| View previous topic :: View next topic |
| Author |
Message |
sourmash
n00b
Joined: 15 Jan 2004
Posts: 18
|
 Posted: Sat Jan 17, 2004 11:36 am Post subject: |
 |
|
No probs youve helped me a lot and I appreciate that. I will see if I can persuade my friends to use a different email client on windows for the moment, any suggestions??
sourmash |
|
| Back to top |
|
 |
bruzzler
n00b
Joined: 08 Oct 2003
Posts: 70
|
| Posted: Wed Jan 28, 2004 7:56 am Post subject: Postmap troubles |
|
|
Hi,
i have encountered this strange error following the tutorial:
linuxsrv root # /usr/sbin/postmap hash:/etc/postfix/saslpass
postmap: warning: valid_hostname: invalid character 44(decimal): linuxsrv.bruzzler.dyndns.org,
postmap: fatal: unable to use my own hostname
anyone's knowing where this damn "," comes from. It's not in /etc/dnsdomainname, but if i type in # dnsdomainname, it appears too.
Thanks for your Help |
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Wed Jan 28, 2004 8:12 am Post subject: |
|
|
Perhaps it's a typo in /etc/hosts ?
_________________
I have nothing witty to say here... ever  |
|
| Back to top |
|
|
Bob Shroom
n00b
Joined: 14 Oct 2003
Posts: 14
Location: Nuremberg, Germany
|
| Posted: Wed Jan 28, 2004 11:44 pm Post subject: |
|
|
hi there, great tutorial, but i think, i got a similar problem like miha had before with the 'client host rejected'.
https://forums.gentoo.org/viewtopic.php?t=56633&postdays=0&postorder=asc&highlight=client+host+rejected+access+denied&start=221
imap works fine via ssl; i can login with tunderbird from a client in my lan or via squirrelmail and can browse my mail.
but when it comes to sending mail, i must have done something wrong.
doesn't matter, if i try to send mail from the mail-client (sylpheed-claws) installed on the server or from a client inside my lan (thunderbird or squirrelmail)... i always get this:
| Quote: |
Jan 29 00:07:46 [postfix/master] daemon started -- version 2.0.16
Jan 29 00:07:52 [postfix/smtpd] starting TLS engine
Jan 29 00:07:52 [postfix/smtpd] unable to get private key from '/etc/postfix/newreq.pem'
Jan 29 00:07:52 [postfix/smtpd] 25626:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
Jan 29 00:07:52 [postfix/smtpd] 25626:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:399:
Jan 29 00:07:52 [postfix/smtpd] 25626:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
Jan 29 00:07:52 [postfix/smtpd] TLS engine: cannot load RSA cert/key data
Jan 29 00:07:52 [postfix/smtpd] connect from localhost[127.0.0.1]
Jan 29 00:07:52 [postfix/smtpd] 80C71118EC0: client=localhost[127.0.0.1]
Jan 29 00:07:52 [postfix/smtpd] 80C71118EC0: reject: RCPT from localhost[127.0.0.1]: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied; from=<chris@doobistic.no-ip.com> to=<some@mailaddress.net> proto=SMTP helo=<doobistic.no-ip.com>
Jan 29 00:07:53 [postfix/smtpd] lost connection after RCPT from localhost[127.0.0.1]
Jan 29 00:07:53 [postfix/smtpd] disconnect from localhost[127.0.0.1]
|
what am i doing wrong?
maybe somebody can point me in the right direction.
thanx in advance.
bob
maybe this helps:
| Code: |
doobistic root # grep -v "^#" /etc/postfix/main.cf | sed '/./,/^$/!d'
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = doobistic.no-ip.com
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.4.0/24, 127.0.0.0/8
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.16-r1/sample
readme_directory = /usr/share/doc/postfix-2.0.16-r1/readme
default_destination_concurrency_limit = 2
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2
alias_maps = hash:/etc/mail/aliases
home_mailbox = .maildir/
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom
|
|
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Thu Jan 29, 2004 12:51 am Post subject: |
|
|
Hey Bob, Shrooms and Doob's eh? 
Well, there's a few things I can suggest:
1. Check your SSL generation steps. It would appear there's a problem with the *.pem files you generated. Did you add the -nodes switch?
2. is your FQDN listed in /etc/hosts ? What does this code output: hostname -f
As a side note, I am in the process of re-writing the whole guide and plan to bump it to version 2 in a couple days.... I think I've found better ways to do the stuff that causes the most problems (IE: sasl, SSL and OE). If you're willing to give me a few days, I'll have it updated and will bump the thread....
_________________
I have nothing witty to say here... ever |
|
| Back to top |
|
|
Bob Shroom
n00b
Joined: 14 Oct 2003
Posts: 14
Location: Nuremberg, Germany
|
| Posted: Thu Jan 29, 2004 9:14 am Post subject: |
|
|
| beowulf wrote: | | Hey Bob, Shrooms and Doob's eh? |
 not in combination and not while i was setting up the server...that's for sure! 
| beowolf wrote: |
Well, there's a few things I can suggest:
1. Check your SSL generation steps. It would appear there's a problem with the *.pem files you generated. Did you add the -nodes switch?
|
yes, i added -nodes matching your tutorial.
i also removed the old certificate and generated a new one...here is the output:
| Code: |
doobistic root # cd /etc/ssl/misc/
doobistic misc # ls -al
insgesamt 44
drwxr-xr-x 2 root root 4096 29. Jan 09:52 .
drwxr-xr-x 7 root root 4096 26. Jan 01:09 ..
