Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st November 2006, 06:24
tecnicom tecnicom is offline
Junior Member
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPConfig SMTP AUTH fails after change IP address

Hi. I installed ISPConfig with FC5 with the great Falko HowTos.
Everything worked fine for a couple of months.
The server use to have a public IP address.

The ISP added an external Firewall and i have changed the Server IP
address to an internal 192.168.0.7 address instead of the public.

I made some changes on the named , httpd, hosts, resolv.conf files
and others and almost everything worked fine
but only the SMTP RELAY ACCESS IS NOT WORKING NOW as before
when the users use outlook. (with squirrel and uebimiau is working ok)

The sasl auth looks like working well and authenticate the user
but now it is not allowing the relay.

it looks like the SMTP AUTH connection works but is not saved or cached ???

The maillog shows that outlook is trying to send the email before the Login and the Logout
in the past logs was in the same order but in the second time the user try to send
the email the connection was allowed.

I will appreciate any help or hint.

Regards.
Adolfo Oviedo / Costa Rica
---------------------------

I have changed the IP in ISPCONFIG -> Management --> Server -- Settings -> IP address

-----------------------------
SASL is working...

[root@dominios log]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 dominios.com ESMTP Postfix
ehlo localhost
250-dominios.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME

-------------

Here is the maillog .. the Login is allowed and

Nov 20 22:53:29 dominios postfix/smtpd[21069]: connect from unknown[196.40.56.7]
Nov 20 22:53:29 dominios postfix/smtpd[21069]: NOQUEUE: reject: RCPT from unknown[196.40.56.7]: 572 <yyy@hotmail.com>: Relay access denied; from=<xxx@dominio.com> to=<yyy@hotmail.com> proto=SMTP helo=<yyy>
Nov 20 22:53:29 dominios postfix/smtpd[21069]: disconnect from unknown[196.40.56.7]
Nov 20 22:53:29 dominios dovecot: pop3-login: Login: user=<web3_xxx>, method=PLAIN, rip=::ffff:196.40.56.7, lip=::ffff:192.168.0.7
Nov 20 22:53:29 dominios dovecot: pop3(web3_xxx): Logout. top=0/0, retr=0/ del=0/0, size=0
N

----------------
this is the end of the main.cf

virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names
relay_domains = $mydestination
append_at_myorigin = no

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

-------------
I also tested adding this parameters with no luck

#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
#smtpd_tls_session_cache_timeout = 3600
#smtp_connection_cache_time_limit = 3600
#smtp_connection_cache_on_demand = yes

--------------
the file /etc/sysconfig/saslauthd has
MECH=pam
--------------
i checked and the domain is listed ok in /etc/postfix/local-host-names
with www and without www

----------------

Last edited by tecnicom; 28th November 2006 at 07:40.
Reply With Quote
Sponsored Links
  #2  
Old 22nd November 2006, 15:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

What's the output of
Code:
netstat -tap
? Did you enable "Server requires authentication." in your email client?

What's the output of
Code:
postconf -d|grep mynetworks
and
Code:
postconf -n|grep mynetworks
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 28th November 2006, 07:04
tecnicom tecnicom is offline
Junior Member
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default PostconfOutputs

Hi Falko thanks for your great support.
Hope i can contribute to the ISPconfig in some way in the near future.
I have a good expertise in php and c++ programming.


------------------------------------------
Regarding your questions.

I saw that the postconf -d
have a problem in mynetworks because there is not ',' between the subnets..
How can i update the output for postconf -d ??
mynetworks = 127.0.0.0/8 192.168.0.0/24

the main.cf have it well with the ',' and the postconf -n shows
mynetworks = 127.0.0.0/8, 192.168.0.0/24

-----------------------------------------------------------

Did you enable "Server requires authentication." in your email client?

Sure...
and everything was working great before changing the IP.

Does pop-before-smtp works with the postfix configuration for ISPConfig ?

------------------------------------------------------------

the output of netstat -tap is:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 2608/mysqld
tcp 0 0 *:40847 *:* LISTEN 1435/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 1416/portmap
tcp 0 0 *:ndmp *:* LISTEN 3454/perl
tcp 0 0 *:hosts2-ns *:* LISTEN 3192/ispconfig_http
tcp 0 0 dominios:domain *:* LISTEN 3426/named
tcp 0 0 dominios:domain *:* LISTEN 3426/named
tcp 0 0 dominios:domain *:* LISTEN 3426/named
tcp 0 0 dominios:ipp *:* LISTEN 1657/cupsd
tcp 0 0 *:smtp *:* LISTEN 3582/master
tcp 0 0 dominios:rndc *:* LISTEN 3426/named
tcp 0 0 *:imaps *:* LISTEN 1813/dovecot
tcp 0 0 *op3s *:* LISTEN 1813/dovecot
tcp 0 0 *op3 *:* LISTEN 1813/dovecot
tcp 0 0 *:imap *:* LISTEN 1813/dovecot
tcp 0 0 *:http *:* LISTEN 3326/httpd
tcp 0 0 *:ftp *:* LISTEN 3443/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 1676/sshd
tcp 0 0 ::1:rndc *:* LISTEN 3426/named
tcp 0 0 *:https *:* LISTEN 3326/httpd

----------------
postconf -d | grep mynetworks

mynetworks = 127.0.0.0/8 192.168.0.0/24
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,perm it_mx_backup_networks,qmqpd_authorized_clients,rel ay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetw orks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

---------------------
[root@dominios log]# postconf -n|grep mynetworks
mynetworks = 127.0.0.0/8, 192.168.0.0/24
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

--------------
Thank you for any help.

