HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   new install dovecot port465/587 issue (http://www.howtoforge.com/forums/showthread.php?t=61129)

mashton 25th March 2013 14:36

new install dovecot port465/587 issue
 
Hi all,

I had to quickly move servers, so did a fresh install of ispconfig2 on a new centos 6.4 box, since I did not have time to learn ispconfig3 and move all 180 sites.

Install went fine, then using this thread http://www.howtoforge.com/forums/sho...config&page=19 we moved the server over.

All went well with the exception of smtp is now only working on port 25, and for the life of me I can not figure out why 465 & 587 are not working.

Now looking into things, yum installed Dovecot 2.0.9 which may be my issue but running
Quote:

yum --showduplicates list dovecot
only shows
Quote:

Installed Packages
dovecot.x86_64 1:2.0.9-5.el6 @base
Available Packages
dovecot.i686 1:2.0.9-5.el6 base
dovecot.x86_64 1:2.0.9-5.el6 base
So not sure if I should revert back, old server was running dovecot 1.0.7 or if there is another work around.

thanks,

Mike

mashton 26th March 2013 15:19

More information
 
nobody have any ideas? I see over 50 of you have looked......

Here is my postfix and dovecot configs to see if anyone sees anything glaring wrong.

postfix

main.cf ( alter/masked domain and ip )
Code:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = all
inet_protocols = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8,xx.xx.xx.xx/28
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = host01.mydomain.com
home_mailbox = Maildir/
mailbox_command =
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

master.cf
Code:

smtp      inet  n      -      n      -      -      smtpd
smtps    inet  n      -      n      -      -      smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n      -      n      60      1      pickup
cleanup  unix  n      -      n      -      0      cleanup
qmgr      fifo  n      -      n      300    1      qmgr
tlsmgr    unix  -      -      n      1000?  1      tlsmgr
rewrite  unix  -      -      n      -      -      trivial-rewrite
bounce    unix  -      -      n      -      0      bounce
defer    unix  -      -      n      -      0      bounce
trace    unix  -      -      n      -      0      bounce
verify    unix  -      -      n      -      1      verify
flush    unix  n      -      n      1000?  0      flush
proxymap  unix  -      -      n      -      -      proxymap
proxywrite unix -      -      n      -      1      proxymap
smtp      unix  -      -      n      -      -      smtp
relay    unix  -      -      n      -      -      smtp
        -o smtp_fallback_relay=
showq    unix  n      -      n      -      -      showq
error    unix  -      -      n      -      -      error
retry    unix  -      -      n      -      -      error
discard  unix  -      -      n      -      -      discard
local    unix  -      n      n      -      -      local
virtual  unix  -      n      n      -      -      virtual
lmtp      unix  -      -      n      -      -      lmtp
anvil    unix  -      -      n      -      1      anvil
scache    unix  -      -      n      -      1      scache
maildrop  unix  -      n      n      -      -      pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -      n      n      -      -      pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus    unix  -      n      n      -      -      pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -      n      n      -      -      pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -      n      n      -      -      pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp    unix  -      n      n      -      -      pipe
  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

dovecot.conf
Code:

protocols = imap pop3
dict {
}
!include conf.d/*.conf

I've also included all the dovecot/conf.d files uncommented lines.

Code:

10-auth.conf:disable_plaintext_auth = no
10-auth.conf:auth_mechanisms = plain
10-auth.conf:!include auth-system.conf.ext
10-director.conf:service director {
10-director.conf:  unix_listener login/director {
10-director.conf:  }
10-director.conf:  fifo_listener login/proxy-notify {
10-director.conf:  }
10-director.conf:  unix_listener director-userdb {
10-director.conf:  }
10-director.conf:  inet_listener {
10-director.conf:  }
10-director.conf:}
10-director.conf:service imap-login {
10-director.conf:}
10-director.conf:service pop3-login {
10-director.conf:}
10-director.conf:protocol lmtp {
10-director.conf:}
10-logging.conf:plugin {
10-logging.conf:}
10-mail.conf:mail_location = maildir:~/Maildir
10-mail.conf:mbox_write_locks = fcntl
10-master.conf:service imap-login {
10-master.conf:  inet_listener imap {
10-master.conf:  }
10-master.conf:  inet_listener imaps {
10-master.conf:  }
10-master.conf:}
10-master.conf:service pop3-login {
10-master.conf:  inet_listener pop3 {
10-master.conf:  }
10-master.conf:  inet_listener pop3s {
10-master.conf:  }
10-master.conf:}
10-master.conf:service lmtp {
10-master.conf:  unix_listener lmtp {
10-master.conf:  }
10-master.conf:}
10-master.conf:service imap {
10-master.conf:}
10-master.conf:service pop3 {
10-master.conf:}
10-master.conf:service auth {
10-master.conf:  unix_listener auth-userdb {
10-master.conf:  }
10-master.conf:}
10-master.conf:service auth-worker {
10-master.conf:}
10-master.conf:service dict {
10-master.conf:  unix_listener dict {
10-master.conf:  }
10-master.conf:}
10-ssl.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
10-ssl.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem
15-lda.conf:protocol lda {
15-lda.conf:}
20-imap.conf:protocol imap {
20-imap.conf:}
20-lmtp.conf:protocol lmtp {
20-lmtp.conf:}
20-pop3.conf:protocol pop3 {
20-pop3.conf:}
90-acl.conf:plugin {
90-acl.conf:}
90-acl.conf:plugin {
90-acl.conf:}
90-plugin.conf:plugin {
90-plugin.conf:}
90-quota.conf:plugin {
90-quota.conf:}
90-quota.conf:plugin {
90-quota.conf:}
90-quota.conf:plugin {
90-quota.conf:}
90-quota.conf:plugin {
90-quota.conf:}
dovecot-new.conf:disable_plaintext_auth = no
dovecot-new.conf:mail_location = maildir:~/Maildir
dovecot-new.conf:mbox_write_locks = fcntl
dovecot-new.conf:passdb {
dovecot-new.conf:  driver = pam
dovecot-new.conf:}
dovecot-new.conf:protocols = imap pop3
dovecot-new.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
dovecot-new.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem
dovecot-new.conf:userdb {
dovecot-new.conf:  driver = passwd
dovecot-new.conf:}

Again, any help would be appreciated.

Mike

falko 2nd April 2013 12:51

Those ports can be configured in /etc/postfix/master.cf. Dovecot has nothing to do with this. Can you post your full master.cf?

mashton 2nd April 2013 13:47

Here is my master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#              (yes)  (yes)  (yes)  (never) (100)
# ==========================================================================
smtp      inet  n      -      n      -      -      smtpd
#submission inet n      -      n      -      -      smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_sasl_type=dovecot
#  -o milter_macro_daemon_name=ORIGINATING
smtps    inet  n      -      n      -      -      smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n      -      n      -      -      qmqpd
pickup    fifo  n      -      n      60      1      pickup
cleanup  unix  n      -      n      -      0      cleanup
qmgr      fifo  n      -      n      300    1      qmgr
#qmgr    fifo  n      -      n      300    1      oqmgr
tlsmgr    unix  -      -      n      1000?  1      tlsmgr
rewrite  unix  -      -      n      -      -      trivial-rewrite
bounce    unix  -      -      n      -      0      bounce
defer    unix  -      -      n      -      0      bounce
trace    unix  -      -      n      -      0      bounce
verify    unix  -      -      n      -      1      verify
flush    unix  n      -      n      1000?  0      flush
proxymap  unix  -      -      n      -      -      proxymap
proxywrite unix -      -      n      -      1      proxymap
smtp      unix  -      -      n      -      -      smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay    unix  -      -      n      -      -      smtp
        -o smtp_fallback_relay=
#      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq    unix  n      -      n      -      -      showq
error    unix  -      -      n      -      -      error
retry    unix  -      -      n      -      -      error
discard  unix  -      -      n      -      -      discard
local    unix  -      n      n      -      -      local
virtual  unix  -      n      n      -      -      virtual
lmtp      unix  -      -      n      -      -      lmtp
anvil    unix  -      -      n      -      1      anvil
scache    unix  -      -      n      -      1      scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -      n      n      -      -      pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -      n      n      -      -      pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
cyrus    unix  -      n      n      -      -      pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -      n      n      -      -      pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
ifmail    unix  -      n      n      -      -      pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
bsmtp    unix  -      n      n      -      -      pipe
  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -      n      n      -      2      pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman  unix  -      n      n      -      -      pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

Thanks

falko 5th April 2013 00:07

Please uncomment the following lines as well and restart Postfix:
Code:

submission inet n      -      n      -      -      smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot


mashton 5th April 2013 02:49

Hi Falko,

Did the change restarted postfix and no change. I can still connect using port 25 w TLS but not to 465 or 587. Firewall is not blocking them either.

Stumped.

falko 5th April 2013 20:34

What's the output of
Code:

iptables -L
?

Is SELinux disabled?

mashton 5th April 2013 20:58

Falko,

Here is the results:

Code:

iptables -L
Chain INPUT (policy DROP)
target    prot opt source              destination
DROP      tcp  --  anywhere            loopback/8
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    all  --  anywhere            anywhere
DROP      all  --  base-address.mcast.net/4  anywhere
PUB_IN    all  --  anywhere            anywhere
PUB_IN    all  --  anywhere            anywhere
PUB_IN    all  --  anywhere            anywhere
PUB_IN    all  --  anywhere            anywhere
DROP      all  --  anywhere            anywhere

Chain FORWARD (policy DROP)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
DROP      all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination
PUB_OUT    all  --  anywhere            anywhere
PUB_OUT    all  --  anywhere            anywhere
PUB_OUT    all  --  anywhere            anywhere
PUB_OUT    all  --  anywhere            anywhere

Chain INT_IN (0 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
DROP      all  --  anywhere            anywhere

Chain INT_OUT (0 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
ACCEPT    all  --  anywhere            anywhere

Chain PAROLE (10 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere

Chain PUB_IN (4 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable
ACCEPT    icmp --  anywhere            anywhere            icmp echo-reply
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded
ACCEPT    icmp --  anywhere            anywhere            icmp echo-request
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ftp
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ssh
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:smtp
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:domain
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:http
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:81
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:pop3
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:imap
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:https
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ndmp
ACCEPT    udp  --  anywhere            anywhere            udp dpt:domain
DROP      icmp --  anywhere            anywhere
DROP      all  --  anywhere            anywhere

Chain PUB_OUT (4 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere

Chain fail2ban-SSH (0 references)
target    prot opt source              destination
RETURN    all  --  anywhere            anywhere

Code:

# selinuxenabled && echo enabled || echo disabled
disabled

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#    targeted - Targeted processes are protected,
#    mls - Multi Level Security protection.
SELINUXTYPE=targeted

Thanks, Mike

falko 8th April 2013 19:06

You must open the ports 465 and 587 in your firewall.


All times are GMT +2. The time now is 00:34.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.