 |
|
| Linux Forum Index » Linux Setup » email server setup problem... |
|
Page 1 of 1 |
|
| Author |
Message |
| Roger N. Clark (change username to rnclark)... |
 Posted: Sun Sep 27, 2009 9:00 am |
|
|
|
Guest
|
Hi,
In my post last week I said I had my email server up and running
and all was great. Well, not quite. I do have it running fine
on port 25 with TLS and secure connection. But when I change the
port to 587, it no longer works.
I have postfix, dovecot and sasl. I can read email from any
location and send fine if port 25 is not blocked. I can send and
receive email from other systems fine. I have fetchmail running
so I can download email from my qwest ISP.
I tested this from two hotels this week where port 25 was blocked
and sending out was the only problem. So I do need to get off of 25.
The relevant info from the config files is below.
The error message I get in the /var/log/mail* files is:
SSL_accept error from unknown[192.168.0.4]: -1
The above message comes when I change the port on my laptop for the
outgoing server to 587. If it is 25, it works fine. It seems to me
that the only difference is the 587 line in master.cf (below).
I've changed the 587 entry to be the same as the smtp line above it
and with no options (but keeping the 587 port), but that does not work.
On my laptop I have TLS enabled regardless of the outgoing server port.
My son, who works in computer security checked the packets on port 25
sessions and said everything was encrypted fine, including passwords.
I've done google searches for the above error message and I find
other users have posted questions about it, but never a solution.
The original install (ubuntu 9.04) after postfix and dovecot installed
did not include some sasl components, but I think I have everything now.
I have also tried changing the 587 line in master.cf to be chroot and not
chroot but that makes no difference.
Some additional info: the email server has static IP with a registered
domain name. I'm trying this from my laptop using DHCP from my ISP so that
gives the local 192.168.0.4 address.
In my previous thread Nico suggested using SMTP AUTH on port 573.
Did you really mean 573 or 587? I can't find references to 573 for email
on the net.
Any ideas as to what the problem is? What makes port 587 so different
from 25 when no other configuration is changed (except the port number
I declare on my laptop outgoing email server)?
Thanks,
Roger
############## /etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_auth_destination,
reject_invalid_hostname,
reject_non_fqdn_recipient
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client dnsbl-2.uceprotect.net,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_sender_restrictions = reject_non_fqdn_sender
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_received_header = yes
############# master.cf:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
587 inet n - n - - smtpd -v
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes |
|
|
| Back to top |
|
|
|
| HASM... |
| Posted: Tue Sep 29, 2009 1:43 pm |
|
|
|
Guest
|
"Roger N. Clark (change username to rnclark)" <username at (no spam) qwest.net> writes:
My setup is similar to yours. I didn't have to touch master.cf, only
main.cf.
I relay my messages through my ISP and only had to make this change
in master.cf
relayhost = mail.mydomain.com:NN
where NN is the alternate smpt port my ISP provides to get around port 25
blocks, and mail.mydomain.com points to my domain email MX machine at my
ISP.
-- HASM |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Tue Dec 01, 2009 1:02 pm
|
|