PDA

View Full Version : Problem with postfix install


ctroyp
12th November 2005, 22:39
Using the Debian Sarge "Perfect Setup" when I got to the part to "telnet localhost 25" I get:
server1:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Connection closed by foreign host.

The second time I try it doesn't close and I can enter "ehlo localhost" and nothing happens.
Here are the contents of my /etc/postfix/main.cf file:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = server1.strec.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = server1.strec.com, localhost.strec.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = nonanonymous
broken_sasl_auth_clients = yes
smptd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names

strec.com is the domain name I entered during the Debian setup and is not an internet domain.

Should I try reinstalling postfix? If so, how do I go about that to make sure everything is removed completely?

till
13th November 2005, 14:39
Cant find any errors in your main.cf. Do you get errors in your mail log:

/vat/log/mail.log

ctroyp
13th November 2005, 15:46
Cant find any errors in your main.cf. Do you get errors in your mail log:

/vat/log/mail.log
Nov 13 08:33:06 server1 postfix/smtpd[31434]: fatal: unknown smtpd_sasl_security _options value "nonanonymous" in "nonanonymous"
Nov 13 08:33:07 server1 postfix/master[24404]: warning: process /usr/lib/postfix /smtpd pid 31434 exit status 1
Nov 13 08:33:07 server1 postfix/master[24404]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

falko
13th November 2005, 18:30
The value you have in myhostname/mydomain (in this case server1.strec.com) must exist in DNS - as I've posted here before: http://www.howtoforge.com/forums/showthread.php?t=795&page=10

ctroyp
13th November 2005, 18:34
The value you have in myhostname/mydomain (in this case server1.strec.com) must exist in DNS - as I've posted here before: http://www.howtoforge.com/forums/showthread.php?t=795&page=10
Where do I find the DNS tables on my machine?

falko
13th November 2005, 18:46
Where do I find the DNS tables on my machine?
http://www.howtoforge.com/forums/showpost.php?p=6175&postcount=97

ctroyp
13th November 2005, 18:56
http://www.howtoforge.com/forums/showpost.php?p=6175&postcount=97
Hmmm, I remember you posting this before, but I used strec.com during my Debian setup. Is this domain supposed to be an available Internet domain? I just use it locally and never planned to use it outside of my network. This is the same domain I used in my Fedora Core 4 setup and I never had a problem with my postfix. I guess I am confused with the use of the domain required during the O/S setup.

falko
13th November 2005, 19:08
Is this domain supposed to be an available Internet domain?
Yes, that's right.

ctroyp
13th November 2005, 19:13
Yes, that's right.
Okay, if that is the case, then how can I change it to the domain of my main website?

Also, for postfix, I only need to change strec to the new domain, right? or, will need to reinstall postfix?

falko
13th November 2005, 19:19
Okay, if that is the case, then how can I change it to the domain of my main website?

Also, for postfix, I only need to change strec to the new domain, right? or, will need to reinstall postfix?
You only need to change myhostname in /etc/postfix/main.cf and restart Postfix.

till
13th November 2005, 19:28
Dont set a domain as myhostname that you use as virtualhost in ISPConfig, otherwise an account at from this domain can get all emails from other accounts.

ctroyp
13th November 2005, 19:30
You only need to change myhostname in /etc/postfix/main.cf and restart Postfix.
I changed it and I get the same thing:
server1:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Connection closed by foreign host.

ctroyp
13th November 2005, 19:38
Dont set a domain as myhostname that you use as virtualhost in ISPConfig, otherwise an account at from this domain can get all emails from other accounts.
That makes sense till, but I don't have another internet domain to use. I have the Debian server domain set to server1.strec.com, and my other internet domains are being virtually hosted by ISPConfig.:confused:

I am curious why this was never an issue with my Fedora server. I had the Fedora server domain set to server1.strec.com as well. I followed both "Perfect Setup" instructions for Fedora and Debian.

Not sure what to do a this point???

till
13th November 2005, 20:15
You can make an DNS a record on the DNS Server that is autoritive for your domain, e.g server1.mydomain.com pointing to your server IP and use this domain for myhostname variable in postfix.

ctroyp
16th December 2005, 16:40
You can make an DNS a record on the DNS Server that is autoritive for your domain, e.g server1.mydomain.com pointing to your server IP and use this domain for myhostname variable in postfix.
Please bare with me here...

There are a few areas I know of that could be the source of my postfix problem. Let me give you the details/questions in hopes to fix this problem...

I have registered my domain through godaddy.com and I use zoneedit.com's DNS. Within godaddy, I have pointed my domain to the two dns servers at zoneedit.com.

I presume you are referring to my public domain (www.mydomain.com which is used to access my primary website) and not my local domain (strec.com). Is zoneedit.com the authoratative DNS server is public for my domain? Would it be the one that I use to add the record? In any event, I have added an alias (CNAME) of server1.mydomain.com not server1.strec.com and I still have the problem.

When using The Perfect Setup (Debian Sarge), during the section for setting up my host and domain I used "server1" for the host and "strec.com" for the domain. This is not my internet domain. It is my local domain that I use for my LAN. Should I have used my public internet domain here? Falko mentioned that this should be my internet domain, but I did not have an issue doing that on my other server. till, you mentioned that if I changed it to my internet domain, that (since it is hosted virtually through ISPConfig) I may begin receiving unintended emails.

During the setup of ISPConfig I entered the following info:

Please enter your MySQL server: localhost
Please enter your MySQL user: root
Please enter your MySQL password: my MySQL password
Please enter a name for the ISPConfig database: ispconfigdb
Please enter the IP address of the ISPConfig web: 192.168.2.50
Please enter the host name: www
Please enter the domain: strec.com
Please select the protocol (http or https (SSL encryption)) to use to access the ISPConfig system: If you want to use your control panel with SSL, select 1. You can then access it under https://www.xyz.de:81. If you want to access it under http://www.xyz.de:81, choose 2.
I am wondering if this could be my mistake. Should I have used www and mydomain.com instead of www and strec.com?

Also, I am noticing something else...
When I login to ISPConfig I use www.mydomain.com:81 and provide the credentials. I can access all pages fine, but the strange thing is that when I go to Management -> Server -> Settings or Status it sends me to the login screen again and I reenter the same credentials. After that, it sends me back to the main ISPConfig page, but I notice that the address in my address bar (of IE) has my WAN IP instead of www.mydomain.com:81/index... I am hoping this will help you to understand where the problem may be.

Well that's all I can think of right now as far as details. Maybe now that you can see all of the details on one page, it will help you understand my problem better.

I appreciate your help very much.

falko
16th December 2005, 17:26
I guess you're still referring to your telnet problem...


I have registered my domain through godaddy.com and I use zoneedit.com's DNS. Within godaddy, I have pointed my domain to the two dns servers at zoneedit.com.

I presume you are referring to my public domain (www.mydomain.com which is used to access my primary website) and not my local domain (strec.com). Is zoneedit.com the authoratative DNS server is public for my domain? Would it be the one that I use to add the record? In any event, I have added an alias (CNAME) of server1.mydomain.com not server1.strec.com and I still have the problem.

Can you post your real domain here? Also your router's public IP address? What's in /etc/postfix/main.cf?

During the setup of ISPConfig I entered the following info:

Please enter your MySQL server: localhost
Please enter your MySQL user: root
Please enter your MySQL password: my MySQL password
Please enter a name for the ISPConfig database: ispconfigdb
Please enter the IP address of the ISPConfig web: 192.168.2.50
Please enter the host name: www
Please enter the domain: strec.com
Please select the protocol (http or https (SSL encryption)) to use to access the ISPConfig system: If you want to use your control panel with SSL, select 1. You can then access it under https://www.xyz.de:81. If you want to access it under http://www.xyz.de:81, choose 2.
I am wondering if this could be my mistake. Should I have used www and mydomain.com instead of www and strec.com?

If you have a name server in your LAN that resolves www.strec.com correctly and your PCs in the LAN use that name server and you don't want to access ISPConfig from outside your LAN, then you can use www.strec.com. Otherwise you should use www.mydomain.com (which should point to your router's public IP address).


Also, I am noticing something else...
When I login to ISPConfig I use www.mydomain.com:81 and provide the credentials. I can access all pages fine, but the strange thing is that when I go to Management -> Server -> Settings or Status it sends me to the login screen again and I reenter the same credentials. After that, it sends me back to the main ISPConfig page, but I notice that the address in my address bar (of IE) has my WAN IP instead of www.mydomain.com:81/index... I am hoping this will help you to understand where the problem may be.


That happens because you use another URL to access ISPConfig than the one that's in /home/admispconfig/ispconfig/lib/config.inc.php. Either use the URL from that file, or change it in that file.

ctroyp
16th December 2005, 17:47
I guess you're still referring to your telnet problem...
Correct. When I try to "telnet localhost 25". It immediatly closes the connection, then I type it in again and it will then let me type in "ehlo localhost". That is when it doesn't return anything like it should.

Can you post your real domain here? Also your router's public IP address? What's in /etc/postfix/main.cf?
I will PM it to you...
Here is the contents of /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = server1.localdomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.strec.com, localhost.strec.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = nonanonymous
broken_sasl_auth_clients = yes
smptd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names



If you have a name server in your LAN that resolves www.strec.com correctly and your PCs in the LAN use that name server and you don't want to access ISPConfig from outside your LAN, then you can use www.strec.com. Otherwise you should use www.mydomain.com (which should point to your router's public IP address).
I will change it to www.mydomain.com. So the IP address will not be set to 192.168.2.50 in ISPConfig Management -> Server -> Settings, but rather my WAN IP address?


That happens because you use another URL to access ISPConfig than the one that's in /home/admispconfig/ispconfig/lib/config.inc.php. Either use the URL from that file, or change it in that file.
That took care of it. I had the WAN IP in there so I changed it to my internet domain name.

falko
16th December 2005, 18:16
I will change it to www.mydomain.com. So the IP address will not be set to 192.168.2.50 in ISPConfig Management -> Server -> Settings, but rather my WAN IP address?

No, you have to use the IP addresses under Management -> Server -> Settings that you see when you run ifconfig on the system, so it should be 192.168.2.50.

ctroyp
16th December 2005, 18:28
No, you have to use the IP addresses under Management -> Server -> Settings that you see when you run ifconfig on the system, so it should be 192.168.2.50.
Ok, it is still 192.168.2.50.

ctroyp
16th December 2005, 18:38
What about the DNS settings within ISPConfig for the server and for all of the websites? Wht DNS server should these be set at? FYI, My primary internet domain is virtually hosted.

ctroyp
1st January 2006, 21:53
Okay, I know it has been a while since this thread has been posted to, but I wanted to let you guys know that I have resolved the postfix issue on my Debian install. I finally figured a little more about DNS and what needed to be changed.

strec.com was just a local domain that I was using for the server so I could setup the LAN. I didn't realize that it had to be a registered internet domain until falko and till pointed it out. Lessons learned for me...

Since strec.com was up for sale for $900, I couldn't exactly justify the purchase so I simply registered another domain on the internet and used it to update the host files, etc... Now postfix works great and the emails are coming and going...

This has left me with one issue--how do I update all of the files that still have strec.com listed? There is a large amount that contain it per rgrep strec command. So many that I don't even know where to start...

I updated everything as I knew how to in the "Perfect Setup" for Debian 3.1 (ie. host files, and postfix). Are all of these 'other' files that contain strec generated by the ISPConfig install? If so, how can I efficiently and safely update them. I have not seen any problems yet, but I'm sure I will before too long.

I can list some of the found files if necessary.

falko
2nd January 2006, 01:29
You could write a script (Perl, PHP, ...) or use sed and awk on the shell to do the replacement.
What files are you talking about?

ctroyp
2nd January 2006, 01:51
You could write a script (Perl, PHP, ...) or use sed and awk on the shell to do the replacement.
What files are you talking about?
It may take some time to compile the list because most of them are grep'ed from mail files which are irrelevant. I will look into it deeper and give you a list.

Thanks!

wr19026
3rd January 2006, 11:49
This has been helpful to some extent. I have now fixed the DNS issue (thanks for pointing that out!) and have done a 3rd install of Postfix using the ISP Config set up guide for Ubuntu 5.10.

First of all apt does not get postfix-tls; is this a problem?

Then, after doing all the setups I get the same trouble as the original poster; I cannot telnet to port 25 and if I do manage to get the connection ehlo does not do a thing.

So I checked /var/logs/mail.log as suggested in an earlier post and here's what I found:
server postfix/smtpd[6480]: fatal: no SASL authentication mechanisms
server postfix/master[6463]: warning: process /usr/lib/postfix/smtpd pid 6480 exit status 1
server postfix/smtpd[6463]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

So I added $myhostname to smtpd_sasl_local_domain in main.cf, reloaded postfix, restarted postfix and restarted saslauthd.

/var/log/mail.log:
server postfix/master[6463]: reload configuration /etc/postfix
server postfix/master[6463]: terminating on signal 15
server postfix/smtpd[6585]: daemon started -- version 2.2.4, configuration /etc/postfix

Looks better right? Unfortunately I still get the Connection closed by foreign host when doing a telnet to post 25 on localhost.

The only firewall (that I know of) is my router and just to be sure I have mapped port 25 to localhost on there.

Any ideas?

till
3rd January 2006, 11:59
Yes, its a problem if you dont install postfix-tls.

Please check your sources list again. It must be identical to the sources list used in the howto! Then run:

apt-get update

and run the steps for the postfix installation again incl. the postfix-tls setup.

wr19026
3rd January 2006, 12:51
Yes, its a problem if you dont install postfix-tls.

Please check your sources list again. It must be identical to the sources list used in the howto! Then run:

apt-get update

and run the steps for the postfix installation again incl. the postfix-tls setup.

Ok thanks for the tip. Turns out I did have a typo in there :(

However, even when I change it from nl.archive etc. to de.archive etc. it still won't install postfix-tls. The message I'm getting is (loosely translated) "Warning, postfix will be selected instead of postfix-tls" It also tells me that 0 packages are upgraded, 0 new packages are installed, 0 packages are removed and 2 have not been upgraded.

These 2 packages are (found out using apt-get upgrade): linux-image-386 and linux-restricted-modules-386?

Sorry for being a pain in the neck but do you have any suggestions what I need to do next?

Thanks in advance!

falko
3rd January 2006, 18:43
I suggest that you check your settings against those of the Ubuntu setup. Maybe you made another typo somewhere.
BTW, the best way to follow the tutorial is to use PuTTY on your Windows workstation and simply copy & paste the commands from the tutorial into the command window.

wr19026
3rd January 2006, 23:24
I suggest that you check your settings against those of the Ubuntu setup. Maybe you made another typo somewhere.
BTW, the best way to follow the tutorial is to use PuTTY on your Windows workstation and simply copy & paste the commands from the tutorial into the command window.

Thanks, using PuTTY is a great tip. However, even after copy/pasting /etc/apt/sources.list it does not allow me to download postfix-tls, telling me that postfix is the most recent version. Also it tells me that it's excluding 2 files (see previous post) from updating.

So I tried apt-get install postfix-tls; it didn't do a thing.

I guess I have to start all over again by reinstalling Ubuntu and then use PuTTY to copy/paste my way through the tutorial as you suggest.

ctroyp
3rd January 2006, 23:31
You could write a script (Perl, PHP, ...) or use sed and awk on the shell to do the replacement.
What files are you talking about?

Again, most of these are log files, etc., but here are other files where "strec" was found that may be significant:


/etc/bind/pri.mydomain1.com
/etc/bind/pri.2.168.192.in-addr.arpa
Binary file /etc/sasldb2 matches
Binary file /etc/aliases.db matches
/etc/webalizer.conf:HostName server1.strec.com
/etc/webalizer.conf:HideSite *server1.strec.com
/etc/webalizer.conf:HideReferrer server1.strec.com/
/home/admispconfig/ispconfig/sysconf.txt
/root/ispconfig/httpd/conf/httpd.conf:ServerAdmin root@strec.com
/root/ispconfig/httpd/conf/httpd.conf:#ServerName strec.com
/root/ispconfig/httpd/conf/httpd.conf:ServerName strec.com
/root/ispconfig/httpd/conf/httpd.conf:ServerAdmin root@strec.com
/root/ispconfig/php/include/php/main/php_config.h:#define PHP_UNAME "Linux server1.strec.com 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux"
/root/ispconfig/php/include/php/main/php_config.h:#define PHP_UNAME "Linux server1.strec.com 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux"


Would there be any problems manually updating these files to reflect my new domain name? The main ones I am concerned with are the dns records...

wr19026
4th January 2006, 01:30
Thanks, using PuTTY is a great tip. However, even after copy/pasting /etc/apt/sources.list it does not allow me to download postfix-tls, telling me that postfix is the most recent version. Also it tells me that it's excluding 2 files (see previous post) from updating.

So I tried apt-get install postfix-tls; it didn't do a thing.

I guess I have to start all over again by reinstalling Ubuntu and then use PuTTY to copy/paste my way through the tutorial as you suggest.

So far, so good. I reinstalled Breezy and copy/pasted my way through the HOWTO without any problems. This is great! Now I have to figure out how to ftp to the server so that I can start with the ISPConfig install :)

falko
4th January 2006, 01:43
/etc/bind/pri.mydomain1.com
/etc/bind/pri.2.168.192.in-addr.arpa
Binary file /etc/sasldb2 matches
Binary file /etc/aliases.db matches
/etc/webalizer.conf:HostName server1.strec.com
/etc/webalizer.conf:HideSite *server1.strec.com
/etc/webalizer.conf:HideReferrer server1.strec.com/
/home/admispconfig/ispconfig/sysconf.txt
/root/ispconfig/httpd/conf/httpd.conf:ServerAdmin root@strec.com
/root/ispconfig/httpd/conf/httpd.conf:#ServerName strec.com
/root/ispconfig/httpd/conf/httpd.conf:ServerName strec.com
/root/ispconfig/httpd/conf/httpd.conf:ServerAdmin root@strec.com
/root/ispconfig/php/include/php/main/php_config.h:#define PHP_UNAME "Linux server1.strec.com 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux"
/root/ispconfig/php/include/php/main/php_config.h:#define PHP_UNAME "Linux server1.strec.com 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux"


It's sufficient if you update /etc/bind/pri.mydomain1.com, /etc/bind/pri.2.168.192.in-addr.arpa, /etc/webalizer.conf, and /root/ispconfig/httpd/conf/httpd.conf.

falko
4th January 2006, 01:44
So far, so good. I reinstalled Breezy and copy/pasted my way through the HOWTO without any problems. This is great! Now I have to figure out how to ftp to the server so that I can start with the ISPConfig install :)
Have a look at WinSCP: http://winscp.net/eng/index.php
It lets you transfer files to your server without FTP.

wr19026
4th January 2006, 12:10
Have a look at WinSCP: http://winscp.net/eng/index.php
It lets you transfer files to your server without FTP.

And again it all works like a charm :) I know this is off topic so I probably should create a new thread somewhere, but is there a list of recommended Windows tools somewhere? I now have PuTTY and WinSCP so I'm curious what more might come in handy in setting this all up.

My longer term objective by the way is to migrate my home hardware as much as possible to Ubuntu so I plan on setting up a client/server environment on the Ubuntu server as well (currently prepared for ISPconfig and have just set up Samba). I will use your ISPconfig package to run one (maybe a few more in the future) domains.

till
4th January 2006, 12:15
And again it all works like a charm :) I know this is off topic so I probably should create a new thread somewhere, but is there a list of recommended Windows tools somewhere? I now have PuTTY and WinSCP so I'm curious what more might come in handy in setting this all up.

I think these two are the most important ones, I use them daily :D

If you want to test linux installations or some configurations, i recommed you to have a look at vmware workstation. They now have a free player software for the operatiing system images and there are some already installed linx systems for download. I use vmware for writing the linux howtos and ISPConfig development.

ctroyp
4th January 2006, 15:10
It's sufficient if you update /etc/bind/pri.mydomain1.com, /etc/bind/pri.2.168.192.in-addr.arpa, /etc/webalizer.conf, and /root/ispconfig/httpd/conf/httpd.conf.

Thanks falko!