Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to set up an email server with postfix/cyrus
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Mon Apr 11, 2011 5:37 pm    Post subject: Reply with quote

So far, so good. Well written!

Here's a suggestion: "However, as this database isn't going to be particularly large nor resource-intensive, MySQL is realistically overkill, and SQLite should be perfectly suitable unless you have thousands upon thousands of users, and you have multiple people updating the database at the same time."

You could add "or if you already have MySQL and it's therefore convenient to just use that".
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Mon Apr 11, 2011 6:15 pm    Post subject: Reply with quote

doc tweaked accordingly.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Tue Apr 12, 2011 3:54 pm    Post subject: Reply with quote

I'm a little slow because it's been busy the past few days.

You write very well!

I was wondering if there was any reason for suggesting /root/overlays as PORTDIR_OVERLAY instead of the usual /usr/local/portage. Also, and I've done this on my own server for Cyrus, I make sure the necessary category dir exists, and then do cp -rv /usr/portage/category/package /usr/local/portage/category, and then download or modify ebuilds. I'm sure it's just a matter of personal preference.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Tue Apr 12, 2011 4:19 pm    Post subject: Reply with quote

I'm debating whether to enable pop3 in cyrus.conf. Why don't you like it?
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Apr 13, 2011 7:31 pm    Post subject: Reply with quote

audiodef wrote:

You write very well!


Thank ya! When I finally get motivated enough to write, it comes out fairly well. Though towards the end it will be a bit more obvious I was falling asleep at my keyboard and just trying to finish up :lol:

audiodef wrote:

I was wondering if there was any reason for suggesting /root/overlays as PORTDIR_OVERLAY instead of the usual /usr/local/portage. Also, and I've done this on my own server for Cyrus, I make sure the necessary category dir exists, and then do cp -rv /usr/portage/category/package /usr/local/portage/category, and then download or modify ebuilds. I'm sure it's just a matter of personal preference.


Yeah, all personal preference. No real good reason, other than ~/overlays being easier for me to remember.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Apr 13, 2011 8:42 pm    Post subject: Reply with quote

audiodef wrote:
I'm debating whether to enable pop3 in cyrus.conf. Why don't you like it?


whoops, noticed this one a bit late

if i were to enable pop3 at all, it'd be pop3s
I don't generally like POP3, because I access my e-mail from multiple places. I want the messages to stay on the server so I can just as easily access them from home as I can from my phone or anywhere else.

http://www1.umn.edu/adcs/guides/email/imapvspop.html

As far as data-security goes, it *is* possible for clients to be configured to keep a local copy of e-mail with IMAP (this is the default with POP), but if I have control of a machine and am setting it up, I disallow this (moreso a concern for commercial type environments), because there may well be a case that someone loses their laptop or phone, and someone can easily hop on (e.g. boot sysrescuecd, ntfs-3g mount) and read all of those cached copies of the e-mail. Of course, if the user's disk is encrypted, that's not really a concern, but that's not always practical, AND if we're talking about Windows users, I'm quite certain "authorities" can get around BitLocker.

If your mail volume is such that storage is at a premium, you may well want to enable pop3s. Then again, you can just as easily keep watch over your disk usage, and if it gets to an unacceptably high level, enable pop temporarily, download the mail, dump in a backup somewhere locally, disable pop now that you've freed up space, and go on about your business. Of course, enforcing mailbox quotas gets you around the issue entirely.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Wed Apr 13, 2011 10:08 pm    Post subject: Reply with quote

That all sounds good.

OK, I've gotten through the tutorial, and it's a nice one. But mail just doesn't seem to be working, and I rather suspect I haven't configured stuff right on Godaddy. I set up a webmaster at audiodef dot com email in postfix/cyrus/mysql and then went to Godaddy to change things there.

I think we went over this earlier in this thread, but I'm just not sure I've done everything right on the Godaddy end.

I went to DNS manager, edit zone, scroll down to MX, quick add, points to = audiodef.com, host = @, priority = 0. Do I leave the mailstore1.secureserver.net and mtp.secureserver.net lines there (I removed them earlier, I have since put them back to avoid bouncing emails from anyone trying to reach me)? How do I actually test the webmaster email I set up? I tried testing it with mail2web.com as a quick and dirty test, but got a no such email address error.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Apr 13, 2011 11:54 pm    Post subject: Reply with quote

I get this when i try to connect to audiodef.com on port 25:

Code:

ricker ~ # telnet audiodef.com 25
Trying 209.177.157.239...
Connected to audiodef.com.
Escape character is '^]'.
Connection closed by foreign host.


if an SMTP server sending to you gets this, it will fall back over to 'smtp.secureserver.net'

Code:

ricker ~ # host audiodef.com
audiodef.com has address 209.177.157.239
audiodef.com mail is handled by 0 audiodef.com.
audiodef.com mail is handled by 0 smtp.secureserver.net.
audiodef.com mail is handled by 10 mailstore1.secureserver.net.


Do you get a banner at all if you telnet localhost 25 on that server?

Grep through all of /var/log/* for my IP here (75.148.243.90). Also any logging output you can pastebin from Postfix would be useful.

I remember seeing this same behavior before you started on this (the setup in my doc i mean), and had just assumed you were working on getting the setup started.

Once we can sort out this connection issue, you should remove both of the secureserver lines from your DNS setup (e.g. your only MX should be 'audiodef.com')
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Thu Apr 14, 2011 12:21 am    Post subject: Reply with quote

audiodef wrote:
I tried testing it with mail2web.com as a quick and dirty test, but got a no such email address error.


also, regarding this, i just had a look - their freebie service doesn't support IMAPS on 993.

I'd snag a fat client you don't have to compile, set it up. Something like thunderbird-bin (whereupon you can happily remove it)

Ideal way of testing, hop on gmail, tail -f /var/log/mail.log (or wherever postfix logs to), send yourself an email, watch it process in the logs. If it never even seems to get to Postfix, I'd be inclined to blame something like denyhosts (I don't think it's iptables, since it allows the initial connection but *then* kicks me out)

Personally not a fan of webmail in general (and can't echo the statements here strongly enough - https://bugs.gentoo.org/show_bug.cgi?id=101270#c30)
If you at some point decide to toss up a webmail app, be darn sure you put it in a password-protected directory, for that very reason.

