Postfix can't receive emails from external domains

[ansabhailte]

I'm no expert, but telnetting port 587 returns STARTTLS. Isn't that an encryption protocol?

[ansabhailte]

So in trying to troubleshoot where things are failing, I have lined up the following:

Email goes from -> to:

Gmail --> Goldenoakit.com (MX DNS) --> Firewall (IPtables, 587) --> SASL --> Postfix --> MySQL --> vmail folder --> SpamAssassin/Amavis/ClamAV

Does this look right?

If so, then everything from Postfix through ClamAV work fine because I can send mail locally. And everything from Gmail to firewall work fine because I can telnet and run an ehlo. That is why I am led to believe that it is a SASL issue. That, and the error report I posted earlier about not being able to auth SASL-PAM-MySQL. When I run testsaslauthd with the user mail_admin it fails. That is the user account that is being used to auth, correct?

[gscales]

Quote:

Originally Posted by ansabhailte

I'm no expert, but telnetting port 587 returns STARTTLS. Isn't that an encryption protocol?

Mine returns the same thing. It also returns 250-AUTH LOGIN PLAIN, right?

[ansabhailte]

Yes. But my mail client is configured to use STARTTLS and it pulls from the server just fine (My client's, however, is using PLAIN.)

But the problem is somewhere in the authentication, I would think, whether that's SASL, PAM, or something with MySQL. The problem is that I just can't pinpoint it, and if I did, I'm not sure I'd know exactly how to fix it.

[gscales]

"When I run testsaslauthd with the user mail_admin it fails. That is the user account that is being used to auth, correct? "

mail_admin is the database user name that is used by SASL to get into the MySQL database "mail" to find the user %u at domain %r.

if you type "mysql -u mail_admin -p" ... it should prompt you for a password. Copy and paste the value from the smtpd.conf and it should log you in. Type "show databases;" and one of them should be "mail". Type "use mail;" and it should switch to the mail database.

[gscales]

If you went on with the above, you could type something like "select * users;" and it would give you a list of the users you have set up in mysql. My point is, that when you are using the userid=mail_admin ... that is NOT being authenticated by SASL, but by mysqld. So testsaslauthd will fail on that userid ...

[ansabhailte]

Yes, I've done that. What I'm asking is what user account is being used to auth with saslauthd? Is it the email address user (josh@goldenoakit.com) or is it root or something? Because the only users that can pass testsaslauthd are root and josh (aka local UNIX users.) To put it in other words, if these email accounts need to authenticate with SASL in order to receive email, and the only accounts that can pass the auth are local UNIX accounts, where is the break there? Why aren't the accounts defined in MySQL able to authenticate with SASL over port 587?

[ansabhailte]

Ok. Let's try a different approach. Why, when I try to send an email from Gmail to an address hosted on my server, do I not get any errors or notices in mail.log or anything? Does that show where it's failing?

[gscales]

I'm not real familiar with testsaslauthd, so pardon my ignorance. What is being authenticated through postfix is the user@domainName stored in the MySQL database mail table user. You are testing ID's in the Unix user table which is unrelated because you are using "virtual" users (ie stored in a mysql db).

[gscales]

Quote:

Originally Posted by ansabhailte

Ok. Let's try a different approach. Why, when I try to send an email from Gmail to an address hosted on my server, do I not get any errors or notices in mail.log or anything? Does that show where it's failing?

Well, it at least shows that the failure, misconfiguration, or whatever is messing up is ahead of what is doing the logging ...