-rwxr-xr-x 1 root root 5220 26. Jan 22:42 CA.pl
-rwxr-xr-x 1 root root 3505 25. Jan 13:06 CA.sh
-rwxr-xr-x 1 root root 119 25. Jan 13:06 c_hash
-rwxr-xr-x 1 root root 152 25. Jan 13:06 c_info
-rwxr-xr-x 1 root root 113 25. Jan 13:06 c_issuer
-rwxr-xr-x 1 root root 110 25. Jan 13:06 c_name
-rwxr-xr-x 1 root root 6733 25. Jan 13:06 der_chop
doobistic misc # ./CA.pl -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
...........++++++
.......................++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Bavaria]:
Locality Name (eg, city) [Nuremberg]:
Organization Name (eg, company) [doobistic.no-ip.com]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:chris
Email Address [chris@doobistic.no-ip.com]:
doobistic misc # ./CA.pl -newreq
Generating a 1024 bit RSA private key
...++++++
............................................................................................++++++
writing new private key to 'newreq.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Bavaria]:
Locality Name (eg, city) [Nuremberg]:
Organization Name (eg, company) [doobistic.no-ip.com]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:chris
Email Address [chris@doobistic.no-ip.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request (and private key) is in newreq.pem
doobistic misc # ./CA.pl -sign
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 29 08:56:58 2004 GMT
Not After : Jan 28 08:56:58 2005 GMT
Subject:
countryName = DE
stateOrProvinceName = Bavaria
localityName = Nuremberg
organizationName = doobistic.no-ip.com
commonName = chris
emailAddress = chris@doobistic.no-ip.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
6E:E3:FB:71:0E:B0:6E:8D:F2:6F:BF:E8:87:AF:59:F3:06:63:19:4C
X509v3 Authority Key Identifier:
keyid:C9:E2:BC:AE:7F:2F:70:07:20:F1:47:3F:F1:02:0C:86:4A:F2:FB:CE
DirName:/C=DE/ST=Bavaria/L=Nuremberg/O=doobistic.no-ip.com/CN=chris/emailAddress=chris@doobistic.no-ip.com
serial:00
Certificate is to be certified until Jan 28 08:56:58 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in newcert.pem
doobistic misc # rm /etc/postfix/new*.pem
doobistic misc # cp new*.pem /etc/postfix
doobistic misc # cp demoCA/cacert.pem /etc/postfix
doobistic misc # /etc/init.d/postfix stop
* Stopping postfix... [ ok ]
doobistic misc # /etc/init.d/postfix start
* Starting postfix... [ ok ]
|
the only difference to your output was, that i was asked a password when executing ./CA.pl -newreq (right after "writing new private key to 'newreq.pem' ")
but somehow that didn't do the trick!
| Quote: |
doobistic misc # tail -f /var/log/everything/current
Jan 29 10:00:06 [postfix/smtpd] starting TLS engine
Jan 29 10:00:06 [postfix/smtpd] unable to get private key from '/etc/postfix/newreq.pem'
Jan 29 10:00:06 [postfix/smtpd] 29912:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
Jan 29 10:00:06 [postfix/smtpd] 29912:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:399:
Jan 29 10:00:06 [postfix/smtpd] 29912:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
Jan 29 10:00:06 [postfix/smtpd] TLS engine: cannot load RSA cert/key data
Jan 29 10:00:06 [postfix/smtpd] connect from localhost[127.0.0.1]
Jan 29 10:00:06 [postfix/smtpd] B10F7118ED5: client=localhost[127.0.0.1]
Jan 29 10:00:06 [postfix/smtpd] B10F7118ED5: reject: RCPT from localhost[127.0.0.1]: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied; from=<chris@doobistic.no-ip.com> to=<some@mailaddress.net> proto=SMTP helo=<doobistic.no-ip.com>
Jan 29 10:00:07 [postfix/smtpd] lost connection after RCPT from localhost[127.0.0.1]
Jan 29 10:00:07 [postfix/smtpd] disconnect from localhost[127.0.0.1]
|
EDIT:
hold on...there is definitely something wrong with my ssl-cert.
when i connected to my imap @ home, i examined the certificate and found out, that it uses the old cert, i generated 2 days ago.
i must be missing something here....as you can see in the output above, i deleted the old certs in /etc/postfix. is there some cache, where the old certs are stored?
how can i make sure, that i definitely use only one (the right one) certificate?
| beowolf wrote: |
2. is your FQDN listed in /etc/hosts ? What does this code output: hostname -f
|
| Code: |
doobistic root # cat /etc/hosts
# /etc/hosts: This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server. Just add the names, addresses
# and any aliases to this file...
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/hosts,v 1.7 2002/11/18 19:39:22 azarah Exp $
#
127.0.0.1 localhost
-- deleted --
192.168.4.10 doobistic.no-ip.com doobistic
-- deleted --
-- deleted --
|
| Code: |
doobistic root # hostname -f
doobistic.no-ip.com
|
well...quite frankly, this is where i got stuck a little bit.
the thing with the FQDN is something i find it a little bit confusing...as the FQDN (according to your tutorial, my FQDN would be: doobistic.doobistic.no-ip.com...right?) doesn't resolve at all.
| Code: |
doobistic root # echo $(cat /etc/hostname).$(cat /etc/dnsdomainname)
doobistic.doobistic.no-ip.com
doobistic root #
|
i enabled NAT in my router/firewall to forward all relevant packages to the serverbox and when i nmap myself from the outside it just looks fine. but when i try to connect from the outside via thunderbird, the connection times out when connecting to 'doobistic.no-ip.com' and doesn't even try to connect when using 'doobistic.doobistic.no-ip.com'. (-> host does not exist)
this might a entirely different problem, but i just like to know, if i have to adjust my firewall-settings (right now port 25 TCP and port 993 TCP get forwarded) or has it something to do with restrictive imap/postfix/sasl settings?
EDIT:
ok...got the last problem solved! it wasn't my local firewall needed to be adjusted, but the firewall from the outside-lan was blocking my attempts to connect to imap @ home.
but i'm still not able to send mail! 
| beowolf wrote: |
As a side note, I am in the process of re-writing the whole guide and plan to bump it to version 2 in a couple days.... I think I've found better ways to do the stuff that causes the most problems (IE: sasl, SSL and OE). If you're willing to give me a few days, I'll have it updated and will bump the thread.... |
sure, man...as far as i'm concerned, i got all the time in the world.
keep up the good work. 
bob
_________________
[planet-earth] root # rm -rf /
Last edited by Bob Shroom on Sun Feb 01, 2004 5:40 pm; edited 1 time in total |
|
| Back to top |
|
|
bruzzler
n00b
Joined: 08 Oct 2003
Posts: 70
|
| Posted: Thu Jan 29, 2004 3:10 pm Post subject: postfix problems |
|
|
Hi,
i corrected the error above by simply typing in my domain and hostname into /etc/postfix/main.cf
Now i have another problem with postfix whenever i try to deliver local mail i get this error:
[postfix/postdrop] warning: unable to look up public/pickup: No such file or directory
Anyone who can help me ? |
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Sat Jan 31, 2004 10:41 am Post subject: |
|
|
Bob Shroom - Unfotunately I haven't been able to finish the guide... a few things came up that need my attention for the next week or so.... However, I may be able to help you with your SSL problem....