Last edited by tecnicom; 28th November 2006 at 10:48.
Reply With Quote
  #4  
Old 28th November 2006, 10:17
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
Originally Posted by tecnicom
Hi Falko thanks for your great support.
Hope i can contribute to the ISPconfig in some way in the near future.
I have a good expertise in php and c++ programming.
New developers are alawys welcome

Quote:
Regarding your questions.

I saw that the postconf -d
have a problem in mynetworks because there is not ',' between the subnets..
How can i update the output for postconf -d ??
mynetworks = 127.0.0.0/8 192.168.0.0/24

the main.cf have it well with the ',' and the postconf -n shows
mynetworks = 127.0.0.0/8, 192.168.0.0/24
postconf -d shows the defaults while postconf -n shows the current configuration used by postfix. I think the correct configuration will be without ",", so it might be better to remove it in main.cf and restart postfix.


Quote:
Did you enable "Server requires authentication." in your email client?

Sure...
and everything was working great before changing the IP.

Does pop-before-smtp works with the postfix configuration for ISPConfig ?
No. Pop before SMTP is not supported.


Quote:
the output of netstat -tap is:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 2608/mysqld
tcp 0 0 *:40847 *:* LISTEN 1435/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 1416/portmap
tcp 0 0 *:ndmp *:* LISTEN 3454/perl
tcp 0 0 *:hosts2-ns *:* LISTEN 3192/ispconfig_http
tcp 0 0 dominios:domain *:* LISTEN 3426/named
tcp 0 0 dominios:domain *:* LISTEN 3426/named
tcp 0 0 dominios:domain *:* LISTEN 3426/named
tcp 0 0 dominios:ipp *:* LISTEN 1657/cupsd
tcp 0 0 *:smtp *:* LISTEN 3582/master
tcp 0 0 dominios:rndc *:* LISTEN 3426/named
tcp 0 0 *:imaps *:* LISTEN 1813/dovecot
tcp 0 0 *op3s *:* LISTEN 1813/dovecot
tcp 0 0 *op3 *:* LISTEN 1813/dovecot
tcp 0 0 *:imap *:* LISTEN 1813/dovecot
tcp 0 0 *:http *:* LISTEN 3326/httpd
tcp 0 0 *:ftp *:* LISTEN 3443/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 1676/sshd
tcp 0 0 ::1:rndc *:* LISTEN 3426/named
tcp 0 0 *:https *:* LISTEN 3326/httpd
Thats ok so far. Postfix is listening on all IP addresses.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 28th November 2006, 11:07
tecnicom tecnicom is offline
Junior Member
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Still.... Relay access denied

I was playing the during all the night with several parameters like
smtpd_sender_restrictions , smtpd_sender_restrictions with no luck.
(i commented it at last)

The Login with dovecot looks ok... but still with Relay access denied;

I tried the mynetworks in the main.cf with and without comma
but still the same problem
i don't know why permit_sasl_authenticated,is not working....

----------------------------------------------------------------------
This is a recent log... it is the same.

Nov 28 03:53:03 dominios postfix/smtpd[18241]: connect from unknown[196.40.56.7]
Nov 28 03:53:03 dominios postfix/smtpd[18241]: NOQUEUE: reject: RCPT from unknown[196.40.56.7]: 554 <adolfo@hotmail.com>: Relay access denied; from=<xxx@dominios.com> to=<adolfo@hotmail.com> proto=SMTP helo=<adolfo>
Nov 28 03:53:03 dominios postfix/smtpd[18241]: disconnect from unknown[196.40.56.7]
Nov 28 03:53:03 dominios dovecot: pop3-login: Login: user=<web3_xxx>, method=PLAIN, rip=::ffff:196.40.56.7, lip=::ffff:192.168.0.7
Nov 28 03:53:03 dominios dovecot: pop3(web3_adolfo): Logout. top=0/0, retr=0/ del=0/0, size=0

--------------------------------
i think postconf -d (default) is not necesary...
because it is overwrited by the current ???

--------------------------------
Here is all the output from postconf -n ?
It's almost the same as the perfect setup fedora core 5

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = /etc/postfix/local-host-names
mynetworks = 192.168.0.0/24 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.2.8/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

---------------------------------
If i add manually my IP 196.40.56.7 to the mynetworks in the main.cf it works
but i can't be all day adding the clients Ips and restarting... SMTP_AUTH have to do this work. !!!
This is the correct log when the ip was added manually and the message sended ...

