Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th November 2007, 23:44
gridorian gridorian is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default postfix config & mailclients outside of the server's internal network

Hy there!
I used this tutorial http://www.howtoforge.com/perfect_setup_debian_etch (written by falko) to configure a mail server for one of my friends. Everything works well, till one point. I can't get it to work under any circumstances with a mail client (Thunderbird) from outside the network.

Can you help me please?

I modified mynetworks variable, adding my ip. With telnet I was able to send mails, but the mail client didn't react at all.

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

myhostname = mail.domain.com

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# SASL parameters
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_auth_only = no
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

tls_random_source = dev:/dev/random

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

inet_interfaces = all

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.com, mail.domain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
mailbox_command =
#/usr/bin/procmail -a "$EXTENSION"
#-d "$HOME/Maildir/"
recipient_delimiter = +

home_mailbox = Maildir/
__________________
yume wa yume de shikanai...
Reply With Quote
Sponsored Links
  #2  
Old 12th November 2007, 08:46
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,006
Thanks: 826
Thanked 5,377 Times in 4,224 Posts
Default

Please make sure that you forwarded the smtp port from your router to your server and that you enabled smtp authentication in Thunderbird. You should not change the mynetworks variable.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 12th November 2007, 09:37
gridorian gridorian is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

it's not the smpt port.

I have the same configurations on two different servers, and one of them works. it seems I can't manage to configure saslauthd well...

the tutorial skiped some old steps, and everything broke apart (the first server I have configured after the tutorial for sarge. this one has a few missing steps)
__________________
yume wa yume de shikanai...
Reply With Quote
  #4  
Old 12th November 2007, 09:45
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,006
Thanks: 826
Thanked 5,377 Times in 4,224 Posts
Default

Quote:
Originally Posted by gridorian
the tutorial skiped some old steps, and everything broke apart (the first server I have configured after the tutorial for sarge. this one has a few missing steps)
There is nothing missing in the tutorial. If you added steps from the sarge tutorial, then this will break sasl. Please configure sasl exactly as described in the perfect setup guide.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 12th November 2007, 10:58
gridorian gridorian is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

doying like that does not allow a mail client to connect

the error I get now is: Nov 12 11:56:56 psp postfix/smtpd[6511]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied

i'm attaching the main.cf, /etc/default/saslauthd, /etc/init.d/saslauthd files. please tell me where I'm doing it rong.

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

myhostname = mail.domain.com

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# SASL parameters
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_auth_only = no
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

smtpd_sasl_path = smtpd

tls_random_source = dev:/dev/random

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

inet_interfaces = all

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8, 82.76.110.109
mailbox_size_limit = 0
mailbox_command =

recipient_delimiter = +

home_mailbox = Maildir/
Code:
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
__________________
yume wa yume de shikanai...
Reply With Quote
  #6  
Old 12th November 2007, 11:00
gridorian gridorian is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Code:
#! /bin/sh
### BEGIN INIT INFO
# Provides:          saslauthd
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      S 0 1 6
# Short-Description: saslauthd startup script
# Description:       This script starts the saslauthd daemon. It is
#                    configured using the file /etc/default/saslauthd.
### END INIT INFO

# Author: Fabian Fagerholm <fabbe@debian.org>

# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin

# Global variables
DAEMON=/usr/sbin/saslauthd
DEFAULT_FILES=`find /etc/default -regex '/etc/default/saslauthd[_a-zA-Z0-9\-]*$' -print | sort`
FALLBACK_RUN_DIR=/var/run/saslauthd
NAME=saslauthd

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# Function that starts all saslauthd instances
# Parameters: none
# Return value: none
do_startall()
{
        for instance in $DEFAULT_FILES
        do
                start_instance $instance
        done
}

# Function that stops all saslauthd instances
# Parameters: none
# Return value: none
do_stopall()
{
        for instance in $DEFAULT_FILES
        do
                stop_instance $instance
        done
}

# Function that sends a SIGHUP to all saslauthd instances
# Parameters: none
# Return value: none
do_reloadall()
{
        for instance in $DEFAULT_FILES
        do
                reload_instance $instance
        done
}

# Function that starts a single saslauthd instance
# Parameters:
#       $1 = path of default file for this instance
# Return value:
#       0 on success (does not mean the instance started)
#       1 on failure
start_instance()
{
        # Load defaults file for this instance.
        . $1

        # If the daemon is not enabled, give the user a warning and stop.
        if [ "$START" != "yes" ]; then
                log_warning_msg "To enable $NAME, edit $1 and set START=yes"
                return 0
        fi