The new way I've been talking about regarding SSL is to use some pregenerated SSL certs I found in /etc/ssl/postfix. They're pre-generated so no more editing -nodes and no more entering all sorts of stuff.... Anyways, here's a snippet from /etc/postfix/main.cf that shows which key files go with what option:
| Code: |
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
|
You hosts issue should be resolved by enabling wild-cards with no-ip.org and changing /etc/hosts to read:
doobistic.doobistic.no-ip.com doobistic
I believe you not being able to send is tied in with the SSL cert issue.... since you will be rejected if SSL fails... If after editing your main.cf and are still not able to send, please post back with another log entry....
bruzzler - Hmm... never seen the error before, but I searched Google and came up with this. Unfortunately I haven't found a fix, but this post suggests that /var/spool/postfix/public is missing, and missing some files....
I would check there to see if there's anything wrong....
Here's my output for reference, though I don't know if this would be unique or not:
| Code: | ls -l /var/spool/postfix/public/
total 8
drwx--x--- 2 postfix postdrop 4096 Jan 25 22:22 .
drwxr-xr-x 14 root root 4096 Jan 25 22:04 ..
srw-rw-rw- 1 postfix postfix 0 Jan 25 22:22 cleanup
srw-rw-rw- 1 postfix postfix 0 Jan 25 22:22 flush
prw--w--w- 1 postfix postfix 0 Jan 31 05:34 pickup
prw--w--w- 1 postfix postfix 0 Jan 31 05:34 qmgr
srw-rw-rw- 1 postfix postfix 0 Jan 25 22:22 showq
|
---------
Hope this helps guys
_________________
I have nothing witty to say here... ever |
|
| Back to top |
|
|
Bob Shroom
n00b
Joined: 14 Oct 2003
Posts: 14
Location: Nuremberg, Germany
|
| Posted: Sun Feb 01, 2004 4:51 pm Post subject: |
|
|
ok, i've edited main.conf so it uses the pre-generated ssl-certs:
| Code: |
doobistic root # cat /etc/postfix/main.cf | grep smtpd_tls
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
|
and i've modified /etc/hosts:
| Code: |
doobistic root # cat /etc/hosts | grep doobistic
192.168.4.10 doobistic.doobistic.no-ip.com doobistic
|
enabled wildcard @ no-ip.com (now i can ping doobistic.doobistic.no-ip.com from the outside)
stopped and started postfix...
but unfortunately still no success in sending out some mail... 
but at least the tls engine seems to start up correctly now:
| Quote: |
Feb 1 17:26:50 [postfix/smtpd] starting TLS engine
Feb 1 17:26:50 [postfix/smtpd] connect from localhost[127.0.0.1]
Feb 1 17:26:50 [postfix/smtpd] 365EF118EDA: client=localhost[127.0.0.1]
Feb 1 17:26:50 [postfix/smtpd] 365EF118EDA: reject: RCPT from localhost[127.0.0.1]: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied; from=<chris@doobistic.no-ip.com> to=<some@mailaddress.net> proto=SMTP helo=<doobistic.no-ip.com>
Feb 1 17:26:51 [postfix/smtpd] lost connection after RCPT from localhost[127.0.0.1]
Feb 1 17:26:51 [postfix/smtpd] disconnect from localhost[127.0.0.1]
|
above is the output, i am getting, when i try to send via squirrelmail.
anyways...i'm not giving up on this...
i will check _all_ my settings once again...maybe i'm lucky this time.
bob
EDIT:
after nuking my old one, i've edited a completely fresh main.cf and double checked, nothing is missing.
fasten your seatbelt....now i'm getting this output, when i wanna send out some mail....this time i am using thunderbird: (using squirrelmail still gives the same output as stated above)
| Quote: | Feb 1 19:01:23 [imapd-ssl] Connection, ip=[192.168.4.20]
Feb 1 19:01:26 [imapd-ssl] LOGIN, user=chris, ip=[192.168.4.20], protocol=IMAP
Feb 1 19:01:48 [postfix/smtpd] starting TLS engine
Feb 1 19:01:48 [postfix/smtpd] connect from doobdev[192.168.4.20]
Feb 1 19:01:48 [postfix/smtpd] setting up TLS connection from doobdev[192.168.4.20]
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:before/accept initialization
Feb 1 19:01:48 [postfix/smtpd] read from 080A7090 [080B5298] (11 bytes => -1 (0xFFFFFFFF))
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:error in SSLv2/v3 read client hello A
Feb 1 19:01:48 [postfix/smtpd] read from 080A7090 [080B5298] (11 bytes => 11 (0xB))
Feb 1 19:01:48 [postfix/smtpd] 0000 16 03 01 00 53 01 00 00|4f 03 01 ....S... O..
Feb 1 19:01:48 [postfix/smtpd] read from 080A7090 [080B52A3] (77 bytes => -1 (0xFFFFFFFF))
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:error in SSLv3 read client hello B
- Last output repeated twice -
Feb 1 19:01:48 [postfix/smtpd] read from 080A7090 [080B52A3] (77 bytes => 77 (0x4D))
Feb 1 19:01:48 [postfix/smtpd] 0000 00 00 3e ca 83 71 fe a8|80 39 e9 58 56 1f a5 20 ..>..q.. .9.XV..
