LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-04-2011, 11:45 AM   #1
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Rep: Reputation: 0
Postfix issue


Hello,

I'm currently attempting to set up a mail server to send mail from my webserver.
But things are not going quite how i imagined it.

I'm using Virtualmin/Webmin to maintain my server.

I use Gmail to relay my email server through.
And my distro is Debian Squeeze.

Heres my main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

cyrus_sasl_config_path = /etc/postfix/sasl:/usr/lib/sasl2
broken_sasl_auth_clients = yes
alias_maps = hash:/etc/aliases
myorigin = $mydomain
mynetworks = 127.0.0.0/8 192.168.2.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

   ## TLS Settings
   smtp_tls_loglevel = 1
   smtp_enforce_tls = yes
   smtp_tls_CAfile = /etc/postfix/cacert.pem
   smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
   smtp_tls_key_file = /etc/postfix/FOO-key.pem
   smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
   smtp_use_tls = yes
   smtpd_tls_CAfile = /etc/postfix/cacert.pem
   smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
   smtpd_tls_key_file = /etc/postfix/FOO-key.pem
   smtpd_tls_received_header = yes
   smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
   smtpd_use_tls = yes
   tls_random_source = dev:/dev/urandom
    
   ##  SASL Settings
   # This is going in to THIS server
   smtpd_sasl_auth_enable = no
   # We need this
   smtp_sasl_auth_enable = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
   smtpd_sasl_local_domain = $myhostname
   smtp_sasl_security_options = noanonymous
   #smtp_sasl_security_options =
   smtp_sasl_tls_security_options = noanonymous
   smtpd_sasl_application_name = smtpd
    
   ## Gmail Relay
   relayhost = [smtp.gmail.com]:587
   
   # Disable DNS Lookups
   disable_dns_lookups = yes
   #
   # Great New feature Address Mapping 
   #  for example may mchirico@localhost to mchirico@gmail.com
   smtp_generic_maps = hash:/etc/postfix/generic
   #
   # 
   transport_maps = hash:/etc/postfix/transport
The error i get once i try to send a mail:
Code:
Apr  4 10:45:01 server postfix/smtpd[28252]: warning: No server certs available. TLS won't be enabled
Apr  4 10:45:01 server postfix/smtpd[28252]: connect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr  4 10:45:01 server postfix/smtpd[28252]: lost connection after STARTTLS from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr  4 10:45:01 server postfix/cleanup[28256]: A0AF194076: message-id=<20110404154501.A0AF194076@server.juntosrecordings.com>
Apr  4 10:45:01 server postfix/smtpd[28252]: disconnect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr  4 10:45:01 server postfix/qmgr[27935]: A0AF194076: from=<double-bounce@server.juntosrecordings.com>, size=925, nrcpt=1 (queue active)
Apr  4 10:45:01 server postfix/smtp[28258]: A0AF194076: to=<postmaster@juntosrecordings.com>, orig_to=<postmaster>, relay=none, delay=0.07, delays=0.06/0.01/0/0, dsn=5.4.6, status=bounced (mail for juntosrecordings.com loops back to myself)
Apr  4 10:45:01 server postfix/bounce[28259]: warning: A0AF194076: undeliverable postmaster notification discarded
Apr  4 10:45:01 server postfix/qmgr[27935]: A0AF194076: removed
Apr  4 10:45:01 server dovecot: pop3-login: Login: user=<juntosrecordings>, method=PLAIN, rip=82.136.xxx.x, lip=192.168.2.88
Apr  4 10:45:01 server dovecot: POP3(juntosrecordings): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

I hope you can help me out, since i've been struggling with this for a few days now.

Last edited by AeroXbird; 04-06-2011 at 10:20 AM.
 
Old 04-05-2011, 05:31 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Looking at:
Quote:
warning: No server certs available. TLS won't be enabled
and
Quote:
lost connection after STARTTLS
which is then followed by a double bounce situation regarding the mailer daemon message, I think it is safe to say that you have a configuration problem with your TLS portion.

For starters, I notice that you are trying to use SSL on both SMTP and SMTPD. I don't recall the specifics of why, but this practice is generally discouraged in the postfix documentation as it tends to cause problems. Here is a link to the postfix TLS howtwo that will explain this. It will also give you some hints to verify that you have your certs in the correct format, which is another possible cause of the error message you received.

My recommendation, based upon both personal experience and reading, would be to start with a simple mail server, no TLS, no SASL authentication. One you have that configured such that it accepts mail for your domain, and sends mail from your system only (use the command prompt or telnet to test) then add SASL authentication, and or TLS one at a time. You can also expect to run into problems and it will probably take you a while, as in weeks to months, to get your mail server fully functional.

