca/emailAddress=webmaster@skillsearch.ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC1TCCAj4CCQDEDVd3h41kuDANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEeMBwGA1UEChMV
U2tpbGxzZWFyY2ggUmVjcnV0aW5nMRowGAYDVQQLExFNYWlsIFNlcnZlciBsaW51
eDEXMBUGA1UEAxMOc2tpbGxzZWFyY2guY2ExJzAlBgkqhkiG9w0BCQEWGHdlYm1h
c3RlckBza2lsbHNlYXJjaC5jYTAeFw0wOTEyMTIyMjAwMTdaFw0xMDEyMTIyMjAw
MTdaMIGuMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMG
T3R0YXdhMR4wHAYDVQQKExVTa2lsbHNlYXJjaCBSZWNydXRpbmcxGjAYBgNVBAsT
EU1haWwgU2VydmVyIGxpbnV4MRcwFQYDVQQDEw5za2lsbHNlYXJjaC5jYTEnMCUG
CSqGSIb3DQEJARYYd2VibWFzdGVyQHNraWxsc2VhcmNoLmNhMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQDN2Jhqo8iFqLZWS6tns1gJv1Tgfsr4DIiBbyvF9jGu
lwI6ncvabDs/+6BqFzKsmsDCE0G1ac4Q5L6gM4Rb6wVYjPDkdipR+hkF/i1zdTou
zvOV59rUra3Qsy1eZJJ7kqHFpUsv3/te2zGNmTbIvjleO8C1OW/sAspz5MQ6XKKa
/wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAIOcYlIN82I6KFL2GDrR0nwPeCCyrwBB
sRm8xNgkC9J1QUyKDQkq8NKPMUwOTZn9wftl3cJ1ENfbchfVHbkdFenU93ddkpVp
HDmMeidu5HtgIOPFIm6c0dcG8JRW2QS33RHtc/AoalQAcwVHCE0tzxU7IQXUI3s3
tO0v+ghnykDm
-----END CERTIFICATE-----
subject=/C=CA/ST=Ontario/L=Ottawa/O=Skillsearch Recruting/OU=Mail Server linux/CN=skillsearch.ca/emailAddress=webmaster@skillsearch.ca
issuer=/C=CA/ST=Ontario/L=Ottawa/O=Skillsearch Recruting/OU=Mail Server linux/CN=skillsearch.ca/emailAddress=webmaster@skillsearch.ca
---
No client certificate CA names sent
---
SSL handshake has read 1531 bytes and written 342 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 8D7CE11BF5E60C54E5EC35EA49103FBBE8B43E8BB52043501C3704FB733DF361
Session-ID-ctx:
Master-Key: B741F0769A2877066C5FCBE7196D721DDE7DC17CE6AEB6B076A212973F1F825561BDB784EDEE7EA528269E8CB2291FB9
Key-Arg : None
Krb5 Principal: None
Start Time: 1260722460
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
. OK Capability completed.
How I connected SSL/TLS trough 143, and same if i using openssl trough 995 or 993.
##############################################
But when I connect to mail.skiilsearch.ca via telnet on port 995 or 993 it is just hung with error :
telnet mail.skillsearch.ca 995
Trying XXX.XXX.XXX.XXX...
Connected to mail.skillsearch.ca (XXX.XXX.XXX.XXX).
Escape character is '^]'.
And error message from log is:
dovecot: Dec 13 02:28:29 Warning: pop3-login: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [XXX.XXX.XXX.XXX]
And here out put of dovecot -n:
# 1.0.7: /etc/dovecot.conf
log_path: /var/log/dovecot
info_log_path: /var/log/dovecot_info
listen: mail.skillsearch.ca
ssl_listen: mail.skillsearch.ca
ssl_cert_file: /etc/pki/dovecot/private/dovecot_ca.pem
ssl_cipher_list: ALL:!LOW:!SSLv2
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(pop3): outlook-idle
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
passdb:
driver: pam
userdb:
driver: passwd
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
Any answer or idea will be welcome. And i would like say thank you ahead for everybody.
|
|
|
12-13-2009, 02:25 PM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
What's the error?? Looks fine to me. Running on port 993 / 995 will be pure SSL connections, so as soon as you telnet to them it'll expect to negotiate SSL, which you can't. To test it, why are you not still using s_client? just remove the -starttls option and parameters and you should be away.
|
|
|
12-14-2009, 06:17 AM
|
#3
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
Thank you on quick response, yes i tested with KMail and looks fine. 995 and 993 + 143 and 110 with TLS.
|
|
|
12-14-2009, 05:38 PM
|
#4
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
Postfix error time out !!!!!
warning: 64.20.227.133: address not listed for hostname recover.mxtoolbox.com
Dec 14 17:10:06 mail postfix/smtpd[29071]: connect from unknown[64.20.227.133]
Dec 14 17:10:17 mail postfix/smtpd[29071]: lost connection after CONNECT from unknown[64.20.227.133]
And here postfix -n output:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 192.168.20.4, 127.0.0.1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, skillsearch.ca
mydomain = skillsearch.ca
myhostname = mail.skillsearch.ca
mynetworks = 192.168.20.0/24, 208.124.197.0/29 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
proxy_interfaces = 208.124.197.3
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/postfix/private/CA_Mail.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/postfix/private/postfix_ca.pem
smtpd_tls_key_file = /etc/pki/postfix/private/postfix.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Any help WELCOME !!!!
|
|
|
12-14-2009, 05:43 PM
|
#5
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
Postfix error time out !!!!!