You can even have Apache authenticate against an IMAP server if need be, instead of having the user remember two passwords (I did that in the past - can post info if needed)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Thu Apr 14, 2011 2:47 am    Post subject: Reply with quote

cach0rr0 wrote:

Do you get a banner at all if you telnet localhost 25 on that server?


Nope, no banner.

cach0rr0 wrote:

Grep through all of /var/log/* for my IP here (75.148.243.90). Also any logging output you can pastebin from Postfix would be useful.


I found this:

Code:

/var/log/messages:Apr 13 09:48:59 serverdef postfix/smtpd[1517]: connect from gw.whitehathouston.com[75.148.243.90]


I'm certain I changed everything in the examples over to my information. Does this log entry mean I should fix something?

I need to hit the hay. I'll follow up some more in the morning. Otherwise, I'll permanently look like this: 8O
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Thu Apr 14, 2011 4:40 am    Post subject: Reply with quote

audiodef wrote:

I'm certain I changed everything in the examples over to my information. Does this log entry mean I should fix something?


The log entry itself just shows that i successfully connected to the Postfix daemon.
I'd be more keen to look a few entries before and after that line to see if you're seeing any errors thrown.
I'd even check dmesg to see if Postfix is segfaulting for some reason.

If you're not getting a banner, something is amiss, and it *should* be getting logged.

audiodef wrote:

I need to hit the hay. I'll follow up some more in the morning. Otherwise, I'll permanently look like this: 8O


no worries. If I missed something in the doc, now is good a time to find it as any - but there shouldn't realistically be anything missing, i used my live main.cf as an example in there.

If there's stuff you dont want to make public (e.g. invasive logging info, or full main.cf) just PM it to me and ill have a look
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Mon Apr 18, 2011 1:03 pm    Post subject: Reply with quote

OK, finally got another chance to sit down and look at this.

There aren't separate log files for postfix and cyrus, and since the messages file was 134MB, with too-numerous-to-count entries for postfix, I moved it to a backup file and restarted my server. Now I see a bunch of TLS errors in /var/log/messages:

Code:

Apr 17 22:55:50 serverdef syslog-ng[2292]: syslog-ng starting up; version='3.1.4'
Apr 17 22:55:50 serverdef kernel: [    0.000000] Initializing cgroup subsys cpuset
Apr 17 22:55:50 serverdef kernel: [    0.000000] Initializing cgroup subsys cpu
Apr 17 22:55:50 serverdef kernel: [    0.000000] Linux version 2.6.34-xen-vr.org (root@gentoo64) (gcc version 4.3.4 (Gentoo 4.3.4 p1.0, pie-10.1.5) ) #2 SMP Mon Jul 5 20:54:35 PDT 2010
Apr 17 22:55:50 serverdef kernel: [    0.000000] Command line: root=/dev/hda3
Apr 17 22:55:50 serverdef kernel: [    0.000000] Xen-provided physical RAM map:
Apr 17 22:55:50 serverdef kernel: [    0.000000]  Xen: 0000000000000000 - 0000000020800000 (usable)
Apr 17 22:55:50 serverdef kernel: [    0.000000] NX (Execute Disable) protection: active
Apr 17 22:55:50 serverdef kernel: [    0.000000] last_pfn = 0x20800 max_arch_pfn = 0x80000000
Apr 17 22:55:50 serverdef kernel: [    0.000000] initial memory mapped : 0 - 00000000
Apr 17 22:55:50 serverdef kernel: [    0.000000] init_memory_mapping: 0000000000000000-0000000020800000
Apr 17 22:55:50 serverdef kernel: [    0.000000]  0000000000 - 0020800000 page 4k
Apr 17 22:55:50 serverdef kernel: [    0.000000] kernel direct mapping tables up to 20800000 @ 1990000-1a96000
Apr 17 22:55:50 serverdef kernel: [    0.000000] Zone PFN ranges:
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA      0x00000000 -> 0x00001000
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA32    0x00001000 -> 0x00100000
Apr 17 22:55:50 serverdef kernel: [    0.000000]   Normal   empty
Apr 17 22:55:50 serverdef kernel: [    0.000000] Movable zone start PFN for each node
Apr 17 22:55:50 serverdef kernel: [    0.000000] early_node_map[2] active PFN ranges
Apr 17 22:55:50 serverdef kernel: [    0.000000]     0: 0x00000000 -> 0x00020000
Apr 17 22:55:50 serverdef kernel: [    0.000000]     0: 0x00020800 -> 0x00020800
Apr 17 22:55:50 serverdef kernel: [    0.000000] On node 0 totalpages: 131072
Apr 17 22:55:50 serverdef kernel: [    0.000000] free_area_init_node: node 0, pgdat ffffffff81740ac0, node_mem_map ffff880001a96000
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA zone: 56 pages used for memmap
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA zone: 0 pages reserved
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA zone: 4040 pages, LIFO batch:0
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA32 zone: 1764 pages used for memmap
Apr 17 22:55:50 serverdef kernel: [    0.000000]   DMA32 zone: 125212 pages, LIFO batch:31
Apr 17 22:55:50 serverdef kernel: [    0.000000] setup_percpu: NR_CPUS:8 nr_cpumask_bits:8 nr_cpu_ids:2 nr_node_ids:1
Apr 17 22:55:50 serverdef kernel: [    0.000000] PERCPU: Embedded 19 pages/cpu @ffff880001876000 s45480 r8192 d24152 u77824
Apr 17 22:55:50 serverdef kernel: [    0.000000] pcpu-alloc: s45480 r8192 d24152 u77824 alloc=19*4096
Apr 17 22:55:50 serverdef kernel: [    0.000000] pcpu-alloc: [0] 0 [0] 1
Apr 17 22:55:50 serverdef kernel: [    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 129252
Apr 17 22:55:50 serverdef kernel: [    0.000000] Kernel command line: root=/dev/hda3
Apr 17 22:55:50 serverdef kernel: [    0.000000] PID hash table entries: 2048 (order: 2, 16384 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.000000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.000000] early_res array is doubled to 64 at [0 - 7ff]
Apr 17 22:55:50 serverdef kernel: [    0.000000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.000000] Software IO TLB disabled
Apr 17 22:55:50 serverdef kernel: [    0.000000] Subtract (30 early reservations)
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #1 [000197c000 - 0001990000]    Xen provided
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #2 [0001000000 - 000186b3c4]   TEXT DATA BSS
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #3 [0001990000 - 0001a96000]         PGTABLE
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #4 [0020000000 - 0020800000]         BALLOON
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #5 [0001a96000 - 00021b2000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #6 [000186b400 - 000186b408]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #7 [000186b440 - 000186b5c0]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #8 [000186b5c0 - 000186b5f0]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #9 [000186b600 - 000186e600]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #10 [000186f000 - 0001870000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #11 [0001870000 - 0001871000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #12 [0001871000 - 0001872000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #13 [00021b2000 - 00022b6000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #14 [0001872000 - 0001872010]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #15 [000186e600 - 000186e608]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #16 [0001873000 - 0001874000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #17 [000186e640 - 000186e64f]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #18 [000186e680 - 000186e68f]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #19 [0001876000 - 000189c000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #20 [000186e6c0 - 000186e6c8]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #21 [000186e700 - 000186e708]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #22 [000186e740 - 000186e748]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #23 [000186e780 - 000186e790]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #24 [000186e7c0 - 000186e8c0]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #25 [000186e8c0 - 000186e908]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #26 [000186e940 - 000186e988]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #27 [000189c000 - 00018a0000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #28 [00018a0000 - 0001920000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000]   #29 [0001920000 - 0001960000]         BOOTMEM
Apr 17 22:55:50 serverdef kernel: [    0.000000] Memory: 505248k/532480k available (4801k kernel code, 8192k absent, 19040k reserved, 2698k data, 288k init)
Apr 17 22:55:50 serverdef kernel: [    0.000000] SLUB: Genslabs=13, HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
Apr 17 22:55:50 serverdef kernel: [    0.000000] Hierarchical RCU implementation.
Apr 17 22:55:50 serverdef kernel: [    0.000000] NR_IRQS:848 nr_irqs:848
Apr 17 22:55:50 serverdef kernel: [    0.000000] Xen reported: 2133.332 MHz processor.
Apr 17 22:55:50 serverdef kernel: [    0.000000] Console: colour dummy device 80x25
Apr 17 22:55:50 serverdef kernel: [    0.000000] console [tty0] enabled
Apr 17 22:55:50 serverdef kernel: [    0.000000] console [xvc-1] enabled
Apr 17 22:55:50 serverdef kernel: [    0.000000]   alloc irq_desc for 768 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.000000]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.060004] Calibrating delay using timer specific routine.. 4300.52 BogoMIPS (lpj=2150260)
Apr 17 22:55:50 serverdef kernel: [    0.060037] Security Framework initialized
Apr 17 22:55:50 serverdef kernel: [    0.060043] SELinux:  Initializing.
Apr 17 22:55:50 serverdef kernel: [    0.060053] SELinux:  Starting in permissive mode
Apr 17 22:55:50 serverdef kernel: [    0.060060] Mount-cache hash table entries: 256
Apr 17 22:55:50 serverdef kernel: [    0.060160] Initializing cgroup subsys ns
Apr 17 22:55:50 serverdef kernel: [    0.060167] Initializing cgroup subsys cpuacct
Apr 17 22:55:50 serverdef kernel: [    0.060173] Initializing cgroup subsys freezer
Apr 17 22:55:50 serverdef kernel: [    0.060237] SMP alternatives: switching to UP code
Apr 17 22:55:50 serverdef kernel: [    0.089276]   alloc irq_desc for 769 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.089278]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.089285]   alloc irq_desc for 770 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.089286]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.089289]   alloc irq_desc for 771 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.089290]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.089362] Brought up 1 CPUs
Apr 17 22:55:50 serverdef kernel: [    0.089491] khelper used greatest stack depth: 6344 bytes left