As far as a couple of decent documents to help you out, the Postfix documentation is really good but I think you need to have climbed part of the learning curve to make good use of it. There is a how to by 'Flurdy' that is really popular and I also like the one by Johnny Chadda.
 
Old 04-05-2011, 07:10 AM   #3
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Noway2 View Post
Looking at: and which is then followed by a double bounce situation regarding the mailer daemon message, I think it is safe to say that you have a configuration problem with your TLS portion.

For starters, I notice that you are trying to use SSL on both SMTP and SMTPD. I don't recall the specifics of why, but this practice is generally discouraged in the postfix documentation as it tends to cause problems. Here is a link to the postfix TLS howtwo that will explain this. It will also give you some hints to verify that you have your certs in the correct format, which is another possible cause of the error message you received.

My recommendation, based upon both personal experience and reading, would be to start with a simple mail server, no TLS, no SASL authentication. One you have that configured such that it accepts mail for your domain, and sends mail from your system only (use the command prompt or telnet to test) then add SASL authentication, and or TLS one at a time. You can also expect to run into problems and it will probably take you a while, as in weeks to months, to get your mail server fully functional.

As far as a couple of decent documents to help you out, the Postfix documentation is really good but I think you need to have climbed part of the learning curve to make good use of it. There is a how to by 'Flurdy' that is really popular and I also like the one by Johnny Chadda.
I appreciate your reply, altough, i am relaying my email through GMAIL, wich requires me to use SASL, otherwise it'll just reject my connection.
i'll try to remove all the smtp stuff, and run smptd only.
 
Old 04-05-2011, 09:06 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Getting a Postfix server up and running is a difficult task in and of itself. Relaying through Gmail only adds a layer of complexity and whole tomes have been written on this subject alone. If you set the GMail portion aside, are you convinced that you mail system is otherwise fully functional?

If you are having problems with your mail being blocked, you may be able to work around them using your ISP's SMTP server, at least as a test platform before moving on to Gmail.
 
Old 04-05-2011, 01:29 PM   #5
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Okay, i decided to ditch my whole setup, and attempt to set up postfix and courier using the flurdy tutorial, i can send and receive mail, altough once i try to log in using my mail client, SASL rejects my password, altough the password is correct.
would it be anything with the mysql setup?
 
Old 04-05-2011, 07:27 PM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Yes, it could be. Typically you will have a SQL configuration file that will show the syntax with some wild card characters in it and ultimately these need to provide matched results to what is in the SQL tables. Two things that comes to mind to watch for are ' (apostrophe) versus ` (back-tick) characters, especially if you copy any of the how to configurations and make sure you don't have any spaces at the end of the lines in your SQL map files as this will cause problems.

When you restart postfix, look to see if you get any error or warning messages, especially ones that seem cryptic in your mail.log or syslog as this typically indicates a syntax type problem.

If the above checks out, see if courier has a debugging mode (I am sure it does) where you can see what it is trying to authenticate and match. Typically, the password is MD5 hashed and this is then compared against the one in MySQL.
 
Old 04-06-2011, 09:56 AM   #7
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
This issue is getting quite on my nerves, i've tried everything i could.
It can read from the database, but the god damn thing just wont accept my password.
If you need me to post any config files, just tell me.
 
Old 04-06-2011, 10:07 AM   #8
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Have a look at this forum thread: http://www.tek-tips.com/viewthread.c...1599647&page=2

It sounds like you are having a situation that is similar to Bluethundr and he discusses using an auth test tool, debugging, and the SQL database functions for use with Courier, SQL, and postfix. It might have some insights that will help. The thread is a bit long and might take some digesting.
 
Old 04-06-2011, 10:20 AM   #9
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Okay, so i took a look at the thread you posted, i noticed the thing he had too, although i didn't know that clear would be an unencrypted password, i gave it a try, but it still doesnt work for me.

heres the log i get once i attempt to log in using mozilla thunderbird:
Code:
Apr  6 09:17:57 server postfix/smtpd[9500]: connect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr  6 09:17:57 server postfix/smtpd[9500]: setting up TLS connection from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
Apr  6 09:17:57 server postfix/smtpd[9500]: Anonymous TLS connection established from 82-136-x-x.ip.telfort.nl[82.136.xxx.x]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr  6 09:17:59 server postfix/smtpd[9500]: warning: SASL authentication failure: Password verification failed
Apr  6 09:17:59 server postfix/smtpd[9500]: warning: 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]: SASL PLAIN authentication failed: authentication failure
Apr  6 09:18:01 server postfix/smtpd[9500]: warning: 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]: SASL LOGIN authentication failed: authentication failure
Apr  6 09:18:11 server postfix/smtpd[9500]: disconnect from 82-136-xxx-x.ip.telfort.nl[82.136.xxx.x]
EDIT: I have closed the issue down to postfix, i confirm that the issue is postfix, i can now receive all my mails with courier after installing courier's POP server package. (imap wasn't working for some reason)

Last edited by AeroXbird; 04-06-2011 at 11:33 AM.
 
