Mail Probs

Discussion in 'Installation/Configuration' started by n2s, Sep 14, 2005.

  1. n2s

    n2s New Member

    Hi there,

    I'm new here, I installed Suse 9.3 with the The Perfect Setup guide and it worked out quite well (reading the forum, thanx :) ).
    Unfortunately I still have two problems left regarding postfix.

    It's not possible to send mail over a SMTP-SSL connection (receiving works fine), I always get warnings in the log (not sure that's the reason):

    postfix/smtpd[18593]: warning: connect to private/tlsmgr: Connection refused
    postfix/smtpd[18593]: warning: problem talking to server private/tlsmgr: Connection refused
    postfix/smtpd[18593]: warning: connect to private/tlsmgr: Connection refused
    postfix/smtpd[18593]: warning: problem talking to server private/tlsmgr: Connection refused
    postfix/smtpd[18593]: warning: no entropy for TLS key generation: disabling TLS support


    Second, I can't receive mails. The mails are always returned with the message:

    Final-Recipient: RFC822; xxx@yyyyyyyyy.yy
    Action: failed
    Status: 5.0.0
    Remote-MTA: DNS; yyyyyyyyy.yy
    Diagnostic-Code: SMTP; 554 <xxx@yyyyyyyyy.yy>: Recipient address rejected: Access denied
    Last-Attempt-Date: Wed, 14 Sep 2005 13:48:08 +0200 (MEST)


    Producing the following log entries:

    postfix/smtpd[18593]: connect from natfrord.rzone.de[81.169.145.161]
    postfix/smtpd[18593]: NOQUEUE: reject: RCPT from natfrord.rzone.de[81.169.145.161]: 554 <xxx@yyyyyyyyy.yy>: Recipient address rejected: Access denied; from=<zzzzzz@zzzzzzz.zz> to=<xxx@yyyyyyyyy.yy> proto=ESMTP helo=<natfrord.rzone.de>
    disconnect from natfrord.rzone.de[81.169.145.161]


    The domains appears in /etc/postfix/local-host-names, and /etc/postfix/local-host-names seems ok, too.

    Any idea why this is happening?

    Regards,
    n2s
     
  2. falko

    falko Super Moderator

    Did you create the certificate according to the SuSE 9.3 howto?

    Check if you have inet_interfaces = all in /etc/postfix/main.cf.
     
  3. n2s

    n2s New Member

    Yes, I have inet_interfaces = all and I followed the howto.
     
  4. till

    till Super Moderator

    Try to restart the mail specific services postfix, sasl and fam.
     
  5. n2s

    n2s New Member

    No effect.

    I figured out the receiving problem, I had a wrong entry in smtpd_recipient_restrictions. I changed it because it was (and is know again) possible to send emails without an authentication :( !
    Has anyone tried this on Suse 9.3 using the how-to installation?
    I’ am only requested to use SMTP Auth when I remove the option check_relay_domains from smtpd_recipient_restrictions with the result that all incoming mails are rejected.

    And I'm still able to send mails with SSL.
    Any clues?
     
  6. falko

    falko Super Moderator

    Yes, me! :D
    Hm, let me think a little bit about it... :confused:

    Can you post /etc/postfix/main.cf here?
     
  7. n2s

    n2s New Member

    Here it is:
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    mail_owner = postfix
    unknown_local_recipient_reject_code = 550
    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    html_directory = /usr/share/doc/packages/postfix/html
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/packages/postfix/samples
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    #virtual_maps = hash:/etc/postfix/virtual
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname = XXXXX.$mydomain
    program_directory = /usr/lib/postfix
    inet_interfaces = all
    masquerade_domains =
    #mydestination = $myhostname, localhost.$mydomain
    defer_transports =
    disable_dns_lookups = no
    relayhost =
    mailbox_command =
    mailbox_transport =
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions =
    smtpd_helo_required = no
    smtpd_helo_restrictions =
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = yes
    smtpd_use_tls = yes
    smtp_use_tls = yes
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 10240000
    mydomain = XXXXXXXXXX.XXX
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/
    
    virtual_maps = hash:/etc/postfix/virtusertable
    
    mydestination = /etc/postfix/local-host-names
    
    I followed the install instructions on a Strato Box with a new Suse 9.3 installation ;)
     
  8. falko

    falko Super Moderator

    Try to set mailbox_size_limit to a value bigger than message_size_limit, e.g.

    Code:
    mailbox_size_limit = 50000000
    and restart Postfix afterwards:
    Code:
    /etc/init.d/postfix restart
     
  9. n2s

    n2s New Member

    Just tried it, does not work. Still got this strange “postfix/smtpd[13828]: warning: connect to private/tlsmgr: Connection refused” warning if I try to connect over SLL to SMTP and still could send messages with SMTP without using AUTH.

    Thanks for your help so far ;) . Any other idea?
     
  10. n2s

    n2s New Member

    It’s been solved! Had to uncomment the tlsmgr entry in master.cf, seems I overlooked that :eek: .

    However, what is about the possibility to send mails without using authentication :confused: ? How could I prevent that?
     
  11. falko

    falko Super Moderator

    Just to find out why your server doesn't require authentication:
    - Do you send directly from the server?
    - Do you send from within a network which is specified in mynetworks in /etc/postfix/main.cf?
    - Do you send to a recipient who's on the server?

    In all these cases you don't need to authenticate. You only need to authenticate if you want to send a mail from a remote PC to a recipient who's not on your server.
     
  12. n2s

    n2s New Member

    Many thanks for your support falko. I only tried to send mail to a to a recipient who's on the server ;)

    So far I’m very happy with ISPConfig!

    n2s
     

Share This Page