Can't connect to Postfix

Discussion in 'Server Operation' started by Kronz, Oct 18, 2017.

  1. Kronz

    Kronz Member

    So, I can't connect to Postfix on port 465.
    It just won't do it.

    Here is my /etc/postfix/main.cf

    Code:
      
      1 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
      2
      3
      4 # Debian specific:  Specifying a file name will cause the first
      5 # line of that file to be used as the name.  The Debian default
      6 # is /etc/mailname.
      7 #myorigin = /etc/mailname
      8
      9 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    10 biff = no
    11
    12 # appending .domain is the MUA's job.
    13 append_dot_mydomain = no
    14
    15 # Uncomment the next line to generate "delayed mail" warnings
    16 #delay_warning_time = 4h
    17
    18 readme_directory = /usr/share/doc/postfix
    19
    20 # TLS parameters
    21 smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    22 smtpd_tls_key_file = /etc/postfix/smtpd.key
    23 smtpd_tls_CAfile = /etc/postfix/smtpd.pem
    24 smtpd_use_tls = yes
    25 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    26 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    27 smtpd_tls_protocols = !SSLv2,SSLv3
    28 smtpd_tls_ciphers = medium
    29 smtpd_tls_exclude_ciphers = RC4, aNULL
    30 smtpd_sasl_security_options = noplaintext
    31 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    32 # information on enabling SSL in the smtp client.
    33
    34 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    35 myhostname = ihost.bg
    36 alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    37 alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    38 myorigin = /etc/mailname
    39 mydestination = localhost, localhost.localdomain
    40 relayhost =
    41 mynetworks = 127.0.0.0/8 [::1]/128
    42 mailbox_size_limit = 0
    43 recipient_delimiter = +
    44 inet_interfaces = all
    45 inet_protocols = ipv4
    46 html_directory = /usr/share/doc/postfix/html
    47 virtual_alias_domains =
    48 virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    49 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    50 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    51 virtual_mailbox_base = /var/vmail
    52 virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    53 virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    54 sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    55 smtpd_sasl_auth_enable = yes
    56 broken_sasl_auth_clients = yes
    57 smtpd_sasl_authenticated_header = yes
    58 smtpd_restriction_classes = greylisting
    59 greylisting = check_policy_service inet:127.0.0.1:10023
    60 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    61 smtpd_tls_security_level = may
     62 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
     63 relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
     64 relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
     65 smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
     66 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_    maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
     67 smtpd_helo_required = yes
     68 smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname,     check_helo_access regexp:/etc/postfix/blacklist_helo
     69 smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc    /postfix/tag_as_foreign.re
     70 smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
     71 smtpd_client_message_rate_limit = 100
     72 maildrop_destination_concurrency_limit = 1
     73 maildrop_destination_recipient_limit = 1
     74 virtual_transport = maildrop
     75 header_checks = regexp:/etc/postfix/header_checks
     76 mime_header_checks = regexp:/etc/postfix/mime_header_checks
     77 nested_header_checks = regexp:/etc/postfix/nested_header_checks
     78 body_checks = regexp:/etc/postfix/body_checks
     79 owner_request_special = no
     80 smtp_tls_security_level = may
     81 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
     82 #smtpd_tls_protocols = !SSLv2,!SSLv3
     83 smtp_tls_protocols = !SSLv2,!SSLv3
     84 #smtpd_tls_exclude_ciphers = RC4, aNULL
     85 smtp_tls_exclude_ciphers = RC4, aNULL
     86 dovecot_destination_recipient_limit = 1
     87 smtpd_sasl_type = dovecot
     88 smtpd_sasl_path = private/auth
     89 content_filter = amavis:[127.0.0.1]:10024
     90 receive_override_options = no_address_mappings
     91 message_size_limit = 0
     92 #smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/SSL/EVTIN.HOSTING-SSL-BUNDLE.pem
    
