new install dovecot port465/587 issue

Discussion in 'Installation/Configuration' started by mashton, Mar 25, 2013.

  1. mashton

    mashton New Member

    Hi all,

    I had to quickly move servers, so did a fresh install of ispconfig2 on a new centos 6.4 box, since I did not have time to learn ispconfig3 and move all 180 sites.

    Install went fine, then using this thread http://www.howtoforge.com/forums/showthread.php?t=2717&highlight=move+ispconfig&page=19 we moved the server over.

    All went well with the exception of smtp is now only working on port 25, and for the life of me I can not figure out why 465 & 587 are not working.

    Now looking into things, yum installed Dovecot 2.0.9 which may be my issue but running
    only shows
    So not sure if I should revert back, old server was running dovecot 1.0.7 or if there is another work around.

    thanks,

    Mike
     
  2. mashton

    mashton New Member

    More information

    nobody have any ideas? I see over 50 of you have looked......

    Here is my postfix and dovecot configs to see if anyone sees anything glaring wrong.

    postfix

    main.cf ( alter/masked domain and ip )
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    inet_interfaces = all
    inet_protocols = all
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             ddd $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    mynetworks = 127.0.0.0/8,xx.xx.xx.xx/28
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    myhostname = host01.mydomain.com
    home_mailbox = Maildir/
    mailbox_command =
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    
    master.cf
    Code:
    smtp      inet  n       -       n       -       -       smtpd
    smtps     inet  n       -       n       -       -       smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    pickup    fifo  n       -       n       60      1       pickup
    cleanup   unix  n       -       n       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       n       -       -       trivial-rewrite
    bounce    unix  -       -       n       -       0       bounce
    defer     unix  -       -       n       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       n       -       -       smtp
    relay     unix  -       -       n       -       -       smtp
            -o smtp_fallback_relay=
    showq     unix  n       -       n       -       -       showq
    error     unix  -       -       n       -       -       error
    retry     unix  -       -       n       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    old-cyrus unix  -       n       n       -       -       pipe
      flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
    cyrus     unix  -       n       n       -       -       pipe
      user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    
    dovecot.conf
    Code:
    protocols = imap pop3
    dict {
    }
    !include conf.d/*.conf
    
    I've also included all the dovecot/conf.d files uncommented lines.

    Code:
    10-auth.conf:disable_plaintext_auth = no
    10-auth.conf:auth_mechanisms = plain
    10-auth.conf:!include auth-system.conf.ext
    10-director.conf:service director {
    10-director.conf:  unix_listener login/director {
    10-director.conf:  }
    10-director.conf:  fifo_listener login/proxy-notify {
    10-director.conf:  }
    10-director.conf:  unix_listener director-userdb {
    10-director.conf:  }
    10-director.conf:  inet_listener {
    10-director.conf:  }
    10-director.conf:}
    10-director.conf:service imap-login {
    10-director.conf:}
    10-director.conf:service pop3-login {
    10-director.conf:}
    10-director.conf:protocol lmtp {
    10-director.conf:}
    10-logging.conf:plugin {
    10-logging.conf:}
    10-mail.conf:mail_location = maildir:~/Maildir
    10-mail.conf:mbox_write_locks = fcntl
    10-master.conf:service imap-login {
    10-master.conf:  inet_listener imap {
    10-master.conf:  }
    10-master.conf:  inet_listener imaps {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service pop3-login {
    10-master.conf:  inet_listener pop3 {
    10-master.conf:  }
    10-master.conf:  inet_listener pop3s {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service lmtp {
    10-master.conf:  unix_listener lmtp {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service imap {
    10-master.conf:}
    10-master.conf:service pop3 {
    10-master.conf:}
    10-master.conf:service auth {
    10-master.conf:  unix_listener auth-userdb {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service auth-worker {
    10-master.conf:}
    10-master.conf:service dict {
    10-master.conf:  unix_listener dict {
    10-master.conf:  }
    10-master.conf:}
    10-ssl.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
    10-ssl.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem
    15-lda.conf:protocol lda {
    15-lda.conf:}
    20-imap.conf:protocol imap {
    20-imap.conf:}
    20-lmtp.conf:protocol lmtp {
    20-lmtp.conf:}
    20-pop3.conf:protocol pop3 {
    20-pop3.conf:}
    90-acl.conf:plugin {
    90-acl.conf:}
    90-acl.conf:plugin {
    90-acl.conf:}
    90-plugin.conf:plugin {
    90-plugin.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    dovecot-new.conf:disable_plaintext_auth = no
    dovecot-new.conf:mail_location = maildir:~/Maildir
    dovecot-new.conf:mbox_write_locks = fcntl
    dovecot-new.conf:passdb {
    dovecot-new.conf:  driver = pam
    dovecot-new.conf:}
    dovecot-new.conf:protocols = imap pop3
    dovecot-new.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
    dovecot-new.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem
    dovecot-new.conf:userdb {
    dovecot-new.conf:  driver = passwd
    dovecot-new.conf:}
    
    
    Again, any help would be appreciated.

    Mike
     
  3. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Those ports can be configured in /etc/postfix/master.cf. Dovecot has nothing to do with this. Can you post your full master.cf?
     
  4. mashton

    mashton New Member

    Here is my master.cf

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       n       -       -       smtpd
    #submission inet n       -       n       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_sasl_type=dovecot
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       n       -       -       smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       n       -       -       qmqpd
    pickup    fifo  n       -       n       60      1       pickup
    cleanup   unix  n       -       n       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       n       -       -       trivial-rewrite
    bounce    unix  -       -       n       -       0       bounce
    defer     unix  -       -       n       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       n       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       n       -       -       smtp
            -o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       n       -       -       showq
    error     unix  -       -       n       -       -       error
    retry     unix  -       -       n       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # The Cyrus deliver program has changed incompatibly, multiple times.
    #
    old-cyrus unix  -       n       n       -       -       pipe
      flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    cyrus     unix  -       n       n       -       -       pipe
      user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # ====================================================================
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    #
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    #
    #scalemail-backend unix -       n       n       -       2       pipe
    #  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
    #  ${nexthop} ${user} ${extension}
    #
    #mailman   unix  -       n       n       -       -       pipe
    #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    #  ${nexthop} ${user}
    
    
    Thanks
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please uncomment the following lines as well and restart Postfix:
    Code:
    submission inet n       -       n       -       -       smtpd
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_sasl_type=dovecot
     
  6. mashton

    mashton New Member

    Hi Falko,

    Did the change restarted postfix and no change. I can still connect using port 25 w TLS but not to 465 or 587. Firewall is not blocking them either.

    Stumped.
     
  7. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the output of
    Code:
    iptables -L
    ?

    Is SELinux disabled?
     
  8. mashton

    mashton New Member

    Falko,

    Here is the results:

    Code:
    iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       tcp  --  anywhere             loopback/8
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  base-address.mcast.net/4  anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    
    Chain INT_IN (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PAROLE (10 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PUB_IN (4 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:81
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
    DROP       icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain PUB_OUT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain fail2ban-SSH (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Code:
    # selinuxenabled && echo enabled || echo disabled
    disabled
    
    # cat /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    #SELINUX=enforcing
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
    
    Thanks, Mike
     
  9. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You must open the ports 465 and 587 in your firewall.
     

Share This Page