Quote:
Originally Posted by volga629
warning: 64.20.227.133: address not listed for hostname recover.mxtoolbox.com
Dec 14 17:10:06 mail postfix/smtpd[29071]: connect from unknown[64.20.227.133]
Dec 14 17:10:17 mail postfix/smtpd[29071]: lost connection after CONNECT from unknown[64.20.227.133]
And here postfix -n output:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 192.168.20.4, 127.0.0.1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, skillsearch.ca
mydomain = skillsearch.ca
myhostname = mail.skillsearch.ca
mynetworks = 192.168.20.0/24, 208.124.197.0/29 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
proxy_interfaces = 208.124.197.3
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/postfix/private/CA_Mail.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/postfix/private/postfix_ca.pem
smtpd_tls_key_file = /etc/pki/postfix/private/postfix.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Any help WELCOME !!!!
|
I belive just small misconfiguration.
|
|
|
12-15-2009, 02:06 AM
|
#6
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
what's the error?? Things are allowed to lose connection, it happens...
|
|
|
12-15-2009, 07:04 AM
|
#7
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
Here the problem i checked all configuration twice and couldn't find any problems, in my mind only maybe with timing option or limit amount of connection, but cannot find any configuration related to that.
|
|
|
12-15-2009, 07:08 AM
|
#8
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
The server not receiving any connection when i checking from outside it is just timeout give note connected to the host YES and hang about few minutes when send request and timeout and how i said before this is error from maillog
warning: 64.20.227.133: address not listed for hostname recover.mxtoolbox.com
Dec 14 17:10:06 mail postfix/smtpd[29071]: connect from unknown[64.20.227.133]
Dec 14 17:10:17 mail postfix/smtpd[29071]: lost connection after CONNECT from unknown[64.20.227.133]
Thank you.
|
|
|
12-15-2009, 08:26 PM
|
#9
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
Ok, I researched and find last page in internet, the main problem of all this mess is DNS some reason POSTFIX don't know to reponse right to the names unknown name mean can't get the query for names from DNS. I red about suggestion copy host or resolv.conf into /var/spool/postfix/etc, but in my installation i don't have this folder.
I need assistance with this problem,please and thank you.
|
|
|
12-16-2009, 09:30 PM
|
#10
|
Member
Registered: Dec 2009
Posts: 67
Original Poster
Rep:
|
Here my log output:
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostname: unknown ~? 208.124.197.0/29
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostaddr: 67.222.132.194 ~? 208.124.197.0/29
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostname: unknown ~? 192.168.20.0/24
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostaddr: 67.222.132.194 ~? 192.168.20.0/24
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostname: unknown ~? 192.168.10.64/26
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostaddr: 67.222.132.194 ~? 192.168.10.64/26
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostname: unknown ~? 127.0.0.0/8
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_hostaddr: 67.222.132.194 ~? 127.0.0.0/8
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_list_match: unknown: no match
Dec 16 21:25:20 mail postfix/smtpd[16207]: match_list_match: 67.222.132.194: no match
Dec 16 21:25:20 mail postfix/smtpd[16207]: send attr request = disconnect
Dec 16 21:25:20 mail postfix/smtpd[16207]: send attr ident = smtp:67.222.132.194
Dec 16 21:25:20 mail postfix/smtpd[16207]: private/anvil: wanted attribute: status
Dec 16 21:25:20 mail postfix/smtpd[16207]: input attribute name: status
Dec 16 21:25:20 mail postfix/smtpd[16207]: input attribute value: 0
Dec 16 21:25:20 mail postfix/smtpd[16207]: private/anvil: wanted attribute: (list terminator)
Dec 16 21:25:20 mail postfix/smtpd[16207]: input attribute name: (end)
Dec 16 21:25:20 mail postfix/smtpd[16207]: lost connection after CONNECT from unknown[67.222.132.194]
Dec 16 21:25:20 mail postfix/smtpd[16207]: disconnect from unknown[67.222.132.194]
Dec 16 21:25:20 mail postfix/smtpd[16207]: master_notify: status 1
Dec 16 21:25:20 mail postfix/smtpd[16207]: connection closed
Something cause send disconnect attribute?
Maybe some ideas what is
I started check SASL and DOVECOT, but looks fine.
Thank you
Last edited by volga629; 12-16-2009 at 09:31 PM.
|
|
|
All times are GMT -5. The time now is 08:00 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|