Apr 17 22:55:50 serverdef kernel: [    0.090034] NET: Registered protocol family 16
Apr 17 22:55:50 serverdef kernel: [    0.090312] khelper used greatest stack depth: 6248 bytes left
Apr 17 22:55:50 serverdef kernel: [    0.090328]   alloc irq_desc for 772 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.090329]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.091079] SMP alternatives: switching to SMP code
Apr 17 22:55:50 serverdef kernel: [    0.126018] Brought up 2 CPUs
Apr 17 22:55:50 serverdef kernel: [    0.126517] PCI: Fatal: No config space access function found
Apr 17 22:55:50 serverdef kernel: [    0.126522] PCI: setting up Xen PCI frontend stub
Apr 17 22:55:50 serverdef kernel: [    0.127035] khelper used greatest stack depth: 6208 bytes left
Apr 17 22:55:50 serverdef kernel: [    0.133033] bio: create slab <bio-0> at 0
Apr 17 22:55:50 serverdef kernel: [    0.133050] vgaarb: loaded
Apr 17 22:55:50 serverdef kernel: [    0.133050]   alloc irq_desc for 773 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.133050]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.133050] suspend: event channel 11
Apr 17 22:55:50 serverdef kernel: [    0.135061] xen_mem: Initialising balloon driver.
Apr 17 22:55:50 serverdef kernel: [    0.136066] SCSI subsystem initialized
Apr 17 22:55:50 serverdef kernel: [    0.136066] libata version 3.00 loaded.
Apr 17 22:55:50 serverdef kernel: [    0.136066] usbcore: registered new interface driver usbfs
Apr 17 22:55:50 serverdef kernel: [    0.136066] usbcore: registered new interface driver hub
Apr 17 22:55:50 serverdef kernel: [    0.136066] usbcore: registered new device driver usb
Apr 17 22:55:50 serverdef kernel: [    0.137026] PCI: System does not support PCI
Apr 17 22:55:50 serverdef kernel: [    0.137026] PCI: System does not support PCI
Apr 17 22:55:50 serverdef kernel: [    0.137056] cfg80211: Calling CRDA to update world regulatory domain
Apr 17 22:55:50 serverdef kernel: [    0.137056] NetLabel: Initializing
Apr 17 22:55:50 serverdef kernel: [    0.137056] NetLabel:  domain hash size = 128
Apr 17 22:55:50 serverdef kernel: [    0.137056] NetLabel:  protocols = UNLABELED CIPSOv4
Apr 17 22:55:50 serverdef kernel: [    0.137056] NetLabel:  unlabeled traffic allowed by default
Apr 17 22:55:50 serverdef kernel: [    0.137056] Switching to clocksource xen
Apr 17 22:55:50 serverdef kernel: [    0.138813] NET: Registered protocol family 2
Apr 17 22:55:50 serverdef kernel: [    0.138858] IP route cache hash table entries: 16384 (order: 5, 131072 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.139010] TCP established hash table entries: 65536 (order: 8, 1048576 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.139208] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.139409] TCP: Hash tables configured (established 65536 bind 65536)
Apr 17 22:55:50 serverdef kernel: [    0.139415] TCP reno registered
Apr 17 22:55:50 serverdef kernel: [    0.139420] UDP hash table entries: 256 (order: 1, 8192 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.139426] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.139488] NET: Registered protocol family 1
Apr 17 22:55:50 serverdef kernel: [    0.139593] RPC: Registered udp transport module.
Apr 17 22:55:50 serverdef kernel: [    0.139598] RPC: Registered tcp transport module.
Apr 17 22:55:50 serverdef kernel: [    0.139601] RPC: Registered tcp NFSv4.1 backchannel transport module.
Apr 17 22:55:50 serverdef kernel: [    0.139607] PCI: CLS 32 bytes
Apr 17 22:55:50 serverdef kernel: [    0.139810] platform rtc_cmos: registered platform RTC device (no PNP device found)
Apr 17 22:55:50 serverdef kernel: [    0.140657] audit: initializing netlink socket (disabled)
Apr 17 22:55:50 serverdef kernel: [    0.140671] type=2000 audit(1303106145.487:1): initialized
Apr 17 22:55:50 serverdef kernel: [    0.180093] khelper used greatest stack depth: 6048 bytes left
Apr 17 22:55:50 serverdef kernel: [    0.181126] VFS: Disk quotas dquot_6.5.2
Apr 17 22:55:50 serverdef kernel: [    0.181217] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
Apr 17 22:55:50 serverdef kernel: [    0.182088] msgmni has been set to 1024
Apr 17 22:55:50 serverdef kernel: [    0.182198] SELinux:  Registering netfilter hooks
Apr 17 22:55:50 serverdef kernel: [    0.182627] alg: No test for stdrng (krng)
Apr 17 22:55:50 serverdef kernel: [    0.182755] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
Apr 17 22:55:50 serverdef kernel: [    0.182762] io scheduler noop registered
Apr 17 22:55:50 serverdef kernel: [    0.182766] io scheduler deadline registered
Apr 17 22:55:50 serverdef kernel: [    0.182883] io scheduler cfq registered (default)
Apr 17 22:55:50 serverdef kernel: [    0.183008] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
Apr 17 22:55:50 serverdef kernel: [    0.186374] Non-volatile memory driver v1.3
Apr 17 22:55:50 serverdef kernel: [    0.186384] Linux agpgart interface v0.103
Apr 17 22:55:50 serverdef kernel: [    0.186550] [drm] Initialized drm 1.1.0 20060810
Apr 17 22:55:50 serverdef kernel: [    0.186556] [drm:i915_init] *ERROR* drm/i915 can't work without intel_agp module!
Apr 17 22:55:50 serverdef kernel: [    0.188451] brd: module loaded
Apr 17 22:55:50 serverdef kernel: [    0.189469] loop: module loaded
Apr 17 22:55:50 serverdef kernel: [    0.189484]   alloc irq_desc for 774 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.189486]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.189559] Xen virtual console successfully installed as xvc0
Apr 17 22:55:50 serverdef kernel: [    0.189924]   alloc irq_desc for 775 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.189925]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.192175] netfront: Initialising virtual ethernet driver.
Apr 17 22:55:50 serverdef kernel: [    0.196611] Console: switching to colour frame buffer device 100x37
Apr 17 22:55:50 serverdef kernel: [    0.197848]   alloc irq_desc for 776 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.197850]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.202402] console [tty0] enabled
Apr 17 22:55:50 serverdef kernel: [    0.203036] input: Xen Virtual Keyboard as /devices/virtual/input/input0
Apr 17 22:55:50 serverdef kernel: [    0.203156] input: Xen Virtual Pointer as /devices/virtual/input/input1
Apr 17 22:55:50 serverdef kernel: [    0.203196]   alloc irq_desc for 777 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.203197]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.210795]   alloc irq_desc for 778 on node 0
Apr 17 22:55:50 serverdef kernel: [    0.210797]   alloc kstat_irqs on node 0
Apr 17 22:55:50 serverdef kernel: [    0.224195] xen-vbd: registered block device major 3
Apr 17 22:55:50 serverdef kernel: [    0.224656]  hda: hda1 hda2 hda3
Apr 17 22:55:50 serverdef kernel: [    0.236515] Intel(R) PRO/1000 Network Driver - version 7.3.21-k5-NAPI
Apr 17 22:55:50 serverdef kernel: [    0.236555] Copyright (c) 1999-2006 Intel Corporation.
Apr 17 22:55:50 serverdef kernel: [    0.236842] e1000e: Intel(R) PRO/1000 Network Driver - 1.0.2-k2
Apr 17 22:55:50 serverdef kernel: [    0.237095] e1000e: Copyright (c) 1999 - 2009 Intel Corporation.
Apr 17 22:55:50 serverdef kernel: [    0.237468] e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI
Apr 17 22:55:50 serverdef kernel: [    0.237759] e100: Copyright(c) 1999-2006 Intel Corporation
Apr 17 22:55:50 serverdef kernel: [    0.238206] sky2: driver version 1.27
Apr 17 22:55:50 serverdef kernel: [    0.238705] console [netcon0] enabled
Apr 17 22:55:50 serverdef kernel: [    0.239027] netconsole: network logging started
Apr 17 22:55:50 serverdef kernel: [    0.239558] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
Apr 17 22:55:50 serverdef kernel: [    0.239927] ehci_hcd: block sizes: qh 104 qtd 96 itd 192 sitd 96
Apr 17 22:55:50 serverdef kernel: [    0.239987] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
Apr 17 22:55:50 serverdef kernel: [    0.240382] ohci_hcd: block sizes: ed 80 td 96
Apr 17 22:55:50 serverdef kernel: [    0.240440] uhci_hcd: USB Universal Host Controller Interface driver
Apr 17 22:55:50 serverdef kernel: [    0.241017] usbcore: registered new interface driver usblp
Apr 17 22:55:50 serverdef kernel: [    0.241445] Initializing USB Mass Storage driver...
Apr 17 22:55:50 serverdef kernel: [    0.241935] usbcore: registered new interface driver usb-storage