Feb 1 19:01:48 [postfix/smtpd] 0010 38 5b 50 34 bf cd 7e 47|64 b8 90 fc 3d 65 ff 1c 8[P4..~G d...=e..
Feb 1 19:01:48 [postfix/smtpd] 0020 00 00 28 00 39 00 38 00|35 00 33 00 32 00 04 00 ..(.9.8. 5.3.2...
Feb 1 19:01:48 [postfix/smtpd] 0030 05 00 2f 00 16 00 13 fe|ff 00 0a 00 15 00 12 fe ../..... ........
Feb 1 19:01:48 [postfix/smtpd] 0040 fe 00 09 00 64 00 62 00|03 00 06 01 ....d.b. ....
Feb 1 19:01:48 [postfix/smtpd] 004d - <SPACES/NULS>?
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:SSLv3 read client hello B
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:SSLv3 write server hello A
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:SSLv3 write certificate A
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:SSLv3 write key exchange A
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:SSLv3 write server done A
Feb 1 19:01:48 [postfix/smtpd] write to 080A7090 [080C33C0] (1215 bytes => 1215 (0x4BF))
Feb 1 19:01:48 [postfix/smtpd] 0000 16 03 01 00 4a 02 00 00|46 03 01 40 1d 3f 0c 6b ....J... F..@.?.k
Feb 1 19:01:48 [postfix/smtpd] 0010 78 b9 8f 95 d2 02 16 4d|c6 d9 e2 99 00 7b 2e 69 x......M .....{.i
Feb 1 19:01:48 [postfix/smtpd] 0020 68 d7 28 30 3d 1d 78 20|c0 25 93 20 49 7a f3 92 h.(0=.x .%. Iz..
Feb 1 19:01:48 [postfix/smtpd] 0030 a2 53 00 49 3d 64 0f 79|0a 24 a8 74 10 b6 ed 68 .S.I=d.y .$.t...h
Feb 1 19:01:48 [postfix/smtpd] 0040 c3 2c 83 72 44 7a e1 27|cd c8 73 31 00 39 00 16 .,.rDz.' ..s1.9..
Feb 1 19:01:48 [postfix/smtpd] 0050 03 01 02 d0 0b 00 02 cc|00 02 c9 00 02 c6 30 82 ........ ......0.
Feb 1 19:01:48 [postfix/smtpd] 0060 02 c2 30 82 02 2b a0 03|02 01 02 02 01 01 30 0d ..0..+.. ......0.
Feb 1 19:01:48 [postfix/smtpd] 0070 06 09 2a 86 48 86 f7 0d|01 01 04 05 00 30 81 a6 ..*.H... .....0..
Feb 1 19:01:48 [postfix/smtpd] 0080 31 0b 30 09 06 03 55 04|06 13 02 55 53 31 13 30 1.0...U. ...US1.0
Feb 1 19:01:48 [postfix/smtpd] 0090 11 06 03 55 04 08 13 0a|43 61 6c 69 66 6f 72 6e ...U.... Californ
Feb 1 19:01:48 [postfix/smtpd] 00a0 69 61 31 16 30 14 06 03|55 04 07 13 0d 53 61 6e ia1.0... U....San
Feb 1 19:01:48 [postfix/smtpd] 00b0 74 61 20 42 61 72 62 61|72 61 31 13 30 11 06 03 ta Barba ra1.0...
Feb 1 19:01:48 [postfix/smtpd] 00c0 55 04 0a 13 0a 53 53 4c|20 53 65 72 76 65 72 31 U....SSL Server1
Feb 1 19:01:48 [postfix/smtpd] 00d0 22 30 20 06 03 55 04 0b|13 19 46 6f 72 20 54 65 "0 ..U.. ..For Te
Feb 1 19:01:48 [postfix/smtpd] 00e0 73 74 69 6e 67 20 50 75|72 70 6f 73 65 73 20 4f sting Pu rposes O
Feb 1 19:01:48 [postfix/smtpd] 00f0 6e 6c 79 31 12 30 10 06|03 55 04 03 13 09 6c 6f nly1.0.. .U....lo
Feb 1 19:01:48 [postfix/smtpd] 0100 63 61 6c 68 6f 73 74 31|1d 30 1b 06 09 2a 86 48 calhost1 .0...*.H
Feb 1 19:01:48 [postfix/smtpd] 0110 86 f7 0d 01 09 01 16 0e|72 6f 6f 74 40 6c 6f 63 ........ root@loc
Feb 1 19:01:48 [postfix/smtpd] 0120 61 6c 68 6f 73 74 30 1e|17 0d 30 34 30 31 32 36 alhost0. ..040126
Feb 1 19:01:48 [postfix/smtpd] 0130 30 30 30 39 31 31 5a 17|0d 30 36 30 31 32 35 30 000911Z. .0601250
Feb 1 19:01:48 [postfix/smtpd] 0140 30 30 39 31 31 5a 30 81|a6 31 0b 30 09 06 03 55 00911Z0. .1.0...U
Feb 1 19:01:48 [postfix/smtpd] 0150 04 06 13 02 55 53 31 13|30 11 06 03 55 04 08 13 ....US1. 0...U...
Feb 1 19:01:48 [postfix/smtpd] 0160 0a 43 61 6c 69 66 6f 72|6e 69 61 31 16 30 14 06 .Califor nia1.0..
Feb 1 19:01:48 [postfix/smtpd] 0170 03 55 04 07 13 0d 53 61|6e 74 61 20 42 61 72 62 .U....Sa nta Barb
Feb 1 19:01:48 [postfix/smtpd] 0180 61 72 61 31 13 30 11 06|03 55 04 0a 13 0a 53 53 ara1.0.. .U....SS
Feb 1 19:01:48 [postfix/smtpd] 0190 4c 20 53 65 72 76 65 72|31 22 30 20 06 03 55 04 L Server 1"0 ..U.
Feb 1 19:01:48 [postfix/smtpd] 01a0 0b 13 19 46 6f 72 20 54|65 73 74 69 6e 67 20 50 ...For T esting P
Feb 1 19:01:48 [postfix/smtpd] 01b0 75 72 70 6f 73 65 73 20|4f 6e 6c 79 31 12 30 10 urposes Only1.0.
