Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
04-04-2011, 11:45 AM
|
#1
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Rep:
|
Postfix issue
Hello,
I'm currently attempting to set up a mail server to send mail from my webserver.
But things are not going quite how i imagined it.
I'm using Virtualmin/Webmin to maintain my server.
I use Gmail to relay my email server through.
And my distro is Debian Squeeze.
Heres my main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
cyrus_sasl_config_path = /etc/postfix/sasl:/usr/lib/sasl2
broken_sasl_auth_clients = yes
alias_maps = hash:/etc/aliases
myorigin = $mydomain
mynetworks = 127.0.0.0/8 192.168.2.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
## TLS Settings
smtp_tls_loglevel = 1
smtp_enforce_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
## SASL Settings
# This is going in to THIS server
smtpd_sasl_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd
## Gmail Relay
relayhost = [smtp.gmail.com]:587
# Disable DNS Lookups
disable_dns_lookups = yes
#
# Great New feature Address Mapping
# for example may mchirico@localhost to mchirico@gmail.com
smtp_generic_maps = hash:/etc/postfix/generic
#
#
transport_maps = hash:/etc/postfix/transport
The error i get once i try to send a mail:
Code:
Apr 4 10:45:01 server postfix/smtpd[28252]: warning: No server certs available. TLS won't be enabled
Apr 4 10:45:01 server postfix/smtpd[28252]: connect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr 4 10:45:01 server postfix/smtpd[28252]: lost connection after STARTTLS from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr 4 10:45:01 server postfix/cleanup[28256]: A0AF194076: message-id=<20110404154501.A0AF194076@server.juntosrecordings.com>
Apr 4 10:45:01 server postfix/smtpd[28252]: disconnect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr 4 10:45:01 server postfix/qmgr[27935]: A0AF194076: from=<double-bounce@server.juntosrecordings.com>, size=925, nrcpt=1 (queue active)
Apr 4 10:45:01 server postfix/smtp[28258]: A0AF194076: to=<postmaster@juntosrecordings.com>, orig_to=<postmaster>, relay=none, delay=0.07, delays=0.06/0.01/0/0, dsn=5.4.6, status=bounced (mail for juntosrecordings.com loops back to myself)
Apr 4 10:45:01 server postfix/bounce[28259]: warning: A0AF194076: undeliverable postmaster notification discarded
Apr 4 10:45:01 server postfix/qmgr[27935]: A0AF194076: removed
Apr 4 10:45:01 server dovecot: pop3-login: Login: user=<juntosrecordings>, method=PLAIN, rip=82.136.xxx.x, lip=192.168.2.88
Apr 4 10:45:01 server dovecot: POP3(juntosrecordings): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
I hope you can help me out, since i've been struggling with this for a few days now.
Last edited by AeroXbird; 04-06-2011 at 10:20 AM.
|
|
|
04-05-2011, 05:31 AM
|
#2
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Looking at:
Quote:
warning: No server certs available. TLS won't be enabled
|
and
Quote:
lost connection after STARTTLS
|
which is then followed by a double bounce situation regarding the mailer daemon message, I think it is safe to say that you have a configuration problem with your TLS portion.
For starters, I notice that you are trying to use SSL on both SMTP and SMTPD. I don't recall the specifics of why, but this practice is generally discouraged in the postfix documentation as it tends to cause problems. Here is a link to the postfix TLS howtwo that will explain this. It will also give you some hints to verify that you have your certs in the correct format, which is another possible cause of the error message you received.
My recommendation, based upon both personal experience and reading, would be to start with a simple mail server, no TLS, no SASL authentication. One you have that configured such that it accepts mail for your domain, and sends mail from your system only (use the command prompt or telnet to test) then add SASL authentication, and or TLS one at a time. You can also expect to run into problems and it will probably take you a while, as in weeks to months, to get your mail server fully functional.
As far as a couple of decent documents to help you out, the Postfix documentation is really good but I think you need to have climbed part of the learning curve to make good use of it. There is a how to by 'Flurdy' that is really popular and I also like the one by Johnny Chadda.
|
|
|
04-05-2011, 07:10 AM
|
#3
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
Quote:
Originally Posted by Noway2
Looking at: and which is then followed by a double bounce situation regarding the mailer daemon message, I think it is safe to say that you have a configuration problem with your TLS portion.
