new install dovecot port465/587 issue

Discussion in 'Installation/Configuration' started by mashton, Mar 25, 2013.

  1. mashton

    mashton New Member

    Hi all,

    I had to quickly move servers, so did a fresh install of ispconfig2 on a new centos 6.4 box, since I did not have time to learn ispconfig3 and move all 180 sites.

    Install went fine, then using this thread http://www.howtoforge.com/forums/showthread.php?t=2717&highlight=move+ispconfig&page=19 we moved the server over.

    All went well with the exception of smtp is now only working on port 25, and for the life of me I can not figure out why 465 & 587 are not working.

    Now looking into things, yum installed Dovecot 2.0.9 which may be my issue but running
    only shows
    So not sure if I should revert back, old server was running dovecot 1.0.7 or if there is another work around.

    thanks,

    Mike
     
  2. mashton

    mashton New Member

    More information

    nobody have any ideas? I see over 50 of you have looked......

    Here is my postfix and dovecot configs to see if anyone sees anything glaring wrong.

    postfix

    main.cf ( alter/masked domain and ip )
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    inet_interfaces = all
    inet_protocols = all
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             ddd $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    mynetworks = 127.0.0.0/8,xx.xx.xx.xx/28
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    myhostname = host01.mydomain.com
    home_mailbox = Maildir/
    mailbox_command =
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    
    master.cf
    Code:
    smtp      inet  n       -       n       -       -       smtpd
    smtps     inet  n       -       n       -       -       smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    pickup    fifo  n       -       n       60      1       pickup
    cleanup   unix  n       -       n       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       n       -       -       trivial-rewrite
    bounce    unix  -       -       n       -       0       bounce
    defer     unix  -       -       n       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       n       -       -       smtp
    relay     unix  -       -       n       -       -       smtp
            -o smtp_fallback_relay=
    showq     unix  n       -       n       -       -       showq
    error     unix  -       -       n       -       -       error
    retry     unix  -       -       n       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    old-cyrus unix  -       n       n       -       -       pipe
      flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
    cyrus     unix  -       n       n       -       -       pipe
      user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    
    dovecot.conf
    Code:
    protocols = imap pop3
    dict {
    }
    !include conf.d/*.conf
    
    I've also included all the dovecot/conf.d files uncommented lines.

    Code:
    10-auth.conf:disable_plaintext_auth = no
    10-auth.conf:auth_mechanisms = plain
    10-auth.conf:!include auth-system.conf.ext
    10-director.conf:service director {
    10-director.conf:  unix_listener login/director {
    10-director.conf:  }
    10-director.conf:  fifo_listener login/proxy-notify {
    10-director.conf:  }
    10-director.conf:  unix_listener director-userdb {
    10-director.conf:  }
    10-director.conf:  inet_listener {
    10-director.conf:  }
    10-director.conf:}
    10-director.conf:service imap-login {
    10-director.conf:}
    10-director.conf:service pop3-login {
    10-director.conf:}
    10-director.conf:protocol lmtp {
    10-director.conf:}
    10-logging.conf:plugin {
    10-logging.conf:}
    10-mail.conf:mail_location = maildir:~/Maildir
    10-mail.conf:mbox_write_locks = fcntl
    10-master.conf:service imap-login {
    10-master.conf:  inet_listener imap {
    10-master.conf:  }
    10-master.conf:  inet_listener imaps {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service pop3-login {
    10-master.conf:  inet_listener pop3 {
    10-master.conf:  }
    10-master.conf:  inet_listener pop3s {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service lmtp {
    10-master.conf:  unix_listener lmtp {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service imap {
    10-master.conf:}
    10-master.conf:service pop3 {
    10-master.conf:}
    10-master.conf:service auth {
    10-master.conf:  unix_listener auth-userdb {
    10-master.conf:  }
    10-master.conf:}
    10-master.conf:service auth-worker {
    10-master.conf:}
    10-master.conf:service dict {
    10-master.conf:  unix_listener dict {
    10-master.conf:  }
    10-master.conf:}
    10-ssl.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
    10-ssl.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem
    15-lda.conf:protocol lda {
    15-lda.conf:}
    20-imap.conf:protocol imap {
    20-imap.conf:}
    20-lmtp.conf:protocol lmtp {
    20-lmtp.conf:}
    20-pop3.conf:protocol pop3 {
    20-pop3.conf:}
    90-acl.conf:plugin {
    90-acl.conf:}
    90-acl.conf:plugin {
    90-acl.conf:}
    90-plugin.conf:plugin {
    90-plugin.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    90-quota.conf:plugin {
    90-quota.conf:}
    dovecot-new.conf:disable_plaintext_auth = no
    dovecot-new.conf:mail_location = maildir:~/Maildir
    dovecot-new.conf:mbox_write_locks = fcntl
    dovecot-new.conf:passdb {
    dovecot-new.conf:  driver = pam
    dovecot-new.conf:}
    dovecot-new.conf:protocols = imap pop3
    dovecot-new.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
    dovecot-new.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem
    dovecot-new.conf:userdb {
    dovecot-new.conf:  driver = passwd
    dovecot-new.conf:}
    
    
    Again, any help would be appreciated.

    Mike
     
  3. falko

    falko Super Moderator

    Those ports can be configured in /etc/postfix/master.cf. Dovecot has nothing to do with this. Can you post your full master.cf?
     
  4. mashton

    mashton New Member

    Here is my master.cf

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       n       -       -       smtpd
    #submission inet n       -       n       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_sasl_type=dovecot
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       n       -       -       smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       n       -       -       qmqpd
    pickup    fifo  n       -       n       60      1       pickup
    cleanup   unix  n       -       n       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       n       -       -       trivial-rewrite
    bounce    unix  -       -       n       -       0       bounce
    defer     unix  -       -       n       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       n       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       n       -       -       smtp
            -o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       n       -       -       showq
    error     unix  -       -       n       -       -       error
    retry     unix  -       -       n       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # The Cyrus deliver program has changed incompatibly, multiple times.
    #
    old-cyrus unix  -       n       n       -       -       pipe
      flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    cyrus     unix  -       n       n       -       -       pipe
      user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # ====================================================================
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    #
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    #
    #scalemail-backend unix -       n       n       -       2       pipe
    #  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
    #  ${nexthop} ${user} ${extension}
    #
    #mailman   unix  -       n       n       -       -       pipe
    #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    #  ${nexthop} ${user}
    
    
    Thanks
     
  5. falko

    falko Super Moderator

    Please uncomment the following lines as well and restart Postfix:
    Code:
    submission inet n       -       n       -       -       smtpd
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_sasl_type=dovecot
     
  6. mashton

    mashton New Member

    Hi Falko,

    Did the change restarted postfix and no change. I can still connect using port 25 w TLS but not to 465 or 587. Firewall is not blocking them either.

    Stumped.
     
  7. falko

    falko Super Moderator

    What's the output of
    Code:
    iptables -L
    ?

    Is SELinux disabled?
     
  8. mashton

    mashton New Member

    Falko,

    Here is the results:

    Code:
    iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       tcp  --  anywhere             loopback/8
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  base-address.mcast.net/4  anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    
    Chain INT_IN (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PAROLE (10 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PUB_IN (4 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:81
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
    DROP       icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain PUB_OUT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain fail2ban-SSH (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Code:
    # selinuxenabled && echo enabled || echo disabled
    disabled
    
    # cat /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    #SELINUX=enforcing
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
    
    Thanks, Mike
     
  9. falko

    falko Super Moderator

    You must open the ports 465 and 587 in your firewall.
     

Share This Page