email problem connection refused

Discussion in 'ISPConfig 3 Priority Support' started by Tom John, Dec 24, 2020.

  1. Tom John

    Tom John Member HowtoForge Supporter

  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Which port are you connecting to? Did you open that port in the firewall? Do you have the correct TLS/SSL setting selected? Is Postfix running on that server?
     
  3. Tom John

    Tom John Member HowtoForge Supporter

    Hi
    thanks for your answer.
    postfix is running
    receiving port 993 - TLS on a dedicated port
    sending port 465 - TLS on a dedicated port
    other connections seem to be possible, at last someone try to connect.
    Code:
    Dec 24 21:01:48 server4 postfix/smtpd[928944]: disconnect from unknown[45.142.120.180] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Dec 24 21:01:48 server4 postfix/smtpd[929174]: disconnect from unknown[45.142.120.79] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Dec 24 21:01:48 server4 postfix/smtpd[928687]: connect from unknown[45.142.120.79]
    Dec 24 21:01:49 server4 postfix/smtpd[929026]: warning: unknown[45.142.120.79]: SASL LOGIN authentication failed: Connection lost to authentication server
    Dec 24 21:01:50 server4 postfix/smtpd[929026]: disconnect from unknown[45.142.120.79] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    
    
    the listen command
    Code:
    [email protected]:~# sudo netstat -ntlp | grep LISTEN
    
    returns:
    Code:
    tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1862/dovecot      
    tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      1862/dovecot      
    tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      2198/amavisd-new (m
    tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      2502/master        
    tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      2198/amavisd-new (m
    tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN      2502/master        
    tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      438/memcached      
    tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      1862/dovecot      
    tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1862/dovecot      
    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      631/apache2        
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      631/apache2        
    tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      631/apache2        
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      821/pure-ftpd (SERV
    tcp        0      0 167.86.78.111:53        0.0.0.0:*               LISTEN      439/named          
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      439/named          
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      382/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      475/sshd: /usr/sbin
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2502/master        
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      439/named          
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      631/apache2        
    tcp6       0      0 :::993                  :::*                    LISTEN      1862/dovecot      
    tcp6       0      0 :::995                  :::*                    LISTEN      1862/dovecot      
    tcp6       0      0 :::3306                 :::*                    LISTEN      558/mysqld        
    tcp6       0      0 :::110                  :::*                    LISTEN      1862/dovecot      
    tcp6       0      0 :::143                  :::*                    LISTEN      1862/dovecot      
    tcp6       0      0 :::21                   :::*                    LISTEN      821/pure-ftpd (SERV
    tcp6       0      0 :::22                   :::*                    LISTEN      475/sshd: /usr/sbin
    tcp6       0      0 :::25                   :::*                    LISTEN      2502/master        
    
    
    when i send a message to this account i get the mail back:
    Code:
    This is a system-generated message to inform you that your email could not
    be delivered to one or more recipients. Details of the email and the error are as follows:
    
    
    <[email protected]>: host discount-webdesign.com[167.86.78.111]
        said: 554 5.7.1 <st43p00im-ztbu10063601.me.com[17.58.63.174]>: Client host
        rejected: Access denied (in reply to RCPT TO command)
    
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    "Someone else" connected on port 25, not port 465 - you don't have that enabled. Refer back to your perfect server guide for editing master.cf, and maybe run through the whole thing and double-check everything while there.

    This is a different problem that requires more information. See where things are at after re-viewing your setup per the perfect server guide, and if you still have a problem, post details.
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    465 is SSL, not TLS. 587 is TLS. 993 is SSL aswell, not TLS.
     
  6. Tom John

    Tom John Member HowtoForge Supporter

    Hi,
    thanks for your answer.
    i moved the account to another server with a new configuration according to the perfect server and i have the same problem. The port 993 is open but the port 465 and 587 is not open as well same like on the other server.
    i dont think i missed the same thing on both servers.

    editing master.cf from there i should do every step again? so as well install mysql and all this? can i do it on a running server where are running domains?
    thanks for your help
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share the output of
    Code:
    ufw status
    ? Did you change the TLS/SSL setting?

    Can you share the master.cf?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Th0m likes this.
  9. Tom John

    Tom John Member HowtoForge Supporter

    hi there,
    thanks a lot for your kind answers, here are the results:
    btw i did not change the ssl / tls settings.
    on the new server which i installed completely new according to the perfect server :

    the master.cf
    Code:
    [email protected]:~# cat /etc/postfix/master.cf
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    #submission inet n       -       y       -       -       smtpd
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       y       -       -       smtpd
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix    -    n    n    -    2    pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
            -o smtp_bind_address=
    
    
    127.0.0.1:10025 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
    
    
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o milter_default_action=accept
            -o milter_macro_daemon_name=ORIGINATING
            -o disable_dns_lookups=yes
    
    
    ufw status
    Code:
    [email protected]:~# ufw status
    Status: inactive
    [email protected]:~#
    
    
     
  10. Tom John

    Tom John Member HowtoForge Supporter

    and here is the report.txt of the script:
    Code:
    [email protected]:~# wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php
    
    ##### SCRIPT FINISHED #####
    Results can be found in htf_report.txt
    To view results use your favourite text editor or type 'cat htf_report.txt | more' on the server console.
    
    If you want to see the non-anonymized output start the script with --debug as parameter (php -q htf-common-issues.php --debug).
    
    [email protected]:~# cat htf_report.txt | more
    
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 20.04.1 LTS
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2dev20201126
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.4.3
    
    ##### PORT CHECK #####
    
    [WARN] Port 465 (SMTP server SSL) seems NOT to be listening
    
    ##### MAIL SERVER CHECK #####
    
    [WARN] I found no "submission" entry in your postfix master.cf
    [INFO] this is not critical, but if you want to offer port 587 for smtp connecti
    ons you have to enable this.
    [WARN] I found no "smtps" entry in your postfix master.cf
    [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) con
    nections you have to enable this.
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
        Apache 2 (PID 2143464)
    [INFO] I found the following mail server(s):
        Postfix (PID 1445)
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 813)
    [INFO] I found the following imap server(s):
        Dovecot (PID 813)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 611)
    
    ##### LISTENING PORTS #####
    (only        ()
    Local        (Address)
    [anywhere]:993        (813/dovecot)
    [anywhere]:995        (813/dovecot)
    [localhost]:10024        (1107/amavisd-new)
    [localhost]:10025        (1445/master)
    [localhost]:10026        (1107/amavisd-new)
    [localhost]:10027        (1445/master)
    [localhost]:11211        (411/memcached)
    [anywhere]:110        (813/dovecot)
    [anywhere]:143        (813/dovecot)
    [anywhere]:8080        (2143464/apache2)
    [anywhere]:80        (2143464/apache2)
    [anywhere]:8081        (2143464/apache2)
    [anywhere]:21        (611/pure-ftpd)
    ***.***.***.***:53        (412/named)
    [localhost]:53        (412/named)
    ***.***.***.***:53        (357/systemd-resolve)
    [anywhere]:22        (449/sshd:)
    [anywhere]:25        (1445/master)
    [localhost]:953        (412/named)
    [anywhere]:443        (2143464/apache2)
    *:*:*:*::*:993        (813/dovecot)
    *:*:*:*::*:995        (813/dovecot)
    *:*:*:*::*:3306        (2664331/mysqld)
    [localhost]10        (813/dovecot)
    [localhost]43        (813/dovecot)
    *:*:*:*::*:21        (611/pure-ftpd)
    *:*:*:*::*:22        (449/sshd:)
    *:*:*:*::*:25        (1445/master)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    f2b-pure-ftpd  tcp  --  [anywhere]/0            [anywhere]/0            multipor
    t dports 21
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dp
    orts 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain f2b-pure-ftpd (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with i
    cmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icm
    p-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icm
    p-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with i
    cmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with 
    icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with 
    icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0     
    
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Like the script told you, your master.cf is not correct. Please compare it with the perfect server tutorial's master.cf and change it accordingly.
     
  12. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    your master.cf is wrong - you commented a lot of lines (#) which are required:
    Code:
    smtps     inet  n       -       y       -       -       smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    submission inet n       -       y       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    
     
  13. Tom John

    Tom John Member HowtoForge Supporter

    Hi guys,
    it was so easy and i am sorry that i bothered you with this.
    the problem was in the master.cf and it was obvious, i dont know why i did not see it.
    Right a lot was commented and this was the fault.
    thanks all of you for your kind help and next time i try to review a bit better..
     
  14. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    No problem, I'm glad you resolved it.

    Merry christmas!
     

Share This Page