For starters, I notice that you are trying to use SSL on both SMTP and SMTPD. I don't recall the specifics of why, but this practice is generally discouraged in the postfix documentation as it tends to cause problems. Here is a link to the postfix TLS howtwo that will explain this. It will also give you some hints to verify that you have your certs in the correct format, which is another possible cause of the error message you received.
My recommendation, based upon both personal experience and reading, would be to start with a simple mail server, no TLS, no SASL authentication. One you have that configured such that it accepts mail for your domain, and sends mail from your system only (use the command prompt or telnet to test) then add SASL authentication, and or TLS one at a time. You can also expect to run into problems and it will probably take you a while, as in weeks to months, to get your mail server fully functional.
As far as a couple of decent documents to help you out, the Postfix documentation is really good but I think you need to have climbed part of the learning curve to make good use of it. There is a how to by 'Flurdy' that is really popular and I also like the one by Johnny Chadda.
|
I appreciate your reply, altough, i am relaying my email through GMAIL, wich requires me to use SASL, otherwise it'll just reject my connection.
i'll try to remove all the smtp stuff, and run smptd only.
|
|
|
04-05-2011, 09:06 AM
|
#4
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Getting a Postfix server up and running is a difficult task in and of itself. Relaying through Gmail only adds a layer of complexity and whole tomes have been written on this subject alone. If you set the GMail portion aside, are you convinced that you mail system is otherwise fully functional?
If you are having problems with your mail being blocked, you may be able to work around them using your ISP's SMTP server, at least as a test platform before moving on to Gmail.
|
|
|
04-05-2011, 01:29 PM
|
#5
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
Okay, i decided to ditch my whole setup, and attempt to set up postfix and courier using the flurdy tutorial, i can send and receive mail, altough once i try to log in using my mail client, SASL rejects my password, altough the password is correct.
would it be anything with the mysql setup?
|
|
|
04-05-2011, 07:27 PM
|
#6
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Yes, it could be. Typically you will have a SQL configuration file that will show the syntax with some wild card characters in it and ultimately these need to provide matched results to what is in the SQL tables. Two things that comes to mind to watch for are ' (apostrophe) versus ` (back-tick) characters, especially if you copy any of the how to configurations and make sure you don't have any spaces at the end of the lines in your SQL map files as this will cause problems.
When you restart postfix, look to see if you get any error or warning messages, especially ones that seem cryptic in your mail.log or syslog as this typically indicates a syntax type problem.
If the above checks out, see if courier has a debugging mode (I am sure it does) where you can see what it is trying to authenticate and match. Typically, the password is MD5 hashed and this is then compared against the one in MySQL.
|
|
|
04-06-2011, 09:56 AM
|
#7
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
This issue is getting quite on my nerves, i've tried everything i could.
It can read from the database, but the god damn thing just wont accept my password.
If you need me to post any config files, just tell me.
|
|
|
04-06-2011, 10:07 AM
|
#8
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Have a look at this forum thread: http://www.tek-tips.com/viewthread.c...1599647&page=2
It sounds like you are having a situation that is similar to Bluethundr and he discusses using an auth test tool, debugging, and the SQL database functions for use with Courier, SQL, and postfix. It might have some insights that will help. The thread is a bit long and might take some digesting.
|
|
|
04-06-2011, 10:20 AM
|
#9
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
Okay, so i took a look at the thread you posted, i noticed the thing he had too, although i didn't know that clear would be an unencrypted password, i gave it a try, but it still doesnt work for me.
heres the log i get once i attempt to log in using mozilla thunderbird:
Code:
Apr 6 09:17:57 server postfix/smtpd[9500]: connect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr 6 09:17:57 server postfix/smtpd[9500]: setting up TLS connection from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr 6 09:17:57 server postfix/smtpd[9500]: Anonymous TLS connection established from 82-136-x-x.ip.telfort.nl[82.136.xxx.x]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 6 09:17:59 server postfix/smtpd[9500]: warning: SASL authentication failure: Password verification failed
Apr 6 09:17:59 server postfix/smtpd[9500]: warning: 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]: SASL PLAIN authentication failed: authentication failure
Apr 6 09:18:01 server postfix/smtpd[9500]: warning: 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]: SASL LOGIN authentication failed: authentication failure
Apr 6 09:18:11 server postfix/smtpd[9500]: disconnect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
EDIT: I have closed the issue down to postfix, i confirm that the issue is postfix, i can now receive all my mails with courier after installing courier's POP server package. (imap wasn't working for some reason)
Last edited by AeroXbird; 04-06-2011 at 11:33 AM.