Apr 17 22:55:50 serverdef kernel: [    0.242400] USB Mass Storage support registered.
Apr 17 22:55:50 serverdef kernel: [    0.242927] usbcore: registered new interface driver libusual
Apr 17 22:55:50 serverdef kernel: [    0.244261] i8042.c: No controller found.
Apr 17 22:55:50 serverdef kernel: [    0.244882] mice: PS/2 mouse device common for all mice
Apr 17 22:55:50 serverdef kernel: [    0.245733] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
Apr 17 22:55:50 serverdef kernel: [    0.246690] device-mapper: ioctl: 4.17.0-ioctl (2010-03-05) initialised: dm-devel@redhat.com
Apr 17 22:55:50 serverdef kernel: [    0.248658] usbcore: registered new interface driver hiddev
Apr 17 22:55:50 serverdef kernel: [    0.249344] usbcore: registered new interface driver usbhid
Apr 17 22:55:50 serverdef kernel: [    0.249960] usbhid: USB HID core driver
Apr 17 22:55:50 serverdef kernel: [    0.250635] Netfilter messages via NETLINK v0.30.
Apr 17 22:55:50 serverdef kernel: [    0.251297] nf_conntrack version 0.5.0 (4096 buckets, 16384 max)
Apr 17 22:55:50 serverdef kernel: [    0.252073] ctnetlink v0.93: registering with nfnetlink.
Apr 17 22:55:50 serverdef kernel: [    0.253062] ip_tables: (C) 2000-2006 Netfilter Core Team
Apr 17 22:55:50 serverdef kernel: [    0.253711] TCP cubic registered
Apr 17 22:55:50 serverdef kernel: [    0.254323] Initializing XFRM netlink socket
Apr 17 22:55:50 serverdef kernel: [    0.255399] NET: Registered protocol family 10
Apr 17 22:55:50 serverdef kernel: [    0.256816] ip6_tables: (C) 2000-2006 Netfilter Core Team
Apr 17 22:55:50 serverdef kernel: [    0.257535] IPv6 over IPv4 tunneling driver
Apr 17 22:55:50 serverdef kernel: [    0.258703] NET: Registered protocol family 17
Apr 17 22:55:50 serverdef kernel: [    0.259731] registered taskstats version 1
Apr 17 22:55:50 serverdef kernel: [    0.260448] md: Waiting for all devices to be available before autodetect
Apr 17 22:55:50 serverdef kernel: [    0.261087] md: If you don't use raid, use raid=noautodetect
Apr 17 22:55:50 serverdef kernel: [    0.261967] md: Autodetecting RAID arrays.
Apr 17 22:55:50 serverdef kernel: [    0.262619] md: Scanned 0 and added 0 devices.
Apr 17 22:55:50 serverdef kernel: [    0.263354] md: autorun ...
Apr 17 22:55:50 serverdef kernel: [    0.263982] md: ... autorun DONE.
Apr 17 22:55:50 serverdef kernel: [    0.271152] kjournald starting.  Commit interval 5 seconds
Apr 17 22:55:50 serverdef kernel: [    0.271163] EXT3-fs (hda3): mounted filesystem with writeback data mode
Apr 17 22:55:50 serverdef kernel: [    0.271176] VFS: Mounted root (ext3 filesystem) readonly on device 3:3.
Apr 17 22:55:50 serverdef kernel: [    0.271275] Freeing unused kernel memory: 288k freed
Apr 17 22:55:50 serverdef kernel: [    0.271369] Write protecting the kernel read-only data: 7036k
Apr 17 22:55:50 serverdef kernel: [    0.565022] consoletype used greatest stack depth: 5680 bytes left
Apr 17 22:55:50 serverdef kernel: [    0.575360] stty used greatest stack depth: 4312 bytes left
Apr 17 22:55:50 serverdef kernel: [    1.140102] udev: starting version 151
Apr 17 22:55:50 serverdef kernel: [    1.565660] EXT3-fs (hda3): using internal journal
Apr 17 22:55:50 serverdef kernel: [    1.846174] Adding 530140k swap on /dev/hda2.  Priority:-1 extents:1 across:530140k SS
Apr 17 22:55:55 serverdef sshd[2920]: Server listening on 0.0.0.0 port 22.
Apr 17 22:55:55 serverdef sshd[2920]: Server listening on :: port 22.
Apr 17 22:56:04 serverdef master[3118]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted
Apr 17 22:56:04 serverdef master[3118]: retrying with 1024 (current max)
Apr 17 22:56:04 serverdef master[3118]: process started
Apr 17 22:56:04 serverdef master[3122]: about to exec /usr/lib64/cyrus/ctl_cyrusdb
Apr 17 22:56:05 serverdef ctl_cyrusdb[3122]: recovering cyrus databases
Apr 17 22:56:05 serverdef ctl_cyrusdb[3122]: skiplist: checkpointed /var/imap/mailboxes.db (1 record, 220 bytes) in 0 seconds
Apr 17 22:56:05 serverdef ctl_cyrusdb[3122]: skiplist: checkpointed /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Apr 17 22:56:05 serverdef ctl_cyrusdb[3122]: done recovering cyrus databases
Apr 17 22:56:05 serverdef master[3118]: ready for work
Apr 17 22:56:05 serverdef master[3182]: about to exec /usr/lib64/cyrus/ctl_cyrusdb
Apr 17 22:56:05 serverdef master[3180]: about to exec /usr/lib64/cyrus/tls_prune
Apr 17 22:56:05 serverdef master[3181]: about to exec /usr/lib64/cyrus/ctl_deliver
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: checkpointing cyrus databases
Apr 17 22:56:05 serverdef tls_prune[3180]: DBERROR: opening /var/imap/tls_sessions.db: No such file or directory
Apr 17 22:56:05 serverdef tls_prune[3180]: DBERROR: opening /var/imap/tls_sessions.db: cyrusdb error
Apr 17 22:56:05 serverdef master[3118]: process 3180 exited, status 1
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: archiving log file: /var/imap/db/log.0000000001
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: archiving log file: /var/imap/db/log.0000000001
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: archiving log file: /var/imap/db/log.0000000001
Apr 17 22:56:05 serverdef cyr_expire[3181]: Expunged 0 out of 0 messages from 0 mailboxes
Apr 17 22:56:05 serverdef cyr_expire[3181]: duplicate_prune: pruning back 3 days
Apr 17 22:56:05 serverdef cyr_expire[3181]: duplicate_prune: purged 0 out of 0 entries
Apr 17 22:56:05 serverdef master[3118]: process 3181 exited, status 0
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: archiving database file: /var/imap/annotations.db
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: archiving database file: /var/imap/mailboxes.db
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: archiving log file: /var/imap/db/log.0000000001
Apr 17 22:56:05 serverdef ctl_cyrusdb[3182]: done checkpointing cyrus databases
Apr 17 22:56:05 serverdef master[3118]: process 3182 exited, status 0
Apr 17 22:56:06 serverdef postfix/postfix-script[3250]: starting the Postfix mail system
Apr 17 22:56:06 serverdef postfix/master[3251]: daemon started -- version 2.7.3, configuration /etc/postfix
Apr 17 22:56:06 serverdef cron[3368]: (CRON) STARTUP (V5.0)
Apr 17 22:56:16 serverdef sshd[3508]: SSH: Server;Ltype: Version;Remote: 108.48.127.48-36103;Protocol: 2.0;Client: OpenSSH_5.8p1-hpn13v10
Apr 17 22:56:20 serverdef sshd[3508]: Accepted keyboard-interactive/pam for root from 108.48.127.48 port 36103 ssh2
Apr 17 22:56:20 serverdef sshd[3508]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: sql auxprop plugin using mysql engine
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: cannot load Certificate Authority data: disabling TLS support
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: warning: TLS library problem: 3535:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/etc/ssl/postfix/root.crt','r'):
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: warning: TLS library problem: 3535:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: warning: TLS library problem: 3535:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: warning: queue_minfree(150000000) should be at least 1.5*message_size_limit(102400000)
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: connect from host-static-93-116-183-40.moldtelecom.md[93.116.183.40]
Apr 17 22:57:06 serverdef postfix/smtpd[3535]: fatal: non-null host address bits in "209.177.157.239/29", perhaps you should use "209.177.157.232/29" instead
Apr 17 22:57:07 serverdef postfix/master[3251]: warning: process /usr/lib64/postfix/smtpd pid 3535 exit status 1
Apr 17 22:57:07 serverdef postfix/master[3251]: warning: /usr/lib64/postfix/smtpd: bad command startup -- throttling
Apr 17 22:58:04 serverdef sshd[3508]: Received disconnect from 108.48.127.48: 11: disconnected by user
Apr 17 22:58:04 serverdef sshd[3508]: pam_unix(sshd:session): session closed for user root
Apr 17 22:59:01 serverdef cron[3538]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
Apr 17 22:59:12 serverdef sshd[3539]: SSH: Server;Ltype: Version;Remote: 108.48.127.48-40476;Protocol: 2.0;Client: OpenSSH_5.8p1-hpn13v10
Apr 17 22:59:16 serverdef sshd[3539]: Accepted keyboard-interactive/pam for root from 108.48.127.48 port 40476 ssh2
Apr 17 22:59:16 serverdef sshd[3539]: pam_unix(sshd:session): session opened for user root by (uid=0)

