Hi folks,


Ubuntu server 7.10 amd64
Postfix 2.3.8


I'm going to setup Postfix with SMTP-AUTH and TLS. I found following document;

The Perfect Setup - Ubuntu Feisty Fawn (Ubuntu 7.04) - Page 5
http://www.howtoforge.com/perfect_setup_ubuntu704_p5

The guide is for Ubuntu 7.04. I'm running version 7.10. Please advise whether it can be used on 7.10 as well. OR there is another more appropriate guide? TIA

Which will be better SSL or TLS ?


B.R.
satimis

The process will be the same, and if there are any differences they will probably be minor, if it's not too painful give it a shot and post if you run into problems. The problems you'll likely see will be different package versions available for install, but once you get them installed they should be fine. After you get it installed you can worry about swapping out TLS, I'd worry about getting it working before swapping authentication methods :)

The other thing you could do is install it on the old OS and then just run:

apt-get dist-upgrade

but I killed a couple md#'s on a RAID once by doing that, but a simple hard drive install should be okay :)

HI unclecameron,


Thanks for your advice.

I suppose the following commands being necessary ???

(Webmin and Usermin are running on the Mail Server. But I expect to delever emails to users' Maildir )


http://www.howtoforge.com/perfect_setup_ubuntu704_p5

If you do not want to use ISPConfig, configure Postfix to deliver emails to a user's Maildir*:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart



After you get it installed you can worry about swapping out TLS, I'd worry about getting it working before swapping authentication methods :)

Could you please explain in more detail? How to "swapping out TLS" ? Any document to be referred to?



but I killed a couple md#'s on a RAID once by doing that, but a simple hard drive install should be okay :)
I'm running a simple hard drive here. As curious, "What is md#'s on a RAID"? RAID 0/1/0+1/5 ?


Others noted with thanks


B.R.
satimis

HI unclecameron,


Thanks for your advice.

I suppose the following commands being necessary ???

(Webmin and Usermin are running on the Mail Server. But I expect to delever emails to users' Maildir )

It doesn't hurt to run
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restartif Courier is installed. :)

It doesn't hurt to run
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restartif Courier is installed. :)
Yes, I have Courier-base installed.


$ apt-cache policy courier-base
courier-base:
Installed: 0.53.3-5ubuntu1
Candidate: 0.53.3-5ubuntu1
Version table:
*** 0.53.3-5ubuntu1 0
500 http://us.archive.ubuntu.com feisty/universe Packages
100 /var/lib/dpkg/status


Why it won't hurt? Thanks


B.R.
satimis

Why it won't hurt? Thanks

Because Courier uses Maildir.

Hi falko,


Followed your howto;
Postfix With SMTP-AUTH And TLS
http://www.howtoforge.com/perfect_server_ubuntu7.10_p5

to proceed w/o problem encountered. Some of the commands on your howto have been already performed previously.

Finally;
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.satimis.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail.satimis.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.



But another problem turns up. Kmail and Evolution on other workstations on the local network can't send and receive mails.


Kmail:-

Send:
Sending failed:
Authentication failed.
Most likely the password is wrong.
The server responded: "5.7.0 Error: authentication failed: authentication failure"
The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
The following transport protocol was used:
user_name



Receive:
No mail download on the Mail Server.

Encryption Use TLS for secure mail download

Authentication Method
Clear

The above were selected automatically on clicking "Check What the Server Supports"


However SquirrelMail still works on workstation sending and receiving mails w/o problem.


Please advise where shall I check and how to fix the problem. TIA


satimis

Any errors in your mail log?

Any errors in your mail log?
Workstation
F7
Kmail


Receiving Settings
==============
General
Account Name - POP Account
Host - 192.168.0.10 (IP addr of Mail Server)

Extra -
Encryption - Use TLS for secure mail download
Authentication - Clear
(remark: clicking "Check What the Server Supports" selects above settings)


Sending Settings
=============
General
Host - 192.168.0.10
Port - 25
Sever requires authentication (checked)


Security
Encryption - TLS
Authentication Method - PLAUN
(remark: clicking "Check What the Server Supports" selects above settings)



Test performed

1)
Send mails
Warning:
Sending failed:
Your SMTP server does not support PLAIN.
Choose a different authentication method.
The server responded: "5.7.0 Error: authentication failed: authentication failure"
The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
The following transport protocol was used:
username


# tail /var/log/maillog
Feb 2 13:24:16 localhost sendmail[2433]: starting daemon (8.14.1): SMTP+queueing@01:00:00
Feb 2 13:24:17 localhost sm-msp-queue[2442]: starting daemon (8.14.1): queueing@01:00:00
Feb 2 13:24:29 localhost sendmail[2832]: m125ORaJ002832: from=root, size=547, class=0, nrcpts=1, msgid=<200802020524.m125ORaJ002832@localhost.localdomain>, relay=root@localhost
Feb 2 13:24:29 localhost sendmail[2833]: m125OSO3002833: from=<root@localhost.localdomain>, size=851, class=0, nrcpts=1, msgid=<200802020524.m125ORaJ002832@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 2 13:24:29 localhost sendmail[2832]: m125ORaJ002832: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30547, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m125OSO3002833 Message accepted for delivery)
Feb 2 13:24:29 localhost sendmail[2837]: m125OTjI002837: from=root, size=544, class=0, nrcpts=1, msgid=<200802020524.m125OTjI002837@localhost.localdomain>, relay=root@localhost
Feb 2 13:24:29 localhost sendmail[2834]: m125OSO3002833: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31087, dsn=2.0.0, stat=Sent
Feb 2 13:24:30 localhost sendmail[2839]: m125OTtn002839: from=<root@localhost.localdomain>, size=848, class=0, nrcpts=1, msgid=<200802020524.m125OTjI002837@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 2 13:24:30 localhost sendmail[2837]: m125OTjI002837: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30544, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m125OTtn002839 Message accepted for delivery)
Feb 2 13:24:31 localhost sendmail[2840]: m125OTtn002839: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31084, dsn=2.0.0, stat=Sent



2)
Receive mails
No warning pop but no mails download

# tail /var/log/maillog
Feb 2 13:24:16 localhost sendmail[2433]: starting daemon (8.14.1): SMTP+queueing@01:00:00
Feb 2 13:24:17 localhost sm-msp-queue[2442]: starting daemon (8.14.1): queueing@01:00:00
Feb 2 13:24:29 localhost sendmail[2832]: m125ORaJ002832: from=root, size=547, class=0, nrcpts=1, msgid=<200802020524.m125ORaJ002832@localhost.localdomain>, relay=root@localhost
Feb 2 13:24:29 localhost sendmail[2833]: m125OSO3002833: from=<root@localhost.localdomain>, size=851, class=0, nrcpts=1, msgid=<200802020524.m125ORaJ002832@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 2 13:24:29 localhost sendmail[2832]: m125ORaJ002832: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30547, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m125OSO3002833 Message accepted for delivery)
Feb 2 13:24:29 localhost sendmail[2837]: m125OTjI002837: from=root, size=544, class=0, nrcpts=1, msgid=<200802020524.m125OTjI002837@localhost.localdomain>, relay=root@localhost
Feb 2 13:24:29 localhost sendmail[2834]: m125OSO3002833: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31087, dsn=2.0.0, stat=Sent
Feb 2 13:24:30 localhost sendmail[2839]: m125OTtn002839: from=<root@localhost.localdomain>, size=848, class=0, nrcpts=1, msgid=<200802020524.m125OTjI002837@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 2 13:24:30 localhost sendmail[2837]: m125OTjI002837: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30544, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m125OTtn002839 Message accepted for delivery)
Feb 2 13:24:31 localhost sendmail[2840]: m125OTtn002839: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31084, dsn=2.0.0, stat=Sent

looks like "send mails"


B.R.
satimis

Aren't you using Ubuntu on the mailserver? /var/log/maillog is the mail log location on a Fedora system. On an Ubuntu system, it's /var/log/mail.log.

Aren't you using Ubuntu on the mailserver? /var/log/maillog is the mail log location on a Fedora system. On an Ubuntu system, it's /var/log/mail.log.
Oh sorry, I made a mistake. That was the "tail" output on F7 /var/log/mail.log


Mail Server running on Ubuntu


Re-do the test


Workstation
F7
Kmail


Receiving
=========
General
Account Name - POP Account
Host - 192.168.0.10 (IP addr of Mail Server)
Port - 110

Extra -
clicking "Check What the Server Supports"
The server certificate failed the authenticity test (192.168.0.10)

clicking [Cancel] selecting;
Encryption - Use TLS for secure mail download
Authentication - Clear



Sending
=======
Type - smtp
General
Host - 192.168.0.10
Port - 25
Sever requires authentication (checked)


Security
clicking "Check What the Server Supports"
The server certificate failed the authenticity test (192.168.0.10)

clicking [Cancel] selecting;
Encryption - None
Authentication Method - PLAIN



Test performed;

1)
Send mails
Warning:
Sending failed:
Your SMTP server does not support PLAIN.
Choose a different authentication method.
The server responded: "5.7.0 Error: authentication failed: authentication failure"
The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
The following transport protocol was used:
username



On Ubuntu
# tail /var/log/maillog
Feb 4 23:13:49 mail postfix/smtpd[5490]: lost connection after STARTTLS from unknown[192.168.0.11]
Feb 4 23:13:49 mail postfix/smtpd[5490]: disconnect from unknown[192.168.0.11]
Feb 4 23:17:09 mail postfix/anvil[5492]: statistics: max connection rate 1/60s for (smtp:192.168.0.11) at Feb 4 23:11:26
Feb 4 23:17:09 mail postfix/anvil[5492]: statistics: max connection count 1 for (smtp:192.168.0.11) at Feb 4 23:11:26
Feb 4 23:17:09 mail postfix/anvil[5492]: statistics: max cache size 1 at Feb 4 23:11:26
Feb 4 23:17:44 mail postfix/smtpd[5496]: connect from unknown[192.168.0.11]
Feb 4 23:17:46 mail postfix/smtpd[5496]: warning: SASL authentication failure: Password verification failed
Feb 4 23:17:46 mail postfix/smtpd[5496]: warning: unknown[192.168.0.11]: SASL PLAIN authentication failed: authentication failure
Feb 4 23:17:46 mail postfix/smtpd[5496]: lost connection after AUTH from unknown[192.168.0.11]
Feb 4 23:17:46 mail postfix/smtpd[5496]: disconnect from unknown[192.168.0.11]
You have new mail in /var/mail/satimis



2)
Receive mails
On login following warning popup
Would you like to accept thIS certificate forever without being prompted?
[Forever] [Current Sessions Only]

Clicking [Current Sessions Only] - no warning popup but no mail download.


On Ubuntu
$ tail /var/log/mail.log
Feb 4 23:17:46 mail postfix/smtpd[5496]: warning: SASL authentication failure: Password verification failed
Feb 4 23:17:46 mail postfix/smtpd[5496]: warning: unknown[192.168.0.11]: SASL PLAIN authentication failed: authentication failure
Feb 4 23:17:46 mail postfix/smtpd[5496]: lost connection after AUTH from unknown[192.168.0.11]
Feb 4 23:17:46 mail postfix/smtpd[5496]: disconnect from unknown[192.168.0.11]
Feb 4 23:21:06 mail postfix/anvil[5498]: statistics: max connection rate 1/60s for (smtp:192.168.0.11) at Feb 4 23:17:44
Feb 4 23:21:06 mail postfix/anvil[5498]: statistics: max connection count 1 for (smtp:192.168.0.11) at Feb 4 23:17:44
Feb 4 23:21:06 mail postfix/anvil[5498]: statistics: max cache size 1 at Feb 4 23:17:44
Feb 4 23:21:41 mail courierpop3login: Connection, ip=[::ffff:192.168.0.11]
Feb 4 23:25:12 mail courierpop3login: LOGIN, user=stephen, ip=[::ffff:192.168.0.11]
Feb 4 23:25:12 mail courierpop3login: LOGOUT, user=stephen, ip=[::ffff:192.168.0.11], top=0, retr=0, rcvd=18, sent=426, time=0, stls=1



satimis

What's in /etc/postfix/sasl/smtpd.conf on the Ubuntu system?

What's in /etc/postfix/sasl/smtpd.conf on the Ubuntu system?

$ cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login



satimis

That's ok... :confused:

If you have SASL issues you can use testsaslauthd to see if your username password combo works.

/usr/sbin/testsaslauthd: usage: /usr/sbin/testsaslauthd -u username -p password
[-r realm] [-s servicename]
[-f socket path] [-R repeatnum]

If you have SASL issues you can use testsaslauthd to see if your username password combo works.

/usr/sbin/testsaslauthd: usage: /usr/sbin/testsaslauthd -u username -p password
[-r realm] [-s servicename]
[-f socket path] [-R repeatnum]

$ testsaslauthd -u user -p password
connect() : No such file or directory

Tried couple users with same result.


# authtest -s smtp user@domain.com password
Authentication FAILED: Operation not permitted



satimis