Feb 1 19:01:48 [postfix/smtpd] 01c0 06 03 55 04 03 13 09 6c|6f 63 61 6c 68 6f 73 74 ..U....l ocalhost
Feb 1 19:01:48 [postfix/smtpd] 01d0 31 1d 30 1b 06 09 2a 86|48 86 f7 0d 01 09 01 16 1.0...*. H.......
Feb 1 19:01:48 [postfix/smtpd] 01e0 0e 72 6f 6f 74 40 6c 6f|63 61 6c 68 6f 73 74 30 .root@lo calhost0
Feb 1 19:01:48 [postfix/smtpd] 01f0 81 9f 30 0d 06 09 2a 86|48 86 f7 0d 01 01 01 05 ..0...*. H.......
Feb 1 19:01:48 [postfix/smtpd] 0200 00 03 81 8d 00 30 81 89|02 81 81 00 b4 c1 ae 78 .....0.. .......x
Feb 1 19:01:48 [postfix/smtpd] 0210 2a 92 04 f0 4a a4 79 5a|51 8d 57 85 d9 cd 3f 76 *...J.yZ Q.W...?v
Feb 1 19:01:48 [postfix/smtpd] 0220 ea 32 b1 f7 90 0b df 0e|73 c7 f2 17 ca 21 70 33 .2...... s....!p3
Feb 1 19:01:48 [postfix/smtpd] 0230 3f 58 a9 1f ef 6a fd 27|74 d9 af 30 b4 c8 a9 2e ?X...j.' t..0....
Feb 1 19:01:48 [postfix/smtpd] 0240 f4 e1 d8 ff 90 6b dd 86|17 e4 33 c7 04 97 04 ed .....k.. ..3.....
Feb 1 19:01:48 [postfix/smtpd] 0250 28 28 d7 14 82 79 c8 50|ee b3 ee 9c a2 fa 5f 51 ((...y.P ......_Q
Feb 1 19:01:48 [postfix/smtpd] 0260 77 de 0f e7 4c 52 6f 80|da 5e 3b 52 d9 e4 7c 4d w...LRo. .^;R..|M
Feb 1 19:01:48 [postfix/smtpd] 0270 03 1e 6f b9 57 43 b4 7e|2b d2 ea a3 f5 92 61 6c ..o.WC.~ +.....al
Feb 1 19:01:48 [postfix/smtpd] 0280 42 52 64 d2 40 e9 0a 79|cf ac 12 3b 02 03 01 00 BRd.@..y ...;....
Feb 1 19:01:48 [postfix/smtpd] 0290 01 30 0d 06 09 2a 86 48|86 f7 0d 01 01 04 05 00 .0...*.H ........
Feb 1 19:01:48 [postfix/smtpd] 02a0 03 81 81 00 51 f2 42 01|8b 5d 3b 31 be bf 9c de ....Q.B. .];1....
Feb 1 19:01:48 [postfix/smtpd] 02b0 a7 c3 7f 99 85 0e 77 09|9e 87 f8 55 22 0e f1 a9 ......w. ...U"...
Feb 1 19:01:48 [postfix/smtpd] 02c0 ab b3 11 fb 27 da 60 f4|50 31 c8 cb 67 8e 3a 92 ....'.`. P1..g.:.
Feb 1 19:01:48 [postfix/smtpd] 02d0 20 52 62 a7 6a 44 6f b5|ef 4e 5f e5 b5 b0 3c 18 Rb.jDo. .N_...<.
Feb 1 19:01:48 [postfix/smtpd] 02e0 55 70 9e ab 5a 98 c8 3d|14 ef 3a 0e 78 a8 f6 ff Up..Z..= ..:.x...
Feb 1 19:01:48 [postfix/smtpd] 02f0 cb 35 a1 4f 5f 91 c9 3d|93 dd c1 13 91 d6 f6 3f .5.O_..= .......?
Feb 1 19:01:48 [postfix/smtpd] 0300 b8 ac 37 1c 02 32 05 a7|48 2b 56 47 37 7f a4 bf ..7..2.. H+VG7...
Feb 1 19:01:48 [postfix/smtpd] 0310 62 ba 3c e4 64 74 dc 33|bc 1c 50 6d c1 d4 7f ae b.<.dt.3 ..Pm....
Feb 1 19:01:48 [postfix/smtpd] 0320 26 c7 53 fb 16 03 01 01|8d 0c 00 01 89 00 80 b0 &.S..... ........
Feb 1 19:01:48 [postfix/smtpd] 0330 fe b4 cf d4 55 07 e7 cc|88 59 0d 17 26 c5 0c a5 ....U... .Y..&...
Feb 1 19:01:48 [postfix/smtpd] 0340 4a 92 23 81 78 da 88 aa|4c 13 06 bf 5d 2f 9e bc J.#.x... L...]/..
Feb 1 19:01:48 [postfix/smtpd] 0350 96 b8 51 00 9d 0c 0d 75|ad fd 3b b1 7e 71 4f 3f ..Q....u ..;.~qO?
Feb 1 19:01:48 [postfix/smtpd] 0360 91 54 14 44 b8 30 25 1c|eb df 72 9c 4c f1 89 0d .T.D.0%. ..r.L...
Feb 1 19:01:48 [postfix/smtpd] 0370 68 3f 94 8e a4 fb 76 89|18 b2 91 16 90 01 99 66 h?....v. .......f
Feb 1 19:01:48 [postfix/smtpd] 0380 8c 53 81 4e 27 3d 99 e7|5a 7a af d5 ec e2 7e fa .S.N'=.. Zz....~.
Feb 1 19:01:48 [postfix/smtpd] 0390 ed 01 18 c2 78 25 59 06|5c 39 f6 cd 49 54 af c1 ....x%Y. \9..IT..
Feb 1 19:01:48 [postfix/smtpd] 03a0 b1 ea 4a f9 53 d0 df 6d|af d4 93 e7 ba ae 9b 00 ..J.S..m ........