|
|
|
04-07-2011, 05:26 AM
|
#10
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
You edit reminded me of something that may be important. Postfix does not natively support SASL. Instead it relies on SASL libraries provided by either Cyrus (courier(?)) or Dovecot. After your edit, what is your current status? Are you still having authentication problems? If so, have you turned on the password debugging so that you can compare what it is trying to use versus what is in your SQL database?
Setting up a mail server is one of the most complex tasks that a Linux system administrator can do. As I said in my first post, expect to run into troubles and for it to take a while to get them all straightened out. It looks to me like you are making excellent progress. While it may get frustrating at times, I think you will soon have it working.
|
|
|
04-07-2011, 10:41 AM
|
#11
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
Okay, i finally fixed the issue by installing iRedAdmin, this basically does all the hard work for me.
Altough mail providers like GMail and Hotmail still reject my emails, i know i have to do something with MX records and SPF records at my domain name provider.
Could any of you give me a point in the right direction with that? i dont really understand that part.
|
|
|
04-07-2011, 10:55 AM
|
#12
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Quote:
i finally fixed the issue by installing iRedAdmin, this basically does all the hard work for me.
|
I am glad that you got it working.
SPF and MX records are DNS functions that work in a related fashion. An MX record is like an A record, but it indicates which machines are Mail e Xchangers for your system. Normally, when you perform an NSLOOKUP you get the A record for the domain. You can also set the type of request to MX to get the mail handlers for a domain. You can have multiple ones listed and assign a priority to them, with a lower number being the higher priority.
An SPF record is a text, TXT, record in your DNS report that declares that machine XYZ is indeed a mail exchanger for this domain. Upon receipt of a message, a recipient system can query your DNS to see if you have an SPF record. The theory is that it helps to identify that the originating machine really is an email server and not a zombie belonging to Joe User. This also gets into the fact that most big mail systems won't accept mail from IP addresse that are from a pool that is categorized as "residential" which is typically, but not always, a dynamically assigned. If you have this problem, you can often times get around it by relaying outbound mail through your ISP's SMTP server as the first hop towards its destination.
Microsoft actually has a website with a really good wizard to help you generate an SPF record. You enter some information regarding your domain and it will give you the string of text to use for the SPF record. You then add this as a TXT record to your DNS zone information.
|
|
|
04-07-2011, 11:26 AM
|
#13
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
Thanks for the swift reply.
I understand the basics now, altough you are saying that i will have to relay my email through my isp in order for me to be able to send and receive emails?
does that mean that i dont have a from: user@mydomain.com but instead customername@isp.ext
Because i actually wanted to set up a mail server to avoid using my ISP's mail.
|
|
|
04-07-2011, 12:54 PM
|
#14
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
One thing I would suggest is to go to the mxtoolbox.com site and have it run a check of your domain. That will tell you how other domains 'see' your IP as well as verify your DNS entries related to your mail server. If it shows that your IP is blocked because of its classification, then you can run your mail through your ISP's smtp server. Using Postfix, this means that you set your ISP's server as your "relayhost".
Mail will still appear as from you@yourdomain, not your ISP's domain. The only difference will be that in the full headers, your ISP's server will appear in after yours in the "received from" chain. Many ISP's servers are configured to accept mail when it comes from their network, so you may not even need to provide authentication. If you do need to authenticate, Postfix can handle this, but I have never implemented it.
|
|
|
04-07-2011, 01:58 PM
|
#15
|
LQ Newbie
Registered: Apr 2011
Posts: 8
Original Poster
Rep:
|
I love you dude.
What you said was right, i entered the mail relay of my ISP, and it accepted it just like you said it would, atleast i can send emails, wich was my main concern.
But i cant receive mails yet, once i try to send mails from my gmail account to my mailserver it returns: Relaying denied. Proper authentication required. (state 14).
Do you have anything i could do to fix this issue?
|
|
|
All times are GMT -5. The time now is 01:22 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|