        # If the short name of this instance is undefined, warn the user
        # but choose a default name.
        if [ -z "$NAME" ]; then
                log_warning_msg "Short name (NAME) undefined in $1, using default"
                NAME=default
        fi

        log_daemon_msg "Starting $DESC" "$NAME"

        # Determine run directory and pid file location by looking
        # for an -m option.
        RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
        if [ -z "$RUN_DIR" ]; then
                # No run directory defined in defaults file, fail.
                #log_failure_msg "No run directory defined for $NAME, not starting"
                #return 1
                RUN_DIR=/var/log/saslauthd
                #@@ set by dr
        fi
        #PIDFILE=$RUN_DIR/saslauthd.pid
        PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
        #@@ set by dr

        # If no mechanisms are defined, fail.
        if [ -z "$MECHANISMS" ]; then
                log_failure_msg "No mechanisms defined in $1, not starting $NAME"
                return 1
        fi

        # If there are mechanism options defined, prepare them for use with
        # the -O flag.
        if [ -n "$MECH_OPTIONS" ]; then
                MECH_OPTIONS="-O $MECH_OPTIONS"
        fi

        # If there is a threads option defined, prepare it for use with
        # the -n flag.
        if [ -n "$THREADS" ]; then
                THREAD_OPTIONS="-n $THREADS"
        fi

        # Construct argument string.
        DAEMON_ARGS="-a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"

        # If there is a statoverride for the run directory, then pull
        # permission and ownership information from it and create the directory.
        # Otherwise, we create the directory with default permissions and
        # ownership (root:sasl, 710).
        if dpkg-statoverride --list $RUN_DIR > /dev/null; then
                createdir `dpkg-statoverride --list $RUN_DIR`
        else
                createdir root sasl 710 $RUN_DIR
        fi

        # Start the daemon, phase 1: see if it is already running.
        start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
                --exec $DAEMON --test > /dev/null
        if [ "$?" != 0 ]; then
                log_progress_msg "(already running)"
                log_end_msg 0
                return 0
        fi

        # Start the daemon, phase 2: it was not running, so actually start it now.
        start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
                --exec $DAEMON -- $DAEMON_ARGS
        if [ "$?" != 0 ]; then
                log_end_msg 1
                return 1
        fi

        # Started successfully.
        log_end_msg 0
        return 0
}

[]...
__________________
yume wa yume de shikanai...
Reply With Quote
  #7  
Old 12th November 2007, 11:43
gridorian gridorian is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I modified some things back.
Still same error: Nov 12 12:45:48 psp postfix/smtpd[7620]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied

please help. execept for smtpd_recipient_restrictions, this should be the original config, as the tutorial sugested. I still get that error. what could be wrong?

main.cf:
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

myhostname = mail.domain.com

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# SASL parameters
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_auth_only = no
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

#smtpd_sasl_path = smtpd

tls_random_source = dev:/dev/random

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

inet_interfaces = all

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8, 82.76.110.109
mailbox_size_limit = 0
mailbox_command =
recipient_delimiter = +

home_mailbox = Maildir/
/etc/default/saslauthd
Code:
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
__________________
yume wa yume de shikanai...
Reply With Quote
  #8  
Old 13th November 2007, 16:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What's the output of
Code:
ls -la /var/spool/postfix/var/run/saslauthd
and
Code:
ps aux | grep saslauthd
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 14th November 2007, 10:17
gridorian gridorian is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Code:
psp:~# ls -a /var/spool/postfix/var/run/saslauthd/
.  ..  cache.flock  cache.mmap  mux  mux.accept  saslauthd.pid
psp:~# ps aux | grep saslauthd
root     10192  0.0  0.2   7888  1144 ?        Ss   Nov12   0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     10197  0.0  0.2   7888  1044 ?        S    Nov12   0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     10198  0.0  0.2   7888  1036 ?        S    Nov12   0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     10199  0.0  0.1   7768   584 ?        S    Nov12   0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     10200  0.0  0.2   7888  1032 ?        S    Nov12   0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     23828  0.0  0.1   1760   568 pts/0    R+   11:19   0:00 grep saslauthd
It might help you the fact that I'm not using the stable version, but the testing one.

Anyway... staied and investigated piece by piece and finaly found out what was wrong. The configs were OK... The problem was that sasldauth couldn't comunicate with pam. I changed the config and replaced pam with shadow, and everything worked fine .

Thanks a lot for your anwser... I'm in your debt...
__________________
yume wa yume de shikanai...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 2.2.14 released till General 48 19th July 2007 23:46
spamassasin/clamAV not working Daisy Installation/Configuration 32 15th February 2007 00:09
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
Problem with the apache (I can't start ist) M.Behrens Installation/Configuration 11 31st March 2006 10:48


All times are GMT +2. The time now is 07:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.