_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Mon Apr 18, 2011 1:04 pm    Post subject: Reply with quote

OK, good, that all fit between code tags.

So what does this mean I missed?
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Mon Apr 18, 2011 9:13 pm    Post subject: Reply with quote

ok, so the first one:

Code:

Apr 17 22:57:06 serverdef postfix/smtpd[3535]: warning: TLS library problem: 3535:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/etc/ssl/postfix/root.crt','r'):


I doubt you have a 'root.crt' in that directory. For me, that was the root certificate from CACert.org
You won't have this unless of course you went through CACert for your SSL cert.
If you used a self-signed cert, you don't need 'smtpd_tls_CAfile' at all, and can remove this from main.cf

While you're at it, check smtpd_tls_key_file and smtpd_tls_cert_file, make sure they both point at existent files. The former should point at your private key, the latter should point at the certificate. If you're stumped, post output of ls /etc/ssl/postfix

You should do those same checks for these settings in /etc/imapd.conf:

Code:

tls_cert_file:          /etc/ssl/cyrus/server.crt
tls_key_file:           /etc/ssl/cyrus/server.key


server.crt is my cert, server.key is my private key
(you can leave 'tls_ca_path' as-is, since /etc/ssl/certs is the correct path by default)

There's also this:

Code:

Apr 17 22:57:06 serverdef postfix/smtpd[3535]: fatal: non-null host address bits in "209.177.157.239/29", perhaps you should use "209.177.157.232/29" instead


you'd probably want simply '209.177.157.239', or if that gives you grief, '209.177.157.239/32'
I used /29 because I have 5 IP addresses from my ISP, and this is correct for my IP range (75.148.243.88/29 covers 75.148.243.89-75.148.243.93). As you only have one IP, the /29 is not appropriate.

Both of these will be show-stoppers that keep postfix from functioning. Give that a go, let's see if things don't fare a bit better.

NB: a handy tip, even though you aren't on a hardened profile/build, if you emerge syslog-ng with the 'hardened' USE flag enabled, it'll keep things nicely tucked away in separate files. In the case of mail, you'll have a nice tidy /var/log/mail.log and /var/log/mail.(info|err). Without the 'hardened' use flag enabled, damn near everything goes into /var/log/messages.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Mon Apr 18, 2011 9:55 pm    Post subject: Reply with quote

Alright! Now we're getting somewhere!

I removed the CAcert line and removed the "29", restarted things, and I can now telnet localhost 25 and get a banner.

I'm re-emerging syslog-ng with the hardened use flag. Thanks for that tip.

OK, so now I need to test things. What's the best way to do that?
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Mon Apr 18, 2011 10:15 pm    Post subject: Reply with quote

audiodef wrote:

OK, so now I need to test things. What's the best way to do that?


first and foremost, at this stage I assume you added a handful (or at least one) of users to the database yeah?

If so, you should be able to fire up an IMAP client, connect on port 993 (using SSL), with a username of exactly what's in the database. (e.g. it has to be 'user@domain.com' and not simply 'user')

For the smtp side of things, quickest way to test is via telnet actually

Code:

$ telnet audiodef.com 25
Trying 209.177.157.239...
Connected to audiodef.com.
Escape character is '^]'.
220 audiodef.com ESMTP Postfix (2.7.3)
EHLO vpn.whitehathouston.com
250-audiodef.com
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<test@whitehathouston.com>
250 2.1.0 Ok
RCPT TO:<invalid@audiodef.com>
550 5.1.1 <invalid@audiodef.com>: Recipient address rejected: User unknown in local recipient table
quit
221 2.0.0 Bye
Connection closed by foreign host.


if I were to do RCPT TO with an address you've added to the mysql database, it should accept it and not 550 it
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Mon Apr 18, 2011 10:17 pm    Post subject: Reply with quote

I'm using Thunderbird. Looks like the latest T-bird has a nifty auto-find server settings feature. I keep getting login failed errors with a dialog to enter a new password, but the username and password I've set up are correct. My settings in T-bird are:

IMAP mail server (will want pop3s later, but I'll deal with it later)
server name: imap.audiodef.com (t-bird "discovered" this, but the result is the same if I switch it to "audiodef.com")
port: 143
connection security: STARTTLS
auth method: encrypted password

Other settings I've tried have resulted in either timeouts or more of the same with "incorrect password" errors.

I manually checked maildb and the user/pass are in there.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Mon Apr 18, 2011 10:36 pm    Post subject: Reply with quote

audiodef wrote:

port: 143
connection security: STARTTLS
auth method: encrypted password


so for those:
port - 993
connection security: SSL/TLS (starttls is something different)
auth method: normal password
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Mon Apr 18, 2011 10:44 pm    Post subject: Reply with quote

993 using SSL/TLS does let me connect

Code:

# openssl s_client -connect audiodef.com:993

CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
   i:/C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost CA/emailAddress=root@localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
issuer=/C=US/ST=California/L=Santa Barbara/O=SSL Server/OU=For Testing Purposes Only/CN=localhost CA/emailAddress=root@localhost
---
No client certificate CA names sent
---
SSL handshake has read 1284 bytes and written 343 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
<snip>
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR COMPRESS=DEFLATE] serverdef Cyrus IMAP v2.3.16 server ready


all connected, all looks fine, I get that 'OK' at which point i should be able to, theoretically, send the LOGIN command along with a password.

If you're unable to login with that, the variable would be the database methinks. Maybe there's something I overlooked?

NB: if you tell me a valid email address, ill test out the smtp side here (dont need a pass, i just want to see if postfix 550's a RCPT to a valid address, or 250's it like it should)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Tue Apr 19, 2011 1:31 am    Post subject: Reply with quote

Changed the settings, still not getting through.

I set up a webmaster at audiodef dot com account, you could try that.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Tue Apr 19, 2011 1:38 am    Post subject: Reply with quote

well, the postfix side of things is working at least

Code:

meat@houacer01 ~ $ telnet audiodef.com 25
Trying 209.177.157.239...
Connected to audiodef.com.
Escape character is '^]'.
220 audiodef.com ESMTP Postfix (2.7.3)
EHLO vpn.whitehathouston.com
250-audiodef.com
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<test@whitehathouston.com>
250 2.1.0 Ok
RCPT TO:<webmaster@audiodef.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test from cach0rr0
From: "me" <meat@whitehathouston.com>
To: "you" <webmaster@audiodef.com>

Sending this message via telnet. As such it will be devoid of most useful cosmetic formatting!
Thankfully, it would seem the Postfix side of this is working fine.

-Chris
.
250 2.0.0 Ok: queued as B5D5915A71
quit
221 2.0.0 Bye
Connection closed by foreign host.


Code:

meat@houacer01 ~ $ telnet audiodef.com 25
Trying 209.177.157.239...
Connected to audiodef.com.
Escape character is '^]'.
220 audiodef.com ESMTP Postfix (2.7.3)
ehlo vpn.whitehathouston.com
250-audiodef.com
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<test@whitehathouston.com>
250 2.1.0 Ok
rcpt to:<notvalid@audiodef.com>
550 5.1.1 <notvalid@audiodef.com>: Recipient address rejected: User unknown in local recipient table
quit
221 2.0.0 Bye
Connection closed by foreign host.


Assuming no errors, you should be able to trace through mail.log and see that message being sent via the lmtp socket to Cyrus

One thing I suppose you might try - in imapd.conf, change the mech list so that it's just:

Code:

sasl_mech_list: LOGIN PLAIN


then restart cyrus. I seem to recall the others giving me fits. Since you are forcing SSL (or well, you should be!), using plaintext login mechanisms is perfectly safe.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Tue Apr 19, 2011 1:49 am    Post subject: Reply with quote

Tried that, no difference, but here's /var/log/mail.log (syslog-ng with hardened works well, thanks again!):

Code:

Apr 18 11:37:15 serverdef postfix/postfix-script[3229]: starting the Postfix mail system
Apr 18 11:37:15 serverdef postfix/master[3230]: daemon started -- version 2.7.3, configuration /etc/
postfix
Apr 18 11:37:15 serverdef postfix/qmgr[3241]: B5D5915A71: from=<test@whitehathouston.com>, size=487,
 nrcpt=1 (queue active)
Apr 18 11:37:15 serverdef postfix/trivial-rewrite[3252]: warning: do not list domain audiodef.com in
 BOTH mydestination and virtual_mailbox_domains
Apr 18 11:37:44 serverdef postfix/smtpd[6511]: warning: queue_minfree(150000000) should be at least
1.5*message_size_limit(102400000)
Apr 18 11:37:44 serverdef postfix/smtpd[6511]: connect from smtpout06-01.prod.mesa1.secureserver.net
[64.202.165.224]
Apr 18 11:37:44 serverdef postfix/trivial-rewrite[3252]: warning: do not list domain audiodef.com in
 BOTH mydestination and virtual_mailbox_domains
Apr 18 11:37:44 serverdef postfix/smtpd[6511]: NOQUEUE: reject: RCPT from smtpout06-01.prod.mesa1.se
cureserver.net[64.202.165.224]: 550 5.1.1 <damien@audiodef.com>: Recipient address rejected: User un
known in local recipient table; from=<damien@audiodef.com> to=<damien@audiodef.com> proto=SMTP helo=
<smtpout06.prod.mesa1.secureserver.net>
Apr 18 11:37:44 serverdef postfix/smtpd[6511]: disconnect from smtpout06-01.prod.mesa1.secureserver.
net[64.202.165.224]
Apr 18 11:39:30 serverdef postfix/smtpd[17689]: warning: queue_minfree(150000000) should be at least
 1.5*message_size_limit(102400000)
Apr 18 11:39:30 serverdef postfix/smtpd[17689]: connect from smtpauth17.prod.mesa1.secureserver.net[64.202.165.29]
Apr 18 11:39:31 serverdef postfix/trivial-rewrite[17721]: warning: do not list domain audiodef.com in BOTH mydestination and virtual_mailbox_domains
Apr 18 11:39:31 serverdef postfix/smtpd[17689]: 28D9315A79: client=smtpauth17.prod.mesa1.secureserver.net[64.202.165.29]
Apr 18 11:39:31 serverdef postfix/cleanup[17731]: 28D9315A79: message-id=<4DACE7D1.4030405@audiodef.com>
Apr 18 11:39:31 serverdef postfix/qmgr[3241]: 28D9315A79: from=<damien@audiodef.com>, size=906, nrcpt=1 (queue active)
Apr 18 11:39:31 serverdef postfix/trivial-rewrite[17721]: warning: do not list domain audiodef.com in BOTH mydestination and virtual_mailbox_domains
Apr 18 11:39:31 serverdef postfix/smtpd[17689]: disconnect from smtpauth17.prod.mesa1.secureserver.net[64.202.165.29]
Apr 18 11:39:31 serverdef postfix/trivial-rewrite[17721]: warning: do not list domain audiodef.com in BOTH mydestination and virtual_mailbox_domains
Apr 18 11:39:31 serverdef postfix/smtpd[17689]: 28D9315A79: client=smtpauth17.prod.mesa1.secureserver.net[64.202.165.29]
Apr 18 11:39:31 serverdef postfix/cleanup[17731]: 28D9315A79: message-id=<4DACE7D1.4030405@audiodef.com>
Apr 18 11:39:31 serverdef postfix/qmgr[3241]: 28D9315A79: from=<damien@audiodef.com>, size=906, nrcpt=1 (queue active)
Apr 18 11:39:31 serverdef postfix/trivial-rewrite[17721]: warning: do not list domain audiodef.com in BOTH mydestination and virtual_mailbox_domains
Apr 18 11:39:31 serverdef postfix/smtpd[17689]: disconnect from smtpauth17.prod.mesa1.secureserver.net[64.202.165.29]
Apr 18 11:40:44 serverdef postfix/smtpd[17689]: connect from unknown[222.127.68.229]
Apr 18 11:40:48 serverdef postfix/trivial-rewrite[17721]: warning: do not list domain audiodef.com in BOTH mydestination and virtual_mailbox_domains
Apr 18 11:40:48 serverdef postfix/smtpd[17689]: NOQUEUE: reject: RCPT from unknown[222.127.68.229]: 550 5.1.1 <singer@audiodef.com>: Recipient address rejected: User unknown in local recipient table; from=<vlnluiio@activeaging.org> to=<singer@audiodef.com> proto=ESMTP helo=<222.127.68.229>
Apr 18 11:40:49 serverdef postfix/smtpd[17689]: lost connection after RCPT from unknown[222.127.68.229]
Apr 18 11:40:49 serverdef postfix/smtpd[17689]: disconnect from unknown[222.127.68.229]
Apr 18 11:42:15 serverdef postfix/lmtp[3263]: B5D5915A71: to=<webmaster@audiodef.com>, relay=audiodef.com[/var/imap/socket/lmtp], delay=567, delays=267/0.01/300/0, dsn=4.4.2, status=deferred (conversation with audiodef.com[/var/imap/socket/lmtp] timed out while receiving the initial server greeting)
Apr 18 11:42:53 serverdef postfix/lmtp[17749]: 28D9315A79: to=<damien@audiodef.com>, relay=audiodef.com[/var/imap/socket/lmtp], delay=202, delays=0.2/0.01/202/0, dsn=4.4.2, status=deferred (lost connection with audiodef.com[/var/imap/socket/lmtp] while receiving the initial server greeting)
Apr 18 11:44:09 serverdef postfix/anvil[6538]: statistics: max connection rate 1/60s for (smtp:64.202.165.224) at Apr 18 11:37:44
Apr 18 11:44:09 serverdef postfix/anvil[6538]: statistics: max connection count 1 for (smtp:64.202.165.224) at Apr 18 11:37:44
Apr 18 11:44:09 serverdef postfix/anvil[6538]: statistics: max cache size 1 at Apr 18 11:37:44


I can see you sending a test, but it doesn't look like it's totally smooth sailing to me.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Tue Apr 19, 2011 1:59 am    Post subject: Reply with quote

hmm...no, not smooth sailing

before i forget:

Code:

Apr 18 11:37:15 serverdef postfix/trivial-rewrite[3252]: warning: do not list domain audiodef.com in BOTH mydestination and virtual_mailbox_domains


for 'mydestination', you probably only want to have localhost and $myhostname (which i assume is set to serverdef.audiodef.com), since virtual_mailbox_domains will handle audiodef.com

Might change that, do a 'postfix reload', and pray. I need to see if i can sort out what might cause the 'timed out while receiving the initial server greeting' nonsense on lmtp. Shouldn't have anything to do with that one setting.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6319
Location: /usr/lib64/lv2

PostPosted: Tue Apr 19, 2011 2:13 am    Post subject: Reply with quote

Made that change and reloaded... still can't get my login info through.

I'll go frag some demons or something, maybe close my eyes for several hours :P and check back to see if you've found anything.

It's really nice of you to do this. I can only hope I can pay it forward in equal amounts. :D
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Tue Apr 19, 2011 2:19 am    Post subject: Reply with quote

no worries, you're helping me debug doc :lol:

only other thing i can think of, be curious to see your /etc/cyrus.conf, as well this:

Code:

 # ls -alh /var/imap/socket/


if cyrus is running, should see a socket there named 'lmtp'

might also try:
Code:

/etc/init.d/cyrus stop
rm /var/imap/db/__db.*
/etc/init.d/cyrus start


and see if that doesnt fix things up.

beyond that, ill have to have a think and google
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Page 2 of 8

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum