Using Outlook Express or MSO and does not authenticates using POP, works fine on IMAP. When disable "outgoing server req. authentication" I get relay error, any suggestion, I am using Postfix, mysql dovecot Another question any other CP, I am unable to use ISP Config, does not support my configuration, DNS, mail server and HTTP server on different boxes Best regards AL
have you set up the dovecot with imap ? can you put here the conf ? have you check the iptables ? can you telnet at imap port 143 of tcp/ip ? have you see at the logs of dovecot any messages for authentication failures?
here is my log Oct 16 16:30:07 mail postfix/smtpd[31002]: disconnect from unknown[12.173.5.11] Oct 16 16:30:09 mail postfix/smtpd[31002]: connect from unknown[12.173.5.11] Oct 16 16:30:12 mail postfix/smtpd[31002]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied Oct 16 16:30:12 mail postfix/smtpd[31002]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied Oct 16 16:30:12 mail postfix/smtpd[31002]: warning: unknown[12.173.5.11]: SASL LOGIN authentication failed: authentication failure Oct 16 16:30:12 mail postfix/smtpd[31002]: lost connection after AUTH from unknown[12.173.5.11] Oct 16 16:30:12 mail postfix/smtpd[31002]: disconnect from unknown[12.173.5.11] Oct 16 16:30:13 mail postfix/smtpd[31002]: connect from unknown[12.173.5.11] Oct 16 16:30:16 mail postfix/smtpd[31002]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied Oct 16 16:30:16 mail postfix/smtpd[31002]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied Oct 16 16:30:16 mail postfix/smtpd[31002]: warning: unknown[12.173.5.11]: SASL LOGIN authentication failed: authentication failure Oct 16 16:30:17 mail postfix/smtpd[31002]: lost connection after AUTH from unknown[12.173.5.11] Oct 16 16:30:17 mail postfix/smtpd[31002]: disconnect from unknown[12.173.5.11] here is my main.cf # --------------- local settings ------------------ myhostname = mail.tchosting.net mydomain = tchosting.net inet_interfaces = localhost, $myhostname alias_maps = alias_database = relay_domains = mysql:$config_directory/mysql_relay_domains_maps.cf smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mailq_path = /usr/bin/mailq setgid_group = maildrop mynetworks_style = subnet mynetworks = 127.0.0.0/8, 192.168.1.0/24 mydestination = localhost, $myhostname unknown_local_recipient_reject_code = 550 address_verify_map = btree:/var/spool/postfix/address_verify inet_protocols = all biff = no content_filter = smtp-amavis:[127.0.0.1]:10024 # ---------------------- VIRTUAL DOMAINS START ---------------------- virtual_mailbox_domains = mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_base = /var/vmail virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_minimum_uid = 150 virtual_uid_maps = static:150 virtual_gid_maps = static:8 virtual_transport = virtual dovecot_destination_recipient_limit = 1 # ---------------------- VIRTUAL DOMAINS END ---------------------- # ---------------------- ADDITIONAL FOR QUOTA SUPPORT ------------- virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes # ---------------------- ADDITIONAL FOR QUOTA SUPPORT END ----- # ---------------------- SASL PART START ---------------------- smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = #smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes #smtp_sasl_password_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf smtpd_sasl_path = private/auth # ---------------------- SASL PART END ---------------------- # ---------------------- TLS PART START ---------------------- smtp_use_tls = yes smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtp_tls_key_file = /etc/postfix/ssl/smtpd.key smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_received_header = no smtpd_tls_ask_ccert = no smtpd_tls_loglevel = 0 tls_random_source = dev:/dev/urandom smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_session_cache_timeout = 3600s # ---------------------- TLS PART END ---------------------- smtpd_helo_required = yes disable_vrfy_command = yes non_fqdn_reject_code = 450 invalid_hostname_reject_code = 450 maps_rbl_reject_code = 450 smtpd_recipient_restrictions = permit_mynetworks permit_tls_all_clientcerts permit_sasl_authenticated reject_unauth_destination reject_invalid_helo_hostname warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_unknown_helo_hostname warn_if_reject reject_unknown_client reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain warn_if_reject reject_unverified_sender reject_unverified_recipient reject_rbl_client cbl.abuseat.org reject_rbl_client list.dsbl.org reject_rbl_client opm.blitzed.org reject_rbl_client sbl.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net=127.0.0.2 reject_rbl_client dnsbl.sorbs.net=127.0.0.3 reject_rbl_client dnsbl.sorbs.net=127.0.0.4 reject_rbl_client dnsbl.sorbs.net=127.0.0.5 reject_rbl_client dnsbl.sorbs.net=127.0.0.7 reject_rbl_client dnsbl.sorbs.net=127.0.0.9 reject_rbl_client dnsbl.sorbs.net=127.0.0.11 reject_rbl_client dnsbl.sorbs.net=127.0.0.12 warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org permit smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit here is dovecot.conf base_dir = /var/run/dovecot/ protocols = imap pop3 imaps pop3s listen = log_timestamp = "%b %d %H:%M:%S " syslog_facility = mail ssl_listen = ssl_disable = no ssl_parameters_regenerate = 168 verbose_ssl = no mail_location = maildir:/var/vmail/%d/%n mail_extra_groups = mail mail_debug = no first_valid_uid = 150 last_valid_uid = 150 maildir_copy_with_hardlinks = yes protocol imap { login_executable = /usr/lib/dovecot/imap-login mail_executable = /usr/lib/dovecot/imap imap_max_line_length = 65536 #mail_plugins = quota imap_quota #mail_plugin_dir = /usr/lib/dovecot/imap #login_greeting_capability = no #imap_capability = imap_client_workarounds = outlook-idle delay-newmail } protocol pop3 { login_executable = /usr/lib/dovecot/pop3-login mail_executable = /usr/lib/dovecot/pop3 #pop3_no_flag_updates = no #pop3_enable_last = no #pop3_reuse_xuidl = no #pop3_lock_session = no pop3_uidl_format = %08Xv%08Xu #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s #mail_plugins = quota imap_quota #mail_plugin_dir = /usr/lib/dovecot/pop3 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { postmaster_address = [email protected] #hostname = mail_plugins = quota #mail_plugin_dir = /usr/lib/dovecot/lda sendmail_path = /usr/lib/sendmail auth_socket_path = /var/run/dovecot/auth-master } auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_verbose = no auth_debug = no auth default { mechanisms = plain digest-md5 cram-md5 passdb pam { } passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb passwd { } userdb sql { args = /etc/dovecot/dovecot-sql.conf } user = nobody socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail group = mail } client { path = /var/run/dovecot/auth-client mode = 0660 user = postfix group = mail } } } dict { #quota = mysql:/etc/dovecot-dict-quota.conf } plugin { quota = maildir:storage=10240:messages=1000 acl = vfile:/etc/dovecot-acls #convert_mail = mbox:%h/mail trash = /etc/dovecot-trash.conf } yes IP tables re ok verifi ports 143 25 110 are avail, the problem is sending email best regards Al
Do you have this problem when you send (SMTP) an email or when you try to fetch (POP3) an email? What are the outputs of Code: iptables -L and Code: netstat -tap ?
Hi , this only happen when I configure my email client software as POP, I am able to receive mail but not send SMTP req authetication but unable to authenticates, but when I configure the wmail client as IMAP protocol I am able to send and receive. here is my iptable looks like this mail:~ # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED input_ext 0 -- anywhere anywhere LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' DROP 0 -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' Chain forward_ext (0 references) target prot opt source destination Chain input_ext (1 references) target prot opt source destination DROP 0 -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndmp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:domain LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:http LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:https LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:imap LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:imaps LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:mysql LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dptPop3 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dptPop3 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dptPop3s flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dptPop3s LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:smtp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:domain reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' DROP 0 -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV ' DROP 0 -- anywhere anywhere Chain reject_func (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT 0 -- anywhere anywhere reject-with icmp-proto-unreachable mail:~ # and my netstat looks like mail:~ # netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 12258/dovecot tcp 0 0 *Pop3s *:* LISTEN 12258/dovecot tcp 0 0 localhost:10024 *:* LISTEN 3255/amavisd (maste tcp 0 0 localhost:10025 *:* LISTEN 30909/master tcp 0 0 *:mysql *:* LISTEN 3015/mysqld tcp 0 0 *Pop3 *:* LISTEN 12258/dovecot tcp 0 0 localhost:dyna-access *:* LISTEN 2578/clamd tcp 0 0 *:imap *:* LISTEN 12258/dovecot tcp 0 0 *:sunrpc *:* LISTEN 2477/portmap tcp 0 0 *:ndmp *:* LISTEN 21769/perl tcp 0 0 localhost:novell-zen *:* LISTEN 2959/zmd tcp 0 0 mail.tchosting.n:domain *:* LISTEN 32237/named tcp 0 0 localhost:domain *:* LISTEN 32237/named tcp 0 0 localhost:ipp *:* LISTEN 2989/cupsd tcp 0 0 localhost:953 *:* LISTEN 32237/named tcp 0 0 localhost:smtp *:* LISTEN 30909/master tcp 0 0 mail.tchosting.net:smtp *:* LISTEN 30909/master tcp 0 0 *:www-http *:* LISTEN 3248/httpd2-prefork tcp 0 0 *:domain *:* LISTEN 32237/named tcp 0 0 *:ssh *:* LISTEN 3093/sshd tcp 0 0 localhost:ipp *:* LISTEN 2989/cupsd tcp 0 0 localhost:953 *:* LISTEN 32237/named tcp 0 0 localhost:smtp *:* LISTEN 30909/master tcp 0 0 *:https *:* LISTEN 3248/httpd2-prefork tcp 0 3260 mail.tchosting.net:ssh 12.173.5.11%30864:42448 ESTABLISHED 6125/0 mail:~ # best regards AL
Don't you think it would be a good idea to pay attention to, and fix the error messages from your log file? i.e. Oct 16 16:30:09 mail postfix/smtpd[31002]: connect from unknown[12.173.5.11] Oct 16 16:30:12 mail postfix/smtpd[31002]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied Oct 16 16:30:12 mail postfix/smtpd[31002]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied Oct 16 16:30:12 mail postfix/smtpd[31002]: warning: unknown[12.173.5.11]: SASL LOGIN authentication failed: authentication failure
I try to do that chuckl, that the reason is there for somebody else to help me, I am aware that the error is that, do you have a solution chuckl?
Could be many things. For starters, which user owns /etc/sasldb2 and what permissions are set? Are you running postfix chrooted? If so, maybe its looking in /var/spool/postfix/etc and there should be a copy of sasldb2 there? Even if it's not using the file SASL expects it to be available and usable. You have this line commented out in main.cf #smtp_sasl_password_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf Is that where you want SASL to find the auth data? Otherwise you have no map or password file specified, and it's going to use the SASL default, which is giving you an error.
I had verify all that, my question was ..configuring my client_outlook Express or MSO) as IMAP protocol I am able to send email, but if I configure a POP protocol I am no able to send email getting previous error I am not using any other ssl program,I am only using dovecot' ssl builtin. any other suggestion. Best regrads AL
Is it possible that your mail server is configured for something like pop-before-smtp or imap-before-smtp instead of SMTP-AUTH? Can you post the output of Code: telnet localhost 25 and then Code: ehlo localhost ?
here is my telnet mail:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.tchosting.net ESMTP Postfix (2.3.2) ehlo localhost 250-mail.tchosting.net 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-AUTH LOGIN 250-AUTH=LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN best regards AL
This is the output mail:~ # updatedb locate smtpd.conf mail:~ # locate smtpd.conf /etc/postfix/ssl/smtpd.conf /etc/sasl2/smtpd.conf /usr/share/logwatch/default.conf/services/qmail-smtpd.conf mail:~ #
in /etc/postfix/ssl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login /etc/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login