     
  2. Kronz

    Kronz Member

    Here is my /etc/postfix/master.cf

    Code:
      1 #
      2 # Postfix master process configuration file.  For details on the format
      3 # of the file, see the master(5) manual page (command: "man 5 master" or
      4 # on-line: http://www.postfix.org/master.5.html).
      5 #
      6 # Do not forget to execute "postfix reload" after editing this file.
      7 #
      8 # ==========================================================================
      9 # service type  private unpriv  chroot  wakeup  maxproc command + args
    10 #               (yes)   (yes)   (no)    (never) (100)
    11 # ==========================================================================
    12 smtp      inet  n       -       y       -       -       smtpd
    13 #smtp      inet  n       -       y       -       1       postscreen
    14 #smtpd     pass  -       -       y       -       -       smtpd
    15 #dnsblog   unix  -       -       y       -       0       dnsblog
    16 #tlsproxy  unix  -       -       y       -       0       tlsproxy
    17 submission inet n       -       y       -       -       smtpd
    18   -o syslog_name=postfix/submission
    19   -o smtpd_tls_security_level=encrypt
    20   -o smtpd_sasl_auth_enable=yes
    21   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    22 #  -o smtpd_reject_unlisted_recipient=no
    23 #  -o smtpd_client_restrictions=$mua_client_restrictions
    24 #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    25 #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    26 #  -o smtpd_recipient_restrictions=
    27 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    28 #  -o milter_macro_daemon_name=ORIGINATING
    29 smtps     inet  n       -       y       -       -       smtpd
    30   -o syslog_name=postfix/smtps
    31   -o smtpd_tls_wrappermode=yes
    32   -o smtpd_sasl_auth_enable=yes
    33   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    34 #  -o smtpd_reject_unlisted_recipient=no
    35 #  -o smtpd_client_restrictions=$mua_client_restrictions
    36 #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    37 #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    38 #  -o smtpd_recipient_restrictions=
    39 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    40 #  -o milter_macro_daemon_name=ORIGINATING
    41 #628       inet  n       -       y       -       -       qmqpd
    42 pickup    unix  n       -       y       60      1       pickup
    43 cleanup   unix  n       -       y       -       0       cleanup
    44 qmgr      unix  n       -       n       300     1       qmgr
    45 #qmgr     unix  n       -       n       300     1       oqmgr
    46 tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    47 rewrite   unix  -       -       y       -       -       trivial-rewrite
    48 bounce    unix  -       -       y       -       0       bounce
    49 defer     unix  -       -       y       -       0       bounce
    50 trace     unix  -       -       y       -       0       bounce
    51 verify    unix  -       -       y       -       1       verify
    52 flush     unix  n       -       y       1000?   0       flush
    53 proxymap  unix  -       -       n       -       -       proxymap
    54 proxywrite unix -       -       n       -       1       proxymap
    55 smtp      unix  -       -       y       -       -       smtp
    56 relay     unix  -       -       y       -       -       smtp
    57 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    58 showq     unix  n       -       y       -       -       showq
    59 error     unix  -       -       y       -       -       error
    60 retry     unix  -       -       y       -       -       error
    61 discard   unix  -       -       y       -       -       discard
    62 local     unix  -       n       n       -       -       local
    63 virtual   unix  -       n       n       -       -       virtual
     64 lmtp      unix  -       -       y       -       -       lmtp
     65 anvil     unix  -       -       y       -       1       anvil
     66 scache    unix  -       -       y       -       1       scache
     67 #
     68 # ====================================================================
     69 # Interfaces to non-Postfix software. Be sure to examine the manual
     70 # pages of the non-Postfix software to find out what options it wants.
     71 #
     72 # Many of the following services use the Postfix pipe(8) delivery
     73 # agent.  See the pipe(8) man page for information about ${recipient}
     74 # and other message envelope options.
     75 # ====================================================================
     76 #
     77 # maildrop. See the Postfix MAILDROP_README file for details.
     78 # Also specify in main.cf: maildrop_destination_recipient_limit=1
     79 #
     80 maildrop  unix  -       n       n       -       -       pipe
     81   flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
     82 #
     83 # ====================================================================
     84 #
     85 # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
     86 #
     87 # Specify in cyrus.conf:
     88 #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
     89 #
     90 # Specify in main.cf one or more of the following:
     91 #  mailbox_transport = lmtp:inet:localhost
     92 #  virtual_transport = lmtp:inet:localhost
     93 #
     94 # ====================================================================
     95 #
     96 # Cyrus 2.1.5 (Amos Gouaux)
     97 # Also specify in main.cf: cyrus_destination_recipient_limit=1
     98 #
     99 #cyrus     unix  -       n       n       -       -       pipe
    100 #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    101 #
    102 # ====================================================================
    103 # Old example of delivery via Cyrus.
    104 #
    105 #old-cyrus unix  -       n       n       -       -       pipe
    106 #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    107 #
    108 # ====================================================================
    109 #
    110 # See the Postfix UUCP_README file for configuration details.
    111 #
    112 uucp      unix  -       n       n       -       -       pipe
    113   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    114 #
    115 # Other external delivery methods.
    116 #
    117 ifmail    unix  -       n       n       -       -       pipe
    118   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    119 bsmtp     unix  -       n       n       -       -       pipe
    120   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    121 scalemail-backend unix  -       n       n       -       2       pipe
    122   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    123 mailman   unix  -       n       n       -       -       pipe
    124   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    125   ${nexthop} ${user}
    126
    127 dovecot   unix  -       n       n       -       -       pipe
    128   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    129
    130
    131
    132 amavis     unix  -       -       y       -       2       smtp
    133     -o smtp_data_done_timeout=1200
    134     -o smtp_send_xforward_command=yes
    135 127.0.0.1:10025 inet n - n - - smtpd
    136         -o content_filter=
    137         -o local_recipient_maps=
    138         -o relay_recipient_maps=
    139         -o smtpd_restriction_classes=
    140         -o smtpd_client_restrictions=
    141         -o smtpd_helo_restrictions=
    142         -o smtpd_sender_restrictions=
    143         -o smtpd_recipient_restrictions=permit_mynetworks,reject
    144         -o mynetworks=127.0.0.0/8
    145         -o strict_rfc821_envelopes=yes
    146         -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    147         -o smtp_send_xforward_command=yes
    148         -o disable_dns_lookups=yes
    149
    150
    151 127.0.0.1:10027 inet n - n - - smtpd
    152         -o content_filter=
    153         -o local_recipient_maps=
    154         -o relay_recipient_maps=
    155         -o smtpd_restriction_classes=
    156         -o smtpd_client_restrictions=
    157         -o smtpd_helo_restrictions=
    158         -o smtpd_sender_restrictions=
    159         -o smtpd_recipient_restrictions=permit_mynetworks,reject
    160         -o mynetworks=127.0.0.0/8
    161         -o strict_rfc821_envelopes=yes
    162         -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    163         -o smtp_send_xforward_command=yes
    164             -o milter_default_action=accept
    165         -o milter_macro_daemon_name=ORIGINATING
    166         -o disable_dns_lookups=yes
    
     
  3. Kronz

    Kronz Member

    Here is my /etc/dovecot/dovecot.conf

    Code:
     1 listen = *,[::]
      2 protocols = imap pop3
      3 ssl = required
      4 verbose_ssl = no
      5 disable_plaintext_auth = no
      6 log_timestamp = "%Y-%m-%d %H:%M:%S "
      7 mail_privileged_group = vmail
      8 postmaster_address = [email protected]
      9 ssl_cert = </etc/postfix/smtpd.cert
    10 ssl_key = </etc/postfix/smtpd.key
    11 ssl_ca = </etc/postfix/smtpd.pem
    12 ssl_cipher_list = HIGH:+TLSv1:+SSLv3:!LOW:!SSLv2:!EXP:!aNULL
    13 ssl_protocols = !SSLv2
    14 mail_max_userip_connections = 100
    15 passdb {
    16   args = /etc/dovecot/dovecot-sql.conf
    17   driver = sql
    18 }
    19 userdb {
    20   driver = prefetch
    21 }
    22 userdb {
    23   args = /etc/dovecot/dovecot-sql.conf
    24   driver = sql
    25 }
    26 plugin {
    27   quota = dict:user::file:/var/vmail/%d/%n/.quotausage
    28   sieve=/var/vmail/%d/%n/.sieve
    29   sieve_max_redirects = 25
    30 }
    31 service auth {
    32   unix_listener /var/spool/postfix/private/auth {
    33     group = postfix
    34     mode = 0660
    35     user = postfix
    36   }
    37   unix_listener auth-userdb {
    38     group = vmail
    39     mode = 0600
    40     user = vmail
    41   }
    42   user = root
    43 }
    44 service lmtp {
    45   unix_listener /var/spool/postfix/private/dovecot-lmtp {
    46    group = postfix
    47    mode = 0600
    48    user = postfix
    49   }
    50 }
    51 service imap-login {
    52   client_limit = 1000
    53   process_limit = 512
    54 }
    55 protocol imap {
    56   mail_plugins = quota imap_quota
    57 }
    58 protocol pop3 {
    59   pop3_uidl_format = %08Xu%08Xv
    60   mail_plugins = quota
    61 }
    62 protocol lda {
    63 postmaster_address = [email protected]
    64   mail_plugins = sieve quota
    65 }
    66 protocol lmtp {
    67 postmaster_address = [email protected]
    68   mail_plugins = quota sieve
    69 }
    70 mail_plugins = $mail_plugins quota
    71 # Space separated list of wanted authentication mechanisms:
    72
    73 # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
    74
    75 auth_mechanisms = cram-md5
    76
    77
    78
    79 # passwd-like file with specified location
    80
    81 passdb {
    82
    83   driver = passwd-file
    84
    85   # Path for passwd-file. Also set the default password scheme.
    86
    87   args = scheme=cram-md5 /etc/cram-md5.pwd
    88
    89 }
                                                                             
    
    Dovecot works fine. I can login, but I can't connect to Postfix on port 465 and port 587 doesn't work either.

    The entire problem is that I am trying to get this stupid server PCI compliant...
     
  4. HSorgYves

    HSorgYves Active Member

    What's the output of
    Code:
    netstat -taupn | grep master
     
  5. Kronz

    Kronz Member

    I reinstalled the server in the meantime but still no luck logging into the mail system. I mean, a fresh install works, but I need to get the mail server PCI complian, which in my case means.

    -Disable plaintext
    -Force SSL on the mailing system.

    Code:
    tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN                                                     12774/master
    tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN                                                     12774/master
    tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN                                                     12774/master
    tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN                                                     12774/master
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN                                                     12774/master
    tcp6       0      0 :::587                  :::*                    LISTEN                                                     12774/master
    tcp6       0      0 :::465                  :::*                    LISTEN                                                     12774/master
    tcp6       0      0 :::25                   :::*                    LISTEN                                                     12774/master
    
     
  6. HSorgYves

    HSorgYves Active Member

    Can you telnet to the port 465 on the system? Maybe a firewall is blocking the access...
     
  7. Kronz

    Kronz Member

    So, here are the new config files:

    main.cf:

    Code:
     1 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
      2
      3
      4 # Debian specific:  Specifying a file name will cause the first
      5 # line of that file to be used as the name.  The Debian default
      6 # is /etc/mailname.
      7 #myorigin = /etc/mailname
      8
      9 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    10 biff = no
    11
    12 # appending .domain is the MUA's job.
    13 append_dot_mydomain = no
    14
    15 # Uncomment the next line to generate "delayed mail" warnings
    16 #delay_warning_time = 4h
    17
    18 readme_directory = /usr/share/doc/postfix
    19
    20 # TLS parameters
    21 smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    22 smtpd_tls_key_file = /etc/postfix/smtpd.key
    23 smtpd_use_tls = yes
    24 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    25 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    26
    27 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    28 # information on enabling SSL in the smtp client.
    29
    30 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    31 myhostname = ihost.bg
    32 alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    33 alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    34 myorigin = /etc/mailname
    35 mydestination = localhost, localhost.localdomain
    36 relayhost =
    37 mynetworks = 127.0.0.0/8 [::1]/128
    38 mailbox_size_limit = 0
    39 recipient_delimiter = +
    40 inet_interfaces = all
    41 inet_protocols = all
    42 html_directory = /usr/share/doc/postfix/html
    43 virtual_alias_domains =
    44 virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email    2email.cf
    45 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    46 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    47 virtual_mailbox_base = /var/vmail
    48 virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    49 virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    50 sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    51 smtpd_sasl_auth_enable = yes
    52 broken_sasl_auth_clients = yes
    53 smtpd_sasl_authenticated_header = yes
    54 smtpd_restriction_classes = greylisting
    55 greylisting = check_policy_service inet:127.0.0.1:10023
    56 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access m    ysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    57 smtpd_tls_security_level = may
    58 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    59 relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    60 relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    61 smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    62 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $r    elay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_    maps
    63 smtpd_helo_required = yes
    64 smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_    hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    65 smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:    /etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    66 smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    67 smtpd_client_message_rate_limit = 100
    68 maildrop_destination_concurrency_limit = 1
    69 maildrop_destination_recipient_limit = 1
    70 virtual_transport = dovecot
    71 header_checks = regexp:/etc/postfix/header_checks
    72 mime_header_checks = regexp:/etc/postfix/mime_header_checks
    73 nested_header_checks = regexp:/etc/postfix/nested_header_checks
    74 body_checks = regexp:/etc/postfix/body_checks
    75 owner_request_special = no
    76 smtp_tls_security_level = may
    77 smtpd_tls_mandatory_protocols = !SSLv3, TLSv1
    78 smtpd_tls_protocols = !SSLv3, TLSv1
    79 smtp_tls_protocols = !SSLv3, TLSv1
    80 smtpd_tls_mandatory_ciphers = medium, high
    81 tls_medium_cipherlist = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SH    A256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES    128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES
    82 smtpd_tls_exclude_ciphers = RC4, aNULL
    83 smtp_tls_exclude_ciphers = RC4, aNULL
    84 dovecot_destination_recipient_limit = 1
    85 smtpd_sasl_type = dovecot
    86 smtpd_sasl_path = private/auth
    87 content_filter = amavis:[127.0.0.1]:10024
    88 smtp_sasl_security_options = noanonymous, noplaintext
    89 smtp_sasl_tls_security_options = noanonymous
    90 smtpd_sasl_security_options = noanonymous, noplaintext
    91 smtpd_sasl_tls_security_options = noanonymous
    92 receive_override_options = no_address_mappings
    
     
  8. Kronz

    Kronz Member

    dovecot.conf

    Code:
     1 listen = *,[::]
      2 ssl = required
      3 verbose_ssl = no
      4 protocols = imap pop3
      5 ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
      6 auth_mechanisms = plain login
      7 disable_plaintext_auth = yes
      8 log_timestamp = "%Y-%m-%d %H:%M:%S "
      9 mail_privileged_group = vmail
    10 postmaster_address = [email protected]
    11 ssl_cert = </etc/postfix/smtpd.cert
    12 ssl_key = </etc/postfix/smtpd.key
    13 ssl_ca = </etc/postfix/bundle.pem
    14 ssl_protocols = SSLv3
    15 mail_max_userip_connections = 100
    16 passdb {
    17   args = /etc/dovecot/dovecot-sql.conf
    18   driver = sql
    19 }
    20 userdb {
    21   driver = prefetch
    22 }
    23 userdb {
    24   args = /etc/dovecot/dovecot-sql.conf
    25   driver = sql
    26 }
    27 plugin {
    28   quota = dict:user::file:/var/vmail/%d/%n/.quotausage
    29   sieve=/var/vmail/%d/%n/.sieve
    30   sieve_max_redirects = 25
    31 }
    32 service auth {
    33   unix_listener /var/spool/postfix/private/auth {
    34     group = postfix
    35     mode = 0660
    36     user = postfix
    37   }
    38   unix_listener auth-userdb {
    39     group = vmail
    40     mode = 0600
    41     user = vmail
    42   }
    43   user = root
    44 }
    45 service lmtp {
    46   unix_listener /var/spool/postfix/private/dovecot-lmtp {
    47    group = postfix
    48    mode = 0600
    49    user = postfix
    50   }
    51 }
    52 service imap-login {
    53   client_limit = 1000
    54   process_limit = 512
    55 }
    56 protocol imap {
    57   mail_plugins = quota imap_quota
    58 }
    59 protocol pop3 {
    60   pop3_uidl_format = %08Xu%08Xv
    61   mail_plugins = quota
    62 }
    63 protocol lda {
    64 postmaster_address = [email protected]
    65   mail_plugins = sieve quota
    66 }
    67 protocol lmtp {
    68 postmaster_address = [email protected]
    69   mail_plugins = quota sieve
    70 }
    71 mail_plugins = $mail_plugins quota
    
     
  9. Kronz

    Kronz Member

    And here is the config file for Roundcube, which simply isn't connecting anymore
    https://ihost.bg/defaults.inc.php.txt

    This is Roundcube's error log:
    Code:
    [19-Oct-2017 13:51:02 +0300]: <dhtkj22p> IMAP Error: Login failed for admin from 84.40.78.192. Empty startup greeting (localhost:993) in /usr/share/nginx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=login&_action=login)
    [19-Oct-2017 13:53:52 +0300]: <dhtkj22p> IMAP Error: Login failed for admin from 84.40.78.192. Empty startup greeting (localhost:993) in /usr/share/nginx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=login&_action=login)
    [19-Oct-2017 14:03:02 +0300]: <dhtkj22p> IMAP Error: Login failed for admin from 84.40.78.192. Empty startup greeting (localhost:993) in /usr/share/nginx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=login&_action=login)
    
    OK SO I got Dovecot working! My Android phone with BlueMail can login fine! But the very second I touch the Postfix config, Postfix stops accepting logins!

    Roundcube still can't login to the server.

    Dovecot and Postfix are listening on their respective ports

    Code:
    [email protected]:/usr/share/nginx/roundcubemail/logs# netstat -tlpn | egrep "465|993"
    tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      26702/master
    tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      24674/dovecot
    tcp6       0      0 :::465                  :::*                    LISTEN      26702/master
    tcp6       0      0 :::993                  :::*                    LISTEN      24674/dovecot
    
     
    Last edited: Oct 19, 2017

Share This Page