Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th July 2008, 06:52
mangueJOE mangueJOE is offline
Junior Member
 
Join Date: Jan 2008
Location: Brazil
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Talking Postfix STARTTLS works to localhost only (SOLVED)

Ok guys this is driving me crazy.

This is the output of the telnet localhost 25, on a shell login on the server:

Code:
nobunaga:/var/log# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 nobunaga.eden.blog.br ESMTP Postfix
ehlo anything.lie
250-nobunaga.eden.blog.br
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Now this is the output of the same thing, but remotely from a winxp host:

Code:
telnet 192.168.254.3
220 nobunaga.eden.blog.br ESMTP Postfix
ehlo anything.lie
250-nobunaga.eden.blog.br
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
What is that!?!?! there is no starttls offer.
I can only send mail using thunderbird 2.0 if I check the option "tls if avaliable". Also outlook express I can't send mail if I check ssl to smtp. I can still use TLS with dovecot with no problems. in fact I have only pop3s and imaps running, not the regular ones.

This is the output of nmap:

Code:
nobunaga:/var/log# nmap localhost

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-07-10 22:46 BRT
Interesting ports on localhost (127.0.0.1):
Not shown: 1672 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql
Here's my main.cf, its pretty simple:

Code:
# Geral
myhostname = nobunaga.eden.blog.br
mydomain = eden.blog.br
home_mailbox = Maildir/
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.localdomain localhost $myhostname $mydomain
relayhost =
mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

# TLS
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 3

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
I'm completely lost, googling for 2 days already.

Last edited by mangueJOE; 11th July 2008 at 22:44. Reason: changing title
Reply With Quote
Sponsored Links
  #2  
Old 11th July 2008, 22:22
mangueJOE mangueJOE is offline
Junior Member
 
Join Date: Jan 2008
Location: Brazil
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Found what was causing the problem.

WINDOWN XP ANTIVIRUS SOFTWARE

The avast antivirus was proxying my smtp connections, and it doesn't support tls. How I discovered this? I issued the command starttls even if it wasnt showing in the telnet ehlo. just to recieve the message "avast doensn't support tls" or somehint like that. disabling mail virus check on the windows machine solved.

I lost a full day because of this... I guess I deserve for using windows as client, since they need antivirus software.

cya guys
Reply With Quote
  #3  
Old 31st July 2008, 13:52
peter.zagar peter.zagar is offline
Junior Member
 
Join Date: Jul 2008
Location: Slovenia
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Question Same problem here

I have exactly the same problem, only that Windows antivirus software in NOT to blame.

I have a realworld server and i replaced the real domain with an example someserver.somedomain.com for this post only.

When i telenet from mailserver to localhost i have the STARTTLS option:
Code:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 someserver.somedomain.com ESMTP Postfix
ehlo someserver
250-someserver.somedomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
But when i telnet to the server from some machine from internet, there is no STARTTLS option:
Code:
telnet someserver.somedomain.com 25
Trying 321.321.321.321...
Connected to someserver.somedomain.com.
Escape character is '^]'.
220 someserver.somedomain.com  ESMTP Postfix
ehlo someserver
250-someserver.somedomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XXXXXXXA
250-AUTH PLAIN LOGIN
250-XXXXXXXXXXXXXXXB
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye
Connection closed by foreign host.
I must mention that I had the server in local environment first, when I prepared the installation. Later, I moved the server to my client location, and changed the IP and other options at the site.

I can send/receive mail normally without TLS.

What could be the problem?

Thanks, Peter
Reply With Quote
  #4  
Old 31st July 2008, 14:44
mangueJOE mangueJOE is offline
Junior Member
 
Join Date: Jan 2008
Location: Brazil
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The problem I had also happens when the client tryies to connect via a proxied connection. maybe the proxy doens't support tls or it also scans for viruses. (I found some people that reported this when I was looking for solutions for my previous problem. They were also going crazy.)

I'd test it with the following scenario.:

Laptop with linux
Plug in the same switch the mail server is
Telnet ther mail server.

That will answer for real.
__________________
Fedora / Debian / Ubuntu
Reply With Quote
  #5  
Old 2nd August 2008, 11:27
peter.zagar peter.zagar is offline
Junior Member
 
Join Date: Jul 2008
Location: Slovenia
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Question

How do you mean proxy? Do you mean in web browser?

I use Linux for testing this, no proxies, direct connection to internet.
But I am not at the location of the server.

Whet I ssh to another linux server in their network, which is in the same network subnet I have STARTTLS command.

Could ISP could be blocking something?

Thanks,

peter
Reply With Quote
  #6  
Old 2nd August 2008, 15:01
mangueJOE mangueJOE is offline
Junior Member
 
Join Date: Jan 2008
Location: Brazil
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Wink

Yes could be the ISP. Some ISPs proxy everything transparently so you don't need to configure anything on your computer.

I strongly recomend you do the local switch test, or ask someone that has local access to the server to do it. Also, are you able to telnet other servers over the internet and see if the starttls appears?

test this one

Code:
telnet chunli.iteci.com.br 25

220 chunli.iteci.com.br ESMTP Postfix
ehlo test
250-chunli.iteci.com.br
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
If you also can't see the starttls offer, than there's a problem in your connection, your computer. If you can see the starttls offer, than asure you are really telneting the correct ip when you test your server. And don't forget to do that local test.
__________________
Fedora / Debian / Ubuntu
Reply With Quote
  #7  
Old 2nd August 2008, 15:19
mangueJOE mangueJOE is offline
Junior Member
 
Join Date: Jan 2008
Location: Brazil
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by peter.zagar View Post
Whet I ssh to another linux server in their network, which is in the same network subnet I have STARTTLS command.
You mean telnet right?
__________________
Fedora / Debian / Ubuntu
Reply With Quote
  #8  
Old 4th August 2008, 13:33
peter.zagar peter.zagar is offline
Junior Member
 
Join Date: Jul 2008
Location: Slovenia
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Question

Yes, what I meant was, ssh to another server in their network, then telnet from that server to the mailserver to test it.

I guess there is something in between, because I also would not be able to starttls with your server:
Code:
telnet chunli.iteci.com.br 25
Trying 200.165.179.125...
Connected to chunli.iteci.com.br.
Escape character is '^]'.
220 chunli.iteci.com.br ESMTP Postfix
ehlo chunli
250-chunli.iteci.com.br
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-XXXXXXXA
250-AUTH PLAIN LOGIN
250-XXXXXXXXXXXXXXXB
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
How would I find out where is the point of error? There is a direct FTTH link to the location, then Cisco Catalyst switch, then mailserver, which has the default Centos firewall enabled (the ISPconfig firewall did not seem to work properly, it shut me off even though the default ports were left open).

Any thoughts?
Reply With Quote
  #9  
Old 4th August 2008, 13:36
peter.zagar peter.zagar is offline
Junior Member
 
Join Date: Jul 2008
Location: Slovenia
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Oh, I will do the local testing next time I go there.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 17:58
Question about Virtual Hosting With Proftpd And MySQL (Incl. Quota) On Debian Etch ikkem HOWTO-Related Questions 30 26th February 2008 19:38
Mail errors unknown address terryoleary1981 General 9 10th January 2008 16:51
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Internet Mail Problem deezone Installation/Configuration 9 22nd February 2006 21:09


All times are GMT +2. The time now is 00:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.