Navigation

websissy · #1 26th August 2008, 23:43

Okay, I have encountered a puzzle here and I need some advice... This one involves the mail that's presently coming and going from my server and the software that is processing it and trying to sort out what is REALLY going on here.

From the beginning my server has allowed me to send mail. At first, that surprised me because I hadn't selected and installed an MTA yet.

Even then, I assumed it wasn't receiving mail because I'd done nothing to make that happen yet. In fact, even the sendmail part of the equation puzzled me because I didn't know how that was happening...

Eventually, I ran across a reference somewhere that said exim4 was "the base email" MTA and that it was installed on Debian by default. Frankly, I was at that point convinced I wanted (and needed) to install and use sendmail. That's what my old dedicated server used. Later, I realized sendmail ALSO seems to have been installed when the server was originally built as well; but from what I can tell, it is not being (and has not been) used on this server at all.

In the end, after much study and research, I decided postfix (with TLS and smtp auth) was my best bet for most capability, strongest security, best performance, easiest setup and least complexity in my base MTA. I'm not entirely sure even now what TLS is but I was convinced I needed it the same way a new car owner knows they need ATF, antifreeze and brake fluid and gasoline without knowing exactly why.

My intent was to install those tools first using a tutorial I found here on HowToForge and then once they were installed and running, I'd add both Spamcop and SpamAssassin to the mix to tighten security and define what was acceptable in both my inbound and outbound mail streams.

That was my plan... exorcise Exim4 and install Postfix in its place along with TLS and smtp Auth. But you KNOW what they say about the best-laid plans of mice and men...

I tried this last Thursday with mixed results. I carefully followed the HowToForge tutorial step-by-step-by-step-by-step-by-step (www.howtoforge.com/perfect_setup_debian_etch_p5). BUT when I got to the end and it said type:

Code:

ehlo localhost

and

Code:

If you see the lines 

250-STARTTLS

and 

250-AUTH PLAIN LOGIN

everything is fine.

What I actually got was this:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myhost.com ESMTP Postfix (Debian/GNU)
ehlo localhost
250-myhost.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS <<-- Hey, here's ONE of those two 'expected' lines...
250-AUTH PLAIN LOGIN <<-- And here's the OTHER one! Did it work? DID IT ACTUALLY FREAKIN' WORK??
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
bye
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye
Connection closed by foreign host.

Frankly seeing all those lines displayed when I had assumed I'd see only 2 lines was pretty discouraging. At that point, I figured all was lost and had no idea what to do next. Sadly, the tutorial authors offered NO help whatsoever if the user did NOT see what was expected.

But looking back now, I wonder if it didn't work flawlessly and the problem was I had been mis-lead to believe I'd see only 2 lines of response when in fact there were 11 lines?

Since then, I've realized exim4 IS gone (e.g. the exorcism DID work) and postfix, tls and smpt auth (or some form of it) do seem to be running in its place (see below); but I'm not at all sure how to test it or how to figure out what (if anything) went wrong last week; or how to fix that if I DO find something wrong.

As it stands now, I did test and found that I am able to both send and receive email to and from the test domains I have moved to the server. So, I now know the basic sending and receiving of email do work; but I'm unclear as to how to test to see whether TLS is working or how to tell if SMTP Auth is working or not. And of course, I have no way of knowing whether I'm receiving all email for the accounts involved or only part of it.

Here's what I DO know about the tasks that are presently running

Code:

myserver:~# ps aux | grep postfix
root      2630  0.0  0.0  19616  2052 ?        Ss   Aug25   0:00 /usr/lib/postfix/master
postfix   2637  0.0  0.0  20688  2132 ?        S    Aug25   0:00 qmgr -l -t fifo -u
root      2649  0.0  0.0  30312  1156 ?        Ss   Aug25   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      2651  0.0  0.0  30312   672 ?        S    Aug25   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      2652  0.0  0.0  30312   484 ?        S    Aug25   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      2653  0.0  0.0  30312   484 ?        S    Aug25   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      2654  0.0  0.0  30312   484 ?        S    Aug25   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
postfix   2814  0.0  0.0  21732  2456 ?        S    Aug25   0:00 tlsmgr -l -t unix -u -c
postfix  20411  0.0  0.0  20652  1988 ?        S    11:54   0:00 pickup -l -t fifo -u -c
postfix  20430  0.0  0.0  20652  2012 ?        S    12:15   0:00 anvil -l -t unix -u -c
postfix  20438  0.0  0.0  34724  3612 ?        S    12:19   0:00 smtpd -n smtp -t inet -u -c -s 2
postfix  20439  0.0  0.0  20652  2008 ?        S    12:19   0:00 proxymap -t unix -u
postfix  20440  0.0  0.0  20664  2032 ?        S    12:19   0:00 trivial-rewrite -n rewrite -t unix -u -c
postfix  20441  0.0  0.0  20728  2128 ?        S    12:19   0:00 cleanup -z -t unix -u -c
postfix  20442  0.0  0.0  20692  2420 ?        S    12:19   0:00 local -t unix

Does anyone have any suggestions or helpful hints here?

In short, H - E - L - P ! ! ! How the HECK do I get this email installation and setup process back on track?

Thanks!

falko · #2 27th August 2008, 02:42

Quote:

Originally Posted by websissy

What I actually got was this:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myhost.com ESMTP Postfix (Debian/GNU)
ehlo localhost
250-myhost.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS <<-- Hey, here's ONE of those two 'expected' lines...
250-AUTH PLAIN LOGIN <<-- And here's the OTHER one! Did it work? DID IT ACTUALLY FREAKIN' WORK??
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
bye
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye
Connection closed by foreign host.

That's how it's supposed to be.

The tutorial didn't say that you'd get only two lines back, but that you should look out for these two lines among the other lines.

websissy · #3 28th August 2008, 15:46

I'm not sure the procedure quite said what YOU suggest either. But I admit that's probably what was intended. Nevertheless, the fact that those messages appeared "buried" in a long list of other messages did high-center me for days until I found time to try fixing "the problem" and realized I might not have a problem after all!

The point is this procedure did work! And considering the complexity of the topic, you did a fine job with it.

Furthermore, I was able to BUILD on the foundation laid by this install later. The next day I installed dovecot's IMAP4 support and squirrelmail on my server and made them work together (along with Outlook) for both pop3 and Imap4 inbound mail and SMTP-AUTH outbound mail.

In the end what matters is both my inbound and outbound mail pathways are now secured and no mail relays are allowed through my new server except for authorized and password-verified users.

Thanks a lot for taking the time to write the original procedure and the personal reply, Falko! Good job!

And now I have a suggestion. In this procedure you guide the user to get Postfix working with both SMTP-AUTH and SSL. Frankly, I wasted HOURS later figuring out how to make the SMTP-AUTH setup work with squirrelmail (using dovecot's IMAP4) and with Outlook too. I haven't dared THINK about how to make those programs work with SSL.

After all the work to guide the user through this setup, it seems the obvious next-steps would be to show them how to tie it together with their mail client via SMTP-AUTH and/or with SSL. Have you considered doing that?

Thanks again!

falko · #4 29th August 2008, 13:31

Quote:

Originally Posted by websissy

After all the work to guide the user through this setup, it seems the obvious next-steps would be to show them how to tie it together with their mail client via SMTP-AUTH and/or with SSL. Have you considered doing that?

Thanks again!

I might write a tutorial about it...

sayad · #5 29th August 2008, 17:36

hey , you are running a good stuff , i might need that in my queries too.
Sorry , but i am gonna copy paste it , hope oyur stuff is not copyrighted !!