Feb 1 19:01:48 [postfix/smtpd] 03b0 01 02 00 80 45 4f 21 92|3a 9e d1 8f d5 7c e5 f5 ....EO!. :....|..
Feb 1 19:01:48 [postfix/smtpd] 03c0 4f da c9 ed 52 5b 66 4b|2f b1 a0 2a 92 9a ac cc O...R[fK /..*....
Feb 1 19:01:48 [postfix/smtpd] 03d0 49 1a 61 6d 30 14 87 99|bc 5e 17 7b d9 62 4a 33 I.am0... .^.{.bJ3
Feb 1 19:01:48 [postfix/smtpd] 03e0 dd 26 27 fc 4d ae 95 3a|77 d7 ba 13 ed 70 42 d2 .&'.M..: w....pB.
Feb 1 19:01:48 [postfix/smtpd] 03f0 8b e1 a9 4b 27 b4 c7 1c|ac 46 05 20 8a 27 74 f1 ...K'... .F. .'t.
Feb 1 19:01:48 [postfix/smtpd] 0400 0a 51 21 95 ae ce 0d 2b|63 dd 74 8b 7f 16 67 5d .Q!....+ c.t...g]
Feb 1 19:01:48 [postfix/smtpd] 0410 f0 1a 11 d9 d0 f3 f4 52|33 e6 fc 54 f0 ad 42 32 .......R 3..T..B2
Feb 1 19:01:48 [postfix/smtpd] 0420 c1 3d be 3c b5 e7 b8 74|11 55 f3 ea b5 03 ed 2b .=.<...t .U.....+
Feb 1 19:01:48 [postfix/smtpd] 0430 6b 41 4f ff 00 80 27 90|24 26 58 a1 a6 36 f6 db kAO...'. $&X..6..
Feb 1 19:01:48 [postfix/smtpd] 0440 e5 e7 15 9b 9e d4 07 73|36 d9 91 1d a8 a5 cd 85 .......s 6.......
Feb 1 19:01:48 [postfix/smtpd] 0450 5b 67 b1 30 47 f1 a4 4c|f7 87 d9 72 e3 dc 4e 92 [g.0G..L ...r..N.
Feb 1 19:01:48 [postfix/smtpd] 0460 bd 9e 6a 0a 16 e6 90 ef|bb 36 4b a5 b1 ec 30 07 ..j..... .6K...0.
Feb 1 19:01:48 [postfix/smtpd] 0470 cc 1c 57 bc 36 85 f3 d6|f9 ce 1e 9e 24 25 a5 6d ..W.6... ....$%.m
Feb 1 19:01:48 [postfix/smtpd] 0480 88 11 7c 0e b6 e6 4d 89|be c2 c3 b7 17 f4 73 ef ..|...M. ......s.
Feb 1 19:01:48 [postfix/smtpd] 0490 d9 01 fc 06 8a bd ab 54|ac ad b8 22 5b 09 ee 82 .......T ..."[...
Feb 1 19:01:48 [postfix/smtpd] 04a0 7b 3a c1 68 07 e3 ab 3a|6b a1 f9 dc ba c5 30 24 {:.h...: k.....0$
Feb 1 19:01:48 [postfix/smtpd] 04b0 f4 78 85 58 26 de 16 03|01 00 04 0e .x.X&... ....
Feb 1 19:01:48 [postfix/smtpd] 04bf - <SPACES/NULS>?
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:SSLv3 flush data
Feb 1 19:01:48 [postfix/smtpd] read from 080A7090 [080B5298] (5 bytes => -1 (0xFFFFFFFF))
Feb 1 19:01:48 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 1 19:01:51 [postfix/smtpd] read from 080A7090 [080B5298] (5 bytes => 5 (0x5))
Feb 1 19:01:51 [postfix/smtpd] 0000 15 03 01 00 02 .....
Feb 1 19:01:51 [postfix/smtpd] read from 080A7090 [080B529D] (2 bytes => -1 (0xFFFFFFFF))
Feb 1 19:01:51 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 1 19:01:51 [postfix/smtpd] read from 080A7090 [080B529D] (2 bytes => 2 (0x2))
Feb 1 19:01:51 [postfix/smtpd] 0000 02 2a .*
Feb 1 19:01:51 [postfix/smtpd] SSL3 alert read:fatal:bad certificate
Feb 1 19:01:51 [postfix/smtpd] SSL_accept:failed in SSLv3 read client certificate A
Feb 1 19:01:51 [postfix/smtpd] SSL_accept error from doobdev[192.168.4.20]: 0
Feb 1 19:01:51 [postfix/smtpd] 14030:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1052:SSL alert number 42:
Feb 1 19:01:51 [postfix/smtpd] disconnect from doobdev[192.168.4.20]
|
_________________
[planet-earth] root # rm -rf / |
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Sun Feb 01, 2004 8:53 pm Post subject: |
|
|
Bob,
If I understand it correctly, you want to become your own SMTP server, not using SASL to auth to your ISP's SMTP server...
In that case, here's a few more changes to /etc/postfix/main.cf that needs to be placed....
| Code: |
myorigin = $myhostname
.....
mydestination = $myhostname, localhost.$mydomain $mydomain
|
Also, you don't need any options that start with "smtp_sasl..." since you're going to become your own SMTP server. This was the big error I made in the guide, not specifying what needed to be done...
This should enable your Server inside your lan to act as a true mail transport....
_________________
I have nothing witty to say here... ever |
|
| Back to top |
|
|
Bob Shroom
n00b
Joined: 14 Oct 2003
Posts: 14
Location: Nuremberg, Germany
|
| Posted: Sun Feb 01, 2004 9:34 pm Post subject: |
|
|
beowulf, i have the feeling, that my system is doomed for some reason.
edited main.cf and enabled myorigin and mydestination and disabled all smtpd_sasl stuff.
mmmhhh....still no luck. postfix still bitches about a 'bad certificate' (see output in my last post)....looks like nothing has changed.
EDIT:
stopping and starting postfix should be enough for the changes to take effect, right? 'shutdown -r now ' is not necessary, right?
i hope, i'm not getting on your nerves...
before i started with your guide, i tried the gentoo virtual mailhosting guide, which worked fine, but for my small home lan, this setup was a little oversized in my opinion. so i was really happy, when i found your guide, as it is exactly what i want/need.
maybe i should just wait for your version 2.0 and try my luck again with this one then.
anyway....thanks for your help and time so far.
_________________
[planet-earth] root # rm -rf / |
|
| Back to top |
|
|
pubecon
Guru
Joined: 03 Mar 2003
Posts: 342
Location: Glasgow, Scotland
|
| Posted: Sun Feb 01, 2004 11:33 pm Post subject: thought I'd best post here. please advise if this is wrong |
|
|
having trawled around looking for a howto on how to set up virtual users for postfix, I came across (of course) the gentoo howto but also...
http://annapolislinux.org/docs/plc/postfix-courier-howto.html
now, the gentoo howto is all well and good but I have my linux server running alongside a windows 2000 server and so would like to be getting some active directory integration/authentication going on
ANYWAY,
on the topic of virtual users there is very little said in either of these howtos
the gentoo howto has a throwaway | Quote: | | So now when you're setting up vmail accounts, use the vmail uid, gid, and homedir. When you're setting up local accounts, use that users uid, gid, and homedir. |
which I thought the light had been shed on via the second howto i mentioned via
| Quote: | Step 7. Setup Filesystem for new users
a. as root run the following
| Code: |
#create home
mkdir -p /home/1020/
#change permissions to that of ldap user
chown 1020:1001 /home/1000
#change from root to ldap user
su -s /bin/sh tadmin
|
b. run the following commands as the ldap user
| Code: |
#change to root directory
cd
#make sure you are that ldap user
id
#should display uid=1020(tadmin) gid=1001(vmail) groups=1001(vmail)
#create a maildir as user
maildirmake ~/Maildir
#setup mailqouta of 20Megs
maildirmake -q 2048000S ~/Maildir
#create some folders
maildirmake -f Trash ~/Maildir
maildirmake -f Sent ~/Maildir
maildirmake -f Drafts ~/Maildir |
|
(aside: where did /home/1000 come from?!)
specifically the line to change to the virtual mail user but when I all I get is root this means I cannot continue with the remainder of the howto.
so, anyone know of a good howto or where I'm going wrong?
thanks for reading |
|
| Back to top |
|
|
IcedTerror
Tux's lil' helper
Joined: 26 Apr 2003
Posts: 78
|
| Posted: Mon Feb 02, 2004 6:00 am Post subject: |
|
|
I have no problems with auth in imap.
but eveytime I try to send anything I get this error:
| Code: |
smtp < 220 mindseye.metalrooster.net ESMTP postfix
ESMTP > EHLO gen2.box.metalrooster.net
***connection closed by remote host.
|
I obviously missed somthing but can't seem to find it.
Any suggestions ??
IT |
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Mon Feb 02, 2004 10:53 am Post subject: |
|
|
Bob Shroom - I hope you made a typo in your post about th smtpd_sasl stuff... I hope you really meant you removed the smtp_sasl stuff
The only time you have to reboot is when you change your kernel...
I'm at a loss why SSL isn't working.... Bad certificate has me stumped since the pre-generated ones should've fixed it...
In any case, I'll be able to work on v2.0 some time this week, sorry if it's taking a while... and sorry to hear you dumped your working setup for this one which isn't.... I'll try to get the guide done quicker...
pubecon - Sorry man, I really don't have much knowledge in virtual mail users and all that jazz.... I think it would be best if you posted in the "Network And Security" forum as it will reach a much broader audience and your chances of getting a helpful reply will increase.
IcedTerror - I assume that's a telnet error and it disconnects you after EHLO? Hmm... Not quite sure why.... one thing I might suggest is to make postfix's logging a bit more verbose by editing /etc/postfix/master.cf. Find this line (about 65% in my file):
smtp inet n - n - - smtpd
--- and append a -v switch to smtpd, like this ----
smtp inet n - n - - smtpd -v
restart the server and see if it spits out any further errors....
_________________
I have nothing witty to say here... ever |
|
| Back to top |
|
|
bruzzler
n00b
Joined: 08 Oct 2003
Posts: 70
|
| Posted: Mon Feb 02, 2004 1:52 pm Post subject: Curious local delivery |
|
|
Hi,
i have corrected the above error, it whas caused by the init.d postfix skript, that stated out postfix was started, but it wasn't really.
By now i have another problem:
Some of my local email is delivered by postfix and some not. I get email from cron, but whenever i try to send local email e.g. through kmail i don't receive it. I don't receive any from ddclient, too.
Regards,
Bruzzler |
|
| Back to top |
|
|
IcedTerror
Tux's lil' helper
Joined: 26 Apr 2003
Posts: 78
|
| Posted: Mon Feb 02, 2004 8:15 pm Post subject: |
|
|
Added the -v and recieved the same message.
This is a great tut but I just can't get it to work.
Thanks for the howto and mabey after I reread and redo the config
things will work.
I may not have my networking setup correctly
thanks
IT |
|
| Back to top |
|
|
Woolong
n00b
Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong
|
| Posted: Tue Feb 03, 2004 10:28 am Post subject: postfix authentication failed |
|
|
Hi,
Thanks to author about the great guide. I have the imap working already.
However, when I tried to send a msg through postfix from a workstation on the same network, the authentication always fails. I'm sure postfix is alive because Kmail actually detected "TLS" for encryption and "DIGEST-MD5" for authentication.
So here is what I did:
| Code: |
rm /etc/sasl2/sasldb2
saslpasswd2 -c -u woolong.dyndns.org -a smtpauth mardiana
|
I've double checked the passwd several times, but postfix just keeps prompting for authentication.
I've even tried to change pwcheck_method to pam
| Code: |
root@server # vi /etc/sasl2/smtpd.conf
pwcheck_method:pam
|
and use the username and passwd on the gentoo system, but still fails.
