Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th August 2011, 00:51
CopalFreak CopalFreak is offline
Junior Member
 
Join Date: May 2011
Posts: 19
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default Postfix/Dovecot SSL auth port 587

I am using Postfix, Dovecot, Mysql(virtual users), ClamAV(without Amavis), and Spamassassin.
(running saslauthd(rimap), clamsmtpd, and spamd)

I am attempting to allow authed users (only) to relay mail to the outside, and I want a wildcard SSL cert to encrypt the authing process.

I read that I should use Outgoing port 587 and SSL/TLS to do this.

I can receive mail using incoming port 995 and SSL/TLS setting.
I can NOT send (relay) using port 25 (can send to same-domain, but not outside the machine).
I can send (relay) mail using outgoing port 465 OR 587 with STARTTLS setting.
I can NOT send (relay) using outgoing port 587 with SSL/TSL setting.



Code:
# telnet mail.mydomain.com 587
Trying xxx.xxx.xxx.xx...
Connected to mail.mydomain.com.
Escape character is '^]'.
220 mail.mydomain.com ESMTP mail.mydomain.com (Debian/GNU)
>>ehlo CopalFreak
250-mail.mydomain.com
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-STARTTLS
250-ENHANDEDSTATUSCODES
250-8BITMIME
250 DSN
>>QUIT
221 2.0.0 Bye
Connection closed by foreign host.
I was trying to figure out how to use telnet to debug it a bit more but got stuck here:
Code:
>>telnet mail.mydomain.com 587
Trying xx.xx.xx.xx...
Connected to mail.mydomain.com.
Escape character is '^]'.
220 mail.mydomain.com ESMTP mail.mydomain.com (Debian/GNU)

>>ehlo MyEmail@mydomain.com
250-mail.mydomain.com
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

>>AUTH LOGIN
438 4.7.0 Encryption required for requested authentication mechanism

>>AUTH LOGIN PLAIN
438 4.7.0 Encryption required for requested authentication mechanism

>>STARTTLS
220 2.0.0 Ready to start TLS

>>EHLO MyEmail@mydomain.com
Connection closed by foreign host.
This is probably a very big indicator of whats happening, but I have no clue how to diagnose it.

Onward..

Code:
# lsof -i -n | grep "submission"
master     8705    root   15u  IPv4 229999      0t0  TCP *:submission (LISTEN)
Code:
#nmap localhost 
587/tcp   open  submission

For brevity sake, I have limited the master.cf and main.cf contents below to the stuff that I think might affect it. If there is something that I have missed that might be important, just let me know.
Code:
# -----------------------------------------------------------------------------------------
# relevant portions of /etc/postfix/master.cf
# -----------------------------------------------------------------------------------------
smtp       inet n - n - - smtpd
    -o content_filter=scan:127.0.0.1:10025

submission inet n - n - - smtpd
  # -o smtpd_tls_security_level=encrypt
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable-yes
    -o smtpd_sasl_type=dovecot
    -o smtpd_sasl_path=/var/spool/postfix/private/auth
    -o smtpd_sasl_security_options-noanonymous
    -o smtpd_sasl_local_domain-$myhostname

smtps      inet n - n - - smtpd

scan       unix - - n -  16 smtp
    -o smtp_send_xforward_command=yes
    -o smtp_enforce_tls=no

smtp       unix - - n - - smtp

spamassassin unix - n n - - pipe
     user=spamd argv=/usr./bin/spamc -f -e
     /usr/sbin/sendmail -oi -f${sender} ${recipient}

# for injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
        -o content_filter=spamassassin
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=dovecot:dovecot argv=/usr/libexec/dovecot/deliver -d ${recipient}
# -----------------------------------------------------------------------------------------
# End master.cf
# -----------------------------------------------------------------------------------------
Code:
# -----------------------------------------------------------------------------------------
# relevant portions of /etc/postfix/main.cf
# -----------------------------------------------------------------------------------------

relay_domains = $mynetworks

smtpd_client_restictions =

smtp_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_exceptions_networks = $mynetworks
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = $virtual_login_maps
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_helo_required = yes

smtpd_tls_ask_ccert = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_received_header = no
smtpd_tls_loglevel = 1

smtpd_sasl_auth_enable - yes
smtpd_use_tls = yes

smtpd_tls_cert_file = /path/to/MyCert.pem
smtpd_tls_key_file = /path/to/MyKey.pem
smtpd_tls_CAfile = /path/to/MyCA-Cert.pem

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

# -----------------------------------------------------------------------------------------
# End main.cf
# -----------------------------------------------------------------------------------------

One thing that might be affecting it is in the mail log, I see :
Code:
postfix/anvil[17020]: statistics: max connection rate 2/60s for (submission:xx.xx.xx.xx) at Aug 27 02:28:29
In the main.cf I have this..but not sure if that's actually affecting it or not.
Code:
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Other than that, I don't see any errors or anything in the logs.
(which actually bothers me a bit)

Any help would be appreciated.

Thanks!
-=*CopalFreak*=-
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
587, dovecot, postfix, ssl, virtual users

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up SMTP traffic through port 587 kforbes Installation/Configuration 4 11th August 2011 16:18
Mail Question: installed smf forum on centos perfect server setup with ispconfig happz Installation/Configuration 7 22nd August 2008 13:15
proFTPd passive mode problems bisbell Server Operation 8 6th August 2008 21:12
securing postfix - smtp auth on port 587 only rtg20 Server Operation 12 4th July 2008 20:08
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 01:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.