Unable to read & relay mail - Postfix With SMTP-AUTH And TLS

[amsharma]

Hello,

I installed Postfix With SMTP-AUTH And TLS on a Fedora Core 6 system. I used 'Installing A LAMP System With Fedora Core 6' Tutorial. I am facing multiple issues. Here is the output of postconf -n.

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debug_peer_list = storkrubber.com
disable_dns_lookups = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = storkrubber.com
myhostname = storkmail.storkrubber.com
mynetworks = 192.9.200.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relayhost = [$mydomain]
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostna
me, reject_unknown_sender_domain, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

I setup sasl_passwd.
# Contents of sasl_passwd
#
[mydomain.com] allothers@mydomain.com:123

I have followed exactly the steps given in the tutorial.

I setup Maildir option in postfix as you can see above. If I use the Linux mail command to check a user's incoming mails, it does not show any mails. The mails are available in the Maildir/new directory of each user though. When I had set it up the first day, using mailboxes in /var/spool/mail, it all seemed to work fine.

Second & most importantly, I am unable to send mail to any other domain, i.e. relay mail from my server. It rejects saying :
<someuser@yahoo.com>: host mydomain.com[64.191.80.85] said:
550-(mail.mydomain.com) [61.246.0.97]:48837 is currently not
permitted 550-to relay through this server. Perhaps you have not logged
into the pop/imap 550-server in the last 30 minutes or do not have SMTP
Authentication turned on 550 in your email client. (in reply to RCPT TO
command)

I have put one of the users in the saslpasswd file for authentication, although I have 3-4 pop3 users available. I assume the user should not matter. The 'allothers' is a catchall account which I will setup with fetchmail to deliver mail to multiple users in my server.

Any suggestions. If you need any other inputs, pls let me know. The log hasn't been much help.

TIA
Amal

[falko]

Did you set up email accounts as shown here? http://www.howtoforge.com/forums/showthread.php?t=2

Also, which POP3 daemon do you use? What's the output of

Code:

netstat -tap

?

[amsharma]

Falko,

No, I did not exactly use the steps but I resolved the minor issue of not being able to see the mail. I commented the following line:
#home_mailbox = Maildir/

Now its putting the mails in /var/spool/mail for each user, i.e. making a mailbox for each user (with their name). If I use "mail" command I can see each user's emails. I have created their ids using what is written in the link you sent:

useradd -d /home/sample_user -g users sample_user
passwd sample_user

I guess Maildir is good for use with Imap clients & other tools etc, but my end users will be using Outlook/Eudora etc with POP3. I am running Dovecot for that.

Interestingly my main issue: Unable to relay mail has also got solved. I think that I had to restart my machine. Although I had restarted postfix many times but it was not relaying.

I also wish to add that I tried sending a mail to this server using Eudora and it gave me a error of "Bad certificate.... (self certified etc...). Do you want to accept?" I did and it started working only after that.

The maillog has a message:
Oct 6 16:19:13 mymailserver postfix/smtp[4289]: certificate verification failed for mydomain.com: num=18:self signed certificate

Is there a way to solve this and above error messages. They are both related AFAIK.

Thanks
Amal

[falko]

Quote:

Originally Posted by amsharma

Falko,

No, I did not exactly use the steps but I resolved the minor issue of not being able to see the mail. I commented the following line:
#home_mailbox = Maildir/


I guess Maildir is good for use with Imap clients & other tools etc, but my end users will be using Outlook/Eudora etc with POP3. I am running Dovecot for that.

But Dovecot uses Maildir...

Quote:

Originally Posted by amsharma

The maillog has a message:
Oct 6 16:19:13 mymailserver postfix/smtp[4289]: certificate verification failed for mydomain.com: num=18:self signed certificate

Is there a way to solve this and above error messages. They are both related AFAIK.

You must create a certificate for the hostname that your Postfix uses. You can see it when you type in

Code:

telnet localhost 25

[amsharma]

Falko,

I have been able to setup Dovecot without using Maildir. I setup a Fedora Core 3 box earlier without SSL/TLS and it works perfectly without Maildir. The mails go into /var/spool/mail/$user. It works in FC6 also. You just need to setup

default_mail_env = mbox:/var/spool/mail/%u

in dovecot.conf.

Haven't been able to change the Certificate. Will do that tomorrow and let you know.

Amal