Old 04-07-2011, 05:26 AM   #10
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
You edit reminded me of something that may be important. Postfix does not natively support SASL. Instead it relies on SASL libraries provided by either Cyrus (courier(?)) or Dovecot. After your edit, what is your current status? Are you still having authentication problems? If so, have you turned on the password debugging so that you can compare what it is trying to use versus what is in your SQL database?

Setting up a mail server is one of the most complex tasks that a Linux system administrator can do. As I said in my first post, expect to run into troubles and for it to take a while to get them all straightened out. It looks to me like you are making excellent progress. While it may get frustrating at times, I think you will soon have it working.
 
Old 04-07-2011, 10:41 AM   #11
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Okay, i finally fixed the issue by installing iRedAdmin, this basically does all the hard work for me.
Altough mail providers like GMail and Hotmail still reject my emails, i know i have to do something with MX records and SPF records at my domain name provider.
Could any of you give me a point in the right direction with that? i dont really understand that part.
 
Old 04-07-2011, 10:55 AM   #12
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Quote:
i finally fixed the issue by installing iRedAdmin, this basically does all the hard work for me.
I am glad that you got it working.

SPF and MX records are DNS functions that work in a related fashion. An MX record is like an A record, but it indicates which machines are Mail eXchangers for your system. Normally, when you perform an NSLOOKUP you get the A record for the domain. You can also set the type of request to MX to get the mail handlers for a domain. You can have multiple ones listed and assign a priority to them, with a lower number being the higher priority.

An SPF record is a text, TXT, record in your DNS report that declares that machine XYZ is indeed a mail exchanger for this domain. Upon receipt of a message, a recipient system can query your DNS to see if you have an SPF record. The theory is that it helps to identify that the originating machine really is an email server and not a zombie belonging to Joe User. This also gets into the fact that most big mail systems won't accept mail from IP addresse that are from a pool that is categorized as "residential" which is typically, but not always, a dynamically assigned. If you have this problem, you can often times get around it by relaying outbound mail through your ISP's SMTP server as the first hop towards its destination.

Microsoft actually has a website with a really good wizard to help you generate an SPF record. You enter some information regarding your domain and it will give you the string of text to use for the SPF record. You then add this as a TXT record to your DNS zone information.
 
Old 04-07-2011, 11:26 AM   #13
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for the swift reply.
I understand the basics now, altough you are saying that i will have to relay my email through my isp in order for me to be able to send and receive emails?
does that mean that i dont have a from: user@mydomain.com but instead customername@isp.ext
Because i actually wanted to set up a mail server to avoid using my ISP's mail.
 
Old 04-07-2011, 12:54 PM   #14
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
One thing I would suggest is to go to the mxtoolbox.com site and have it run a check of your domain. That will tell you how other domains 'see' your IP as well as verify your DNS entries related to your mail server. If it shows that your IP is blocked because of its classification, then you can run your mail through your ISP's smtp server. Using Postfix, this means that you set your ISP's server as your "relayhost".

Mail will still appear as from you@yourdomain, not your ISP's domain. The only difference will be that in the full headers, your ISP's server will appear in after yours in the "received from" chain. Many ISP's servers are configured to accept mail when it comes from their network, so you may not even need to provide authentication. If you do need to authenticate, Postfix can handle this, but I have never implemented it.
 
Old 04-07-2011, 01:58 PM   #15
AeroXbird
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
I love you dude.
What you said was right, i entered the mail relay of my ISP, and it accepted it just like you said it would, atleast i can send emails, wich was my main concern.
But i cant receive mails yet, once i try to send mails from my gmail account to my mailserver it returns: Relaying denied. Proper authentication required. (state 14).
Do you have anything i could do to fix this issue?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix issue PankajRasuni Linux - Software 1 04-18-2010 12:06 PM
Postfix issue ; Must issue a STARTTLS command first after forcing TLS sarajevo Linux - Server 3 05-14-2009 09:28 AM
Postfix Issue mukundmurari Linux - Security 2 10-29-2007 09:39 AM
Postfix Issue Grook93 Linux - Server 3 08-12-2006 05:48 AM
postfix issue sixth_sense Linux - Networking 5 04-23-2004 03:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration