As I'm new here let me say EHLO howtoforge.com So, couple of days ago I purchased an unmanaged root server and since then I'm trying to make emails work. I have followed couple of different tutorials but none of them took me to the final destination. I'm starting to believe that now, maybe whats blocking me is some old settings from some tutorial I followed but I simply have no clue what to look for and where to look for the answer. So, first let me give you some info what I have done (maybe this matters). Immidiatelly after i got my root credetials, I created a new user and gave him the sudo rights. Created cuple of new groups (neither of them interferre with those used in mail tutorials), and installed php, apache and mysql. I set up one website in apache and the last thing I did was changing the host name... That's about everything. Then i started with mail tutorials. Last mail tutorial I followed (http://flurdy.com/docs/postfix/) gave me partial success. I can telnet to port 25 of the localhost, can send email, receivers receive email (no matter do I send the mail from localhost or from