Ubuntu server postfix TLS configuration

dkiousis · 03-04-2008, 09:36 AM

Dear Ubuntu users,

Recently I installed an Ubuntu7.04 server (with Apache, MySQL, php).
The last days I am trying to install a mail server in order to use the php mail() function and to create email accounts user@server.myserver.com.

I followed (almost blindly) the manual given here:
howtoforge.com/perfect_setup_ubuntu704
installing postfix, bind9, TLS and so on...

At the end, this is how my postfix/main.cf file looks like:

Code:

myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

myhostname = server.myserver.com
mydestination = server.myserver.com, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8

relayhost =

#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

home_mailbox = Maildir/

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Next I tried:

Code:

sudo telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.myserver.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-server.myserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

mail from: user@server.myserver.com
250 2.1.0 Ok
rcpt to: user@server.myserver.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Test
.
250 2.0.0 Ok: queued as 23FE08685FC
quit
221 2.0.0 Bye

and everything works fine! I can read the email at my ~/Maildir and I can download it using Evolution mail.

HOWEVER, when I try (with telnet) to send an email to a non-local account (user@gmail.com) I get NO warnings but the mail NEVER arrives.
When I try to do the same with Evince, I get:
Please enter the SMTP password for user on host [NUMERIC IP]
and when I give the user's password, the warning comes:
Unable to authenticate to SMTP server.
Bad authentication response from server.

Additionally, when I try to send an email from gmail to myserver, nothing arrives.

Any help please?

billymayday · 03-05-2008, 02:36 AM

Start with your logs. probably /var/log/maillog, but not sure in Ubuntu

dkiousis · 03-05-2008, 03:15 AM

Hello there,

I opened the /var/log/mail.log file and this is what I get (last lines) when I try to send an email to the address dk [AT] dqdev [DOT] net:

Code:

Mar  5 12:16:41 server postfix/smtp[8443]: connect to mail.dqdev.net[69.72.212.86]: No route to host (port 25)
Mar  5 12:16:41 server postfix/smtp[8443]: 674268685FC: to=<dk [AT] dqdev [DOT] net>, relay=none, delay=20, delays=17/0.01/3/0, dsn=4.4.1, status=deferred (connect to mail.dqdev.net[69.72.212.86]: No route to host)

What can the warning No route to host mean?

Additionally, when I check the file mail.warn I get:

Code:

Mar  5 12:16:07 server postfix/smtpd[8438]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled

Any ideas?

Thanks

billymayday · 03-05-2008, 03:37 AM

Can you post the output of

route

iptables -L

dkiousis · 03-05-2008, 04:45 AM

Route

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
localnet        *               255.255.255.192 U     0      0        0 eth0
default         129.27.219.65   0.0.0.0         UG    0      0        0 eth0

sudo iptables -L

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination