Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #21  
Old 11th September 2012, 07:41
ansabhailte ansabhailte is offline
Junior Member
 
Join Date: Sep 2012
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm no expert, but telnetting port 587 returns STARTTLS. Isn't that an encryption protocol?
Reply With Quote
Sponsored Links
  #22  
Old 11th September 2012, 07:46
ansabhailte ansabhailte is offline
Junior Member
 
Join Date: Sep 2012
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

So in trying to troubleshoot where things are failing, I have lined up the following:

Email goes from -> to:

Gmail --> Goldenoakit.com (MX DNS) --> Firewall (IPtables, 587) --> SASL --> Postfix --> MySQL --> vmail folder --> SpamAssassin/Amavis/ClamAV

Does this look right?

If so, then everything from Postfix through ClamAV work fine because I can send mail locally. And everything from Gmail to firewall work fine because I can telnet and run an ehlo. That is why I am led to believe that it is a SASL issue. That, and the error report I posted earlier about not being able to auth SASL-PAM-MySQL. When I run testsaslauthd with the user mail_admin it fails. That is the user account that is being used to auth, correct?
Reply With Quote
  #23  
Old 11th September 2012, 07:52
gscales gscales is offline
Member
 
Join Date: May 2012
Posts: 34
Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by ansabhailte View Post
I'm no expert, but telnetting port 587 returns STARTTLS. Isn't that an encryption protocol?
Mine returns the same thing. It also returns 250-AUTH LOGIN PLAIN, right?
Reply With Quote
  #24  
Old 11th September 2012, 07:55
ansabhailte ansabhailte is offline
Junior Member
 
Join Date: Sep 2012
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes. But my mail client is configured to use STARTTLS and it pulls from the server just fine (My client's, however, is using PLAIN.)

But the problem is somewhere in the authentication, I would think, whether that's SASL, PAM, or something with MySQL. The problem is that I just can't pinpoint it, and if I did, I'm not sure I'd know exactly how to fix it.
Reply With Quote
  #25  
Old 11th September 2012, 08:02
gscales gscales is offline
Member
 
Join Date: May 2012
Posts: 34
Thanks: 1
Thanked 1 Time in 1 Post
Default

"When I run testsaslauthd with the user mail_admin it fails. That is the user account that is being used to auth, correct? "

mail_admin is the database user name that is used by SASL to get into the MySQL database "mail" to find the user %u at domain %r.

if you type "mysql -u mail_admin -p" ... it should prompt you for a password. Copy and paste the value from the smtpd.conf and it should log you in. Type "show databases;" and one of them should be "mail". Type "use mail;" and it should switch to the mail database.
Reply With Quote
  #26  
Old 11th September 2012, 08:08
gscales gscales is offline
Member
 
Join Date: May 2012
Posts: 34
Thanks: 1
Thanked 1 Time in 1 Post
Default

If you went on with the above, you could type something like "select * users;" and it would give you a list of the users you have set up in mysql. My point is, that when you are using the userid=mail_admin ... that is NOT being authenticated by SASL, but by mysqld. So testsaslauthd will fail on that userid ...
Reply With Quote
  #27  
Old 11th September 2012, 08:09
ansabhailte ansabhailte is offline
Junior Member
 
Join Date: Sep 2012
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, I've done that. What I'm asking is what user account is being used to auth with saslauthd? Is it the email address user (josh@goldenoakit.com) or is it root or something? Because the only users that can pass testsaslauthd are root and josh (aka local UNIX users.) To put it in other words, if these email accounts need to authenticate with SASL in order to receive email, and the only accounts that can pass the auth are local UNIX accounts, where is the break there? Why aren't the accounts defined in MySQL able to authenticate with SASL over port 587?
Reply With Quote
  #28  
Old 11th September 2012, 08:18
ansabhailte ansabhailte is offline
Junior Member
 
Join Date: Sep 2012
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ok. Let's try a different approach. Why, when I try to send an email from Gmail to an address hosted on my server, do I not get any errors or notices in mail.log or anything? Does that show where it's failing?
Reply With Quote
  #29  
Old 11th September 2012, 08:24
gscales gscales is offline
Member
 
Join Date: May 2012
Posts: 34
Thanks: 1
Thanked 1 Time in 1 Post
Default

I'm not real familiar with testsaslauthd, so pardon my ignorance. What is being authenticated through postfix is the user@domainName stored in the MySQL database mail table user. You are testing ID's in the Unix user table which is unrelated because you are using "virtual" users (ie stored in a mysql db).
Reply With Quote
  #30  
Old 11th September 2012, 08:27
gscales gscales is offline
Member
 
Join Date: May 2012
Posts: 34
Thanks: 1
Thanked 1 Time in 1 Post
 
Default

Quote:
Originally Posted by ansabhailte View Post
Ok. Let's try a different approach. Why, when I try to send an email from Gmail to an address hosted on my server, do I not get any errors or notices in mail.log or anything? Does that show where it's failing?
Well, it at least shows that the failure, misconfiguration, or whatever is messing up is ahead of what is doing the logging ...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix/courier/Centos 6 cant send email to external email servers maxtorzito Installation/Configuration 14 7th October 2011 10:56
sneaking suspicion my postfix config has gone awry mjbarfoot Installation/Configuration 7 24th August 2010 12:23
Sending emails with custom FROM email address merisor Installation/Configuration 4 8th February 2010 16:27
postfix, pop3 uvbnserved Server Operation 22 24th May 2009 21:00
Postfix won't receive external email fred!head Server Operation 2 29th June 2008 19:30


All times are GMT +2. The time now is 11:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.