Here is part of my /etc/postfix/main.cf
| Code: |
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom
|
|
|
| Back to top |
|
|
Woolong
n00b
Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong
|
| Posted: Tue Feb 03, 2004 8:04 pm Post subject: postfix authentication failed |
|
|
Sorry the prev post was unfinished.
Can anyone help me with the problem? I got prompts for username and passwd, and I'm pretty sure they are correct having reset the db over and over again.
Actually, is it possible to authenticate against pam instead of sasldb?
Thanx! |
|
| Back to top |
|
|
john5211
n00b
Joined: 04 Feb 2004
Posts: 14
|
| Posted: Wed Feb 04, 2004 8:40 am Post subject: troubles sending mail |
|
|
First let me say that this is a great guide, and this setup seems to be exactly what I am looking for ... kudos!
Unfortunately, I am having problems with the first part of the guide. I am happily recieving mail and I have webmail setup, but I can't seem to get postfix to work correctly. When I run the check command, here is what I get:
| Code: |
root@mailtux etc # /usr/sbin/postfix check
postfix: warning: My hostname localhost is not a fully qualified name - set myhostname or mydomain in /etc/postfix/main.cf
postsuper: warning: My hostname localhost is not a fully qualified name - set myhostname or mydomain in /etc/postfix/main.cf
|
I've followed all of the instructions, and even played around a little with setting the hostname directly in main.cf (to no avail). Also, I own the domain name I am trying to use, and have no-ip.com happily pointing to my ip address.
For what it's worth, here is the my main.cf:
| Code: |
root@mailtux etc # grep -v "^#" /etc/postfix/main.cf | sed '/./,/^$/!d'
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.2.0/24, 127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
home_mailbox = .maildir/
mailbox_command = /usr/bin/procmail -a $DOMAIN
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.16-r1/sample
readme_directory = /usr/share/doc/postfix-2.0.16-r1/readme
smtpd_sasl_auth_enable = yes
smtpd_sasl_password_maps = hash:/etc/postfix/saslpass
smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom
|
and also my /etc/hosts:
| Code: |
mailtux postfix # grep -v "^#" /etc/hosts
127.0.0.1 localhost mailtux
192.168.2.106 mailtux.johnsland.net mailtux
|
Thanks for any insights you can offer, and let me know if you need any more info.
John |
|
| Back to top |
|
|
john5211
n00b
Joined: 04 Feb 2004
Posts: 14
|
| Posted: Wed Feb 04, 2004 9:25 am Post subject: |
|
|
So I guess writing out my post made me look at everything a little harder and figure out what was wrong ... turns out that commenting out the localhost line in my /etc/hosts file and then restarting postfix did the trick.
Thanks again for the great guide!
John |
|
| Back to top |
|
|
pubecon
Guru
Joined: 03 Mar 2003
Posts: 342
Location: Glasgow, Scotland
|
| Posted: Wed Feb 04, 2004 2:39 pm Post subject: |
|
|
| shouldn't you just have deleted the "mailtux" alias on the localhost line? |
|
| Back to top |
|
|
Bob Shroom
n00b
Joined: 14 Oct 2003
Posts: 14
Location: Nuremberg, Germany
|
| Posted: Wed Feb 04, 2004 9:14 pm Post subject: |
|
|
| beowulf wrote: | Bob Shroom - I hope you made a typo in your post about th smtpd_sasl stuff... I hope you really meant you removed the smtp_sasl stuff
|
well, what i wanted to say was, that i commented out the lines starting with smtp_sasl...
this is how it looks now:
| Code: |
...
#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/saslpass
#smtp_sasl_security_options = noanonymous,noplaintext
#smtpd_sasl_auth_enable = yes
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = $myhostname
#broken_sasl_auth_clients = yes
#smtpd_client_restrictions = permit_sasl_authenticated, reject
...
|
| beowulf wrote: |
In any case, I'll be able to work on v2.0 some time this week, sorry if it's taking a while... and sorry to hear you dumped your working setup for this one which isn't.... I'll try to get the guide done quicker...
|
no sweat...whenever you're finished, i'll be here to play the crash test dummy for you.
_________________
[planet-earth] root # rm -rf / |
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Thu Feb 05, 2004 7:45 am Post subject: |
|
|
Woolong - One suggestion I have is setting this:
smtpd_sasl_local_domain = $myhostname
--to equal this:
smtpd_sasl_local_domain =
That should fix it... but I could be wrong.... Try that and let me know of any log output that seems important if it fails... As for auth'ing against pam... that's what I'm working on in the new version... I've found sasldb causes more hassles than it's worth.... I think many in this thread would agree...
john5211 - Yeah, do what pubecon suggested. Don't remove the alias to localhost... because I think that'll break something. Not sure what it would break, but I think something will break.
Bob Shrooms - Your settings should be like this:
| Code: |
...
#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/saslpass
#smtp_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject
...
|
I've just about finished the guide... it'll probably be up tomorrow as I have to read over everything, scrap my current setup and restart it to make sure everything works properly....
-------------
Hope this helps guys...
_________________
I have nothing witty to say here... ever |
|
| Back to top |
|
|
beowulf
Apprentice
Joined: 07 Apr 2003
Posts: 225
|
| Posted: Thu Feb 05, 2004 11:23 am Post subject: |
|
|
Bad taste I hear to reply after yourself... oh well
Version 2 is up, completely re-written and should have better support for Outlook Express.. We use shadow (pam) to authenticate to both server's as to keep down on the unnessecary confusion that two seperate user/pass combo's created. Also Sasldb was more hassle than it's worth.
Hopefully this solves some of the major problems that existed before... If anything, let me of any problems, errors or anything else at all
hope this helps
_________________
I have nothing witty to say here... ever |
|
| Back to top |
|
|
Bob Shroom
n00b
Joined: 14 Oct 2003
Posts: 14
Location: Nuremberg, Germany
|
| Posted: Thu Feb 05, 2004 5:34 pm Post subject: |
|
|
beowulf...you are the man!
i don't know, what actually did the trick....but i can send email now! 
tried it via squirrelmail and via sylpheed-claws....works fine with both!
thanx again for your help and this great guide!
bob
_________________
[planet-earth] root # rm -rf / |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