Nov 28 04:21:26 dominios postfix/smtpd[21532]: connect from unknown[196.40.56.7]
Nov 28 04:21:27 dominios postfix/smtpd[21532]: 26EB2D70717: client=unknown[196.40.56.7]
Nov 28 04:21:27 dominios postfix/cleanup[21534]: 26EB2D70717: message-id=<000201c712d7$19f00f20$0f00a8c0@adolfo>
Nov 28 04:21:27 dominios postfix/qmgr[21525]: 26EB2D70717: from=<adolfo@dominios.com>, size=1345, nrcpt=1 (queue active)
Nov 28 04:21:27 dominios postfix/smtpd[21532]: disconnect from unknown[196.40.56.7]
Nov 28 04:21:27 dominios dovecot: pop3-login: Login: user=<web3_xxx>, method=PLAIN, rip=::ffff:196.40.56.7, lip=::ffff:192.168.0.7
Nov 28 04:21:27 dominios dovecot: pop3(web3_xxx): Logout. top=0/0, retr=0/ del=0/0, size=0
Nov 28 04:21:27 dominios postfix/smtp[21528]: 26EB2D70717: to=<adolfo@hotmail.com>, relay=mail.hotmail.com[195.40.56.6], delay=0, status=sent (250 2.0.0 kASAeQDQ030199 Message accepted for delivery)
Nov 28 04:21:27 dominios postfix/qmgr[21525]: 26EB2D70717: removed

-----------------

Still with the same problem... !!!

Last edited by tecnicom; 28th November 2006 at 11:28.
Reply With Quote
  #6  
Old 28th November 2006, 11:13
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
i don't know why permit_sasl_authenticated,is not working....
Which mailclient are you using? For me it looks like your mailclient does not send authentication informations, as it is logged as unknown:
Quote:
unknown[196.40.56.7]
Please try another mailclient like thunderbird to see if the problem is related to the server or client.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 28th November 2006, 11:55
tecnicom tecnicom is offline
Junior Member
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Other mail clients have the same

Thanks for the hint but no luck yet.
I tried with outlook, netscape email and thunderbird with exactly the same results
My server require authentication (server login user/pass) is active.

Nov 28 04:47:47 dominios postfix/smtpd[22269]: connect from unknown[196.40.56.7]
Nov 28 04:47:47 dominios postfix/smtpd[22269]: NOQUEUE: reject: RCPT from unknown[196.40.56.7]: 554 <adolfo@test.com>: Relay access denied; from=<adolfo@dominios.com> to=<adolfo@test.com> proto=SMTP helo=<[adolfo]>
Nov 28 04:47:48 dominios postfix/smtpd[22269]: lost connection after RCPT from unknown[196.40.56.7]
Nov 28 04:47:48 dominios postfix/smtpd[22269]: disconnect from unknown[196.40.56.7]

Last edited by tecnicom; 28th November 2006 at 12:04.
Reply With Quote
  #8  
Old 28th November 2006, 12:01
tecnicom tecnicom is offline
Junior Member
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Somebody knows why ???
Another clue.... If i try from the same machine...
telnet localhost 25 i receive:
-------------------------------------------------------
Trying 192.168.0.7...
Connected to www.dominiostek.com (192.168.0.7).
Escape character is '^]'.
220 dominiostek.com ESMTP Postfix
-------------------------------------------------------
but if i try from an external machine telnet dominiostek.com 25 i just saw

220 *****************************

I don't know why ??? Is that ok ???
-------------------------------------------------------

Authenthication looks ok... because people receive emails but nobody can send...
(at least i stay all day adding the IP in mynetworks !)

I reviewed again the the file /etc/sysconfig/saslauthd has MECH=pam
but i saw some forum messages for some people using MECH=shadow. Is that ok ?

Last edited by tecnicom; 28th November 2006 at 23:24.
Reply With Quote
  #9  
Old 29th November 2006, 15:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Is 200.122.152.12 your server's public IP address? Because that's the IP address that dominiostek.com is pointing to.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 30th November 2006, 03:45
tecnicom tecnicom is offline
Junior Member
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Problem Solved. Thanks

Yes Falko and thanks for everything....

Hope i can contribute in the ISPConfig soon...
maybe with some small php programming to start
i have some expertise in php and c
i think i have some ideas to add more features soon and share it...

I solved the problem yesterday.
I deleted all the postfix files main.cf and others
and did a fresh postfix reinstall and it is working now.

I will try to change this posts to make a small mini-Howto
change IP with ISPCONFIG

ISPConfig is great...
i just saw some small problems by now:
1 - when i delete a user don't delete everything
from the mysql database etc....
and cannot create it again with the same name
2 - now it's not updating the named files and virtualusers
when creating domains and users...
(i am doing that manually)

Regards

Adolfo Oviedo / Costa Rica
http://www.tecni.com

Last edited by tecnicom; 30th November 2006 at 03:49.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
postfix smtp sasl auth problem hammer Installation/Configuration 1 13th July 2006 18:19
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "smtp" nenad Installation/Configuration 2 10th July 2006 09:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16


All times are GMT +2. The time now is 01:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.