HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Cannot access my virtualhosts from roundcube (http://www.howtoforge.com/forums/showthread.php?t=60016)

suntribe 21st December 2012 10:01

Cannot access my virtualhosts from roundcube
 
As I'm new here let me say EHLO howtoforge.com ;)

So, couple of days ago I purchased an unmanaged root server and since then I'm trying to make emails work. I have followed couple of different tutorials but none of them took me to the final destination. I'm starting to believe that now, maybe whats blocking me is some old settings from some tutorial I followed but I simply have no clue what to look for and where to look for the answer.

So, first let me give you some info what I have done (maybe this matters). Immidiatelly after i got my root credetials, I created a new user and gave him the sudo rights. Created cuple of new groups (neither of them interferre with those used in mail tutorials), and installed php, apache and mysql. I set up one website in apache and the last thing I did was changing the host name... That's about everything. Then i started with mail tutorials.

Last mail tutorial I followed (http://flurdy.com/docs/postfix/) gave me partial success. I can telnet to port 25 of the localhost, can send email, receivers receive email (no matter do I send the mail from localhost or from gmail!) so I guess that postfix + courier + virtual hosts saved in mysql work ok. I can see folders and files in /var/spool/mail/virtual/virtual_user_dir...

Then I tryed to install roundcube, and set it up, but when I try to enter my virtual user credentials, roundcube alerts me with error Connection to IMAP server failed.

I checked the logs: /var/log/auth.log and /var/log/mail.err give no error for this, but in /var/log/mail.log i found this: sunzone imapd-ssl: couriertls: /etc/ssl/certs/905b837e.0: No such file or directory.

I tryed to see does /etc/ssl/certs/905b837e.0 exists and i found a symlink to a real file (lrwxrwxrwx 1 root root 33 Dec 19 14:00 905b837e.0 -> /etc/mail/tls/sendmail-server.crt) but the real file doesn't exist! Even more in /etc/mail i have no /tls/ dir! I tryed to delete the symlink but, UBUNTU 12.04 is recreating it again with a new symlink name and the same destination.

I remember that in on tutorial i followed before the last one, I did create certificates name sendmail-server... but honestly, i can't remember wich one was it... I strongly believe that IMAP error that Roundcube gives me is related to this certfile error, but again, I'm not sure...

Please help me with this one - I'm rellay tired and sleepless for past three days trying to set this email up :(

suntribe 21st December 2012 14:57

anybody? :(

suntribe 21st December 2012 19:35

Update:

I turned off TLS and tried to connect via SquirrelMail, and I had success. I also, managed to configure the Outlook to access mailbox via POP protocol. It seems that port 25 is not accessible outside of the localhost (i have to figure out how to turn it on).

Also, IMAP is working on localhost but not visible on the outside. Once I manage to turn these porst on, I'll try to turn back to TLS step by step...

falko 22nd December 2012 14:53

Can you post the outputs of
Code:

netstat -tap
and
Code:

iptables -L
?

suntribe 22nd December 2012 20:13

Hi Falko, thanks for trying to help,


netstat -tap:
------------------------------------
Code:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 localhost:imap2        *:*                    LISTEN      2086/couriertcpd
tcp        0      0 localhost:spamd        *:*                    LISTEN      1534/spamd.pid
tcp        0      0 *:sunrpc                *:*                    LISTEN      604/rpcbind
tcp        0      0 *:webmin                *:*                    LISTEN      2347/perl
tcp        0      0 localhost:720          *:*                    LISTEN      2240/famd
tcp        0      0 *:ssmtp                *:*                    LISTEN      2212/master
tcp        0      0 sunzone.server.c:domain *:*                    LISTEN      1368/named
tcp        0      0 localhost:domain        *:*                    LISTEN      1368/named
tcp        0      0 *:smtp                  *:*                    LISTEN      2212/master
tcp        0      0 localhost:953          *:*                    LISTEN      1368/named
tcp        0      0 *:XXX                  *:*                    LISTEN      841/sshd
tcp        0      0 localhost:10023        *:*                    LISTEN      1518/postgrey.pid -
tcp        0      0 localhost:10024        *:*                    LISTEN      1411/amavisd (maste
tcp        0      0 localhost:10025        *:*                    LISTEN      2212/master
tcp        0      0 localhost:mysql        *:*                    LISTEN      1303/mysqld
tcp        0      0 *:submission            *:*                    LISTEN      2212/master
tcp        0      0 sunzone.server.co:XXX  xx.xxx.xxx.xx-dsl:54900 TIME_WAIT  -
tcp      55      0 localhost:59403        localhost:10025        CLOSE_WAIT  1532/amavisd (ch1-a
tcp        0    248 sunzone.server.co:XXX  xx.xxx.xxx.x-dsl:54921 ESTABLISHED 13275/sshd: user [p
tcp      55      0 localhost:59400        localhost:10025        CLOSE_WAIT  1531/amavisd (ch1-a
tcp6      0      0 [::]:pop3              [::]:*                  LISTEN      2108/couriertcpd
tcp6      0      0 [::]:sunrpc            [::]:*                  LISTEN      604/rpcbind
tcp6      0      0 [::]:http              [::]:*                  LISTEN      2312/apache2
tcp6      0      0 [::]:ssmtp              [::]:*                  LISTEN      2212/master
tcp6      0      0 [::]:domain            [::]:*                  LISTEN      1368/named
tcp6      0      0 [::]:smtp              [::]:*                  LISTEN      2212/master
tcp6      0      0 ip6-localhost:953      [::]:*                  LISTEN      1368/named
tcp6      0      0 [::]:XXX                [::]:*                  LISTEN      841/sshd
tcp6      0      0 [::]:submission        [::]:*                  LISTEN      2212/master

iptables -L
---------------------------------
Code:

Chain INPUT (policy DROP)
target    prot opt source              destination
dynamic    all  --  anywhere            anywhere            ctstate INVALID,NEW
net2fw    all  --  anywhere            anywhere
ACCEPT    all  --  anywhere            anywhere
Reject    all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix "Shorewall:INPUT:REJECT:"
reject    all  --  anywhere            anywhere            [goto]

Chain FORWARD (policy DROP)
target    prot opt source              destination
Reject    all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix "Shorewall:FORWARD:REJECT:"
reject    all  --  anywhere            anywhere            [goto]

Chain OUTPUT (policy DROP)
target    prot opt source              destination
fw2net    all  --  anywhere            anywhere
ACCEPT    all  --  anywhere            anywhere
Reject    all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix "Shorewall:OUTPUT:REJECT:"
reject    all  --  anywhere            anywhere            [goto]

Chain Broadcast (2 references)
target    prot opt source              destination
DROP      all  --  anywhere            anywhere            ADDRTYPE match dst-type BROADCAST
DROP      all  --  anywhere            anywhere            ADDRTYPE match dst-type MULTICAST
DROP      all  --  anywhere            anywhere            ADDRTYPE match dst-type ANYCAST
DROP      all  --  anywhere            base-address.mcast.net/4

Chain Drop (1 references)
target    prot opt source              destination
          all  --  anywhere            anywhere
reject    tcp  --  anywhere            anywhere            tcp dpt:auth /* Auth */
Broadcast  all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp fragmentation-needed /* Needed ICMP types */
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded /* Needed ICMP types */
Invalid    all  --  anywhere            anywhere
DROP      udp  --  anywhere            anywhere            multiport dports loc-srv,microsoft-ds /* SMB */
DROP      udp  --  anywhere            anywhere            udp dpts:netbios-ns:netbios-ssn /* SMB */
DROP      udp  --  anywhere            anywhere            udp spt:netbios-ns dpts:1024:65535 /* SMB */
DROP      tcp  --  anywhere            anywhere            multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP      udp  --  anywhere            anywhere            udp dpt:1900 /* UPnP */
NotSyn    tcp  --  anywhere            anywhere
DROP      udp  --  anywhere            anywhere            udp spt:domain /* Late DNS Replies */

Chain Invalid (2 references)
target    prot opt source              destination
DROP      all  --  anywhere            anywhere            ctstate INVALID

Chain NotSyn (2 references)
target    prot opt source              destination
DROP      tcp  --  anywhere            anywhere            tcpflags:! FIN,SYN,RST,ACK/SYN

Chain Reject (3 references)
target    prot opt source              destination
          all  --  anywhere            anywhere
reject    tcp  --  anywhere            anywhere            tcp dpt:auth /* Auth */
Broadcast  all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp fragmentation-needed /* Needed ICMP types */
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded /* Needed ICMP types */
Invalid    all  --  anywhere            anywhere
reject    udp  --  anywhere            anywhere            multiport dports loc-srv,microsoft-ds /* SMB */
reject    udp  --  anywhere            anywhere            udp dpts:netbios-ns:netbios-ssn /* SMB */
reject    udp  --  anywhere            anywhere            udp spt:netbios-ns dpts:1024:65535 /* SMB */
reject    tcp  --  anywhere            anywhere            multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP      udp  --  anywhere            anywhere            udp dpt:1900 /* UPnP */
NotSyn    tcp  --  anywhere            anywhere
DROP      udp  --  anywhere            anywhere            udp spt:domain /* Late DNS Replies */

Chain dynamic (3 references)
target    prot opt source              destination

Chain eth0_fwd (0 references)
target    prot opt source              destination
dynamic    all  --  anywhere            anywhere            ctstate INVALID,NEW

Chain fw2net (1 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED
ACCEPT    all  --  anywhere            anywhere

Chain logdrop (0 references)
target    prot opt source              destination
DROP      all  --  anywhere            anywhere

Chain logreject (0 references)
target    prot opt source              destination
reject    all  --  anywhere            anywhere

Chain net2fw (1 references)
target    prot opt source              destination
dynamic    all  --  anywhere            anywhere            ctstate INVALID,NEW
ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:pop3 /* POP3 */
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp /* SMTP */
ACCEPT    icmp --  anywhere            anywhere            icmp echo-request /* Ping */
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:webmin /* Webmin */
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:http /* Web */
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:https /* Web */
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ssh /* SSH */
Drop      all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix "Shorewall:net2fw:DROP:"
DROP      all  --  anywhere            anywhere

Chain reject (10 references)
target    prot opt source              destination
DROP      all  --  anywhere            anywhere            ADDRTYPE match src-type BROADCAST
DROP      all  --  base-address.mcast.net/4  anywhere
DROP      igmp --  anywhere            anywhere
REJECT    tcp  --  anywhere            anywhere            reject-with tcp-reset
REJECT    udp  --  anywhere            anywhere            reject-with icmp-port-unreachable
REJECT    icmp --  anywhere            anywhere            reject-with icmp-host-unreachable
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

Chain shorewall (0 references)
target    prot opt source              destination

i configured shorewall to suit my needs and I think haven't locked myself out :) when I try to telnet to smtp port from outside, i get no response so i guess that no program is actually listening this port...

suntribe 23rd December 2012 16:31

Hi falko, last night I followed one of your tutorials but still not able to access the mail via imap (with squirrelmail or even from outside network) or access the smtp from outside... I think that no daemon listens to ports outside of localhost... is that possible? How can I check that?

UPDATE:
-------------
I enabled the firewall port 587 and now I'm able to send emails from Outlook also :)

Another thing I did, was adding inet_interfaces = all in main.cf and IMAP is working also :P


All times are GMT +2. The time now is 23:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.