Postfix SMTP Problem

Discussion in 'Installation/Configuration' started by drub4n, Aug 29, 2009.

  1. drub4n

    drub4n New Member

    I've installed following the perfect tutorial.
    Everything is fine now except this : I cannot have the smtp running well

    with netstat, I got :

    Code:
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      18719/master
    postconf -n give :
    Code:
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    append_dot_mydomain = no
    biff = no
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    content_filter = amavis:[127.0.0.1]:10024
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    mailbox_size_limit = 0
    message_size_limit = 0
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = mail.mydomain.net, localhost, localhost.localdomain
    myhostname = mail.mydomain.net
    mynetworks = 127.0.0.0/8 [::1]/128
    myorigin = /etc/mailname
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    readme_directory = /usr/share/doc/postfix
    receive_override_options = no_address_mappings
    recipient_delimiter = +
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relayhost =
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_use_tls = yes
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_transport = maildrop
    virtual_uid_maps = static:5000


    nmap mydomain.net on localhost give :
    Code:
    Not shown: 1702 closed ports
    PORT     STATE SERVICE
    21/tcp   open  ftp
    22/tcp   open  ssh
    25/tcp   open  smtp
    53/tcp   open  domain
    80/tcp   open  http
    110/tcp  open  pop3
    111/tcp  open  rpcbind
    143/tcp  open  imap
    443/tcp  open  https
    993/tcp  open  imaps
    995/tcp  open  pop3s
    3306/tcp open  mysql
    8080/tcp open  http-proxy
    nmap mydomain.net from internet give

    Code:
    Not shown: 989 filtered ports
    PORT      STATE  SERVICE
    20/tcp    closed ftp-data
    21/tcp    open   ftp
    22/tcp    open   ssh
    53/tcp    open   domain
    80/tcp    open   http
    110/tcp   open   pop3
    143/tcp   open   imap
    443/tcp   open   https
    3306/tcp  open   mysql
    8080/tcp  open   http-proxy
    10000/tcp closed snet-sensor-mgmt
    

    telnet localhost 25
    Code:
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 mail.mydomain.net ESMTP Postfix (Debian/GNU)
    and freeze

    Any idea ? I really don't see the problem and need to be able to access smtp server through the internet

    thx

    -drub4n
     
  2. _X_

    _X_ New Member

    possible problems:

    ***
    myhostname = mail.mydomain.net

    shouldn't be :

    myhostname = mydomain.net

    ***
    mydestination = mail.mydomain.net, localhost, localhost.localdomain

    shouldn't be something like:

    mydestination = /etc/postfix/local-host-names - you didn't gave info on what tutorial did you use so check that according to your tutorial
     
  3. drub4n

    drub4n New Member

  4. _X_

    _X_ New Member

    here is the point where postfix is installed:

    http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3-p3

    9 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils

    System mail name: <-- server1.example.com

    should be something like server1.mydomain.net or just mydomain.net

    same should go here:

    vi /etc/courier/imapd.cnf
    [...]
    CN=server1.example.com
    [...]

    vi /etc/courier/pop3d.cnf
    [...]
    CN=server1.example.com
    [...]

    unfortunately i have different server configuration and cannot help you any further.

    also same server1.mydomain.net or mydomain.net should be used in ISPConfig install

    Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]:

    if there are some errors in logs you can post them so we can locate a problem.

    if you used mail.mydomain.net everywhere instead of server1.mydomain.net or mydomain.net maybe you should change back to
    myhostname = mail.mydomain.net
     
  5. drub4n

    drub4n New Member

    thx _X_ for your tips

    I replace everything with myserver.myhosting.com
    regenerate key.
    Imap and pop with SSL are ok
    but I still cannot connect to smtp ... will continue investigation ...

    I got something strange,
    If I desactivate my firewall, I can see port 25 on nmap but filtered and still cannot access to it

    any idea ?
     
    Last edited: Aug 30, 2009
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Your original main.cf file was absolutley fine. Please undo the changes that _X_ suggested in #2 as he has mixed up ispconfig 2 and ispconfig 3.

    Please use something like mail.mydomain.net or server1.mydomain.net as hostname but not mydomain.net as this will cause a conflicht with the virtual domains otherwise.

    Please post the output of

    netstat -tap

    and check your mail log for errors. Also contact your provider and ask them if they block port 25.
     
  7. _X_

    _X_ New Member

    ISPConfig 3? ups ... didn't realize ... totally overlooked that info ... sry m8 :eek:
     
  8. drub4n

    drub4n New Member

    don't worry _X_

    was not a big change and I keep it to myserver.myhosting.com, no more mydomain.net in my main.cf file

    netstat - tap :

    Code:
    Connexions Internet actives (serveurs et ├ętablies)
    Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name
    tcp        0      0 *:imaps                 *:*                     LISTEN      27676/couriertcpd
    tcp        0      0 *:pop3s                 *:*                     LISTEN      30198/couriertcpd
    tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      12552/amavisd (mast
    tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      30739/master
    tcp        0      0 *:mysql                 *:*                     LISTEN      18377/mysqld
    tcp        0      0 localhost.localdoma:940 *:*                     LISTEN      16028/famd
    tcp        0      0 *:pop3                  *:*                     LISTEN      13206/couriertcpd
    tcp        0      0 localhost.localdo:spamd *:*                     LISTEN      15023/spamd.pid
    tcp        0      0 *:imap2                 *:*                     LISTEN      13176/couriertcpd
    tcp        0      0 *:sunrpc                *:*                     LISTEN      15852/portmap
    tcp        0      0 *:http-alt              *:*                     LISTEN      11343/apache2
    tcp        0      0 *:www                   *:*                     LISTEN      11343/apache2
    tcp        0      0 *:ftp                   *:*                     LISTEN      27741/pure-ftpd (SE
    tcp        0      0 ks37560.kimsufi.:domain *:*                     LISTEN      23912/mydns
    tcp        0      0 localhost.locald:domain *:*                     LISTEN      23912/mydns
    tcp        0      0 *:ssh                   *:*                     LISTEN      2606/sshd
    tcp        0      0 *:smtp                  *:*                     LISTEN      30739/master
    tcp        0      0 *:https                 *:*                     LISTEN      11343/apache2
    server is listening on port 25
    with the fw on, I can't do anything on port 25 from remote computer
    with the fw off, nmap say the port 25 is filtered
    I use basic fw settings for myserver.myhosting.com under ISPconfig3 administration console wich are

    TCP open ports : 20,21,22,25,53,80,110,143,443,3306,8080,10000
    UDP open ports : 53,3306

    Really disapointed with this issue ...
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Please set the firewall to off, wait a minute and then run:

    iptables -L

    and post the output.
     
  10. drub4n

    drub4n New Member

    iptables -L

    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain fail2ban-ssh (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    thx

    -drub4n
     
    Last edited: Aug 31, 2009
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Mailserver is listening on all interfaces and no firewall is blocking a port, so your problem is outside of thsi server. The telnet command above is fine as well as it is not freezing, it just waits for your input.

    Either you run a external firewall that is blocking traffic or your access provider is blocking port 25.
     
  12. drub4n

    drub4n New Member

    ok thx till,

    I'll check this issue with my provider.

    -drub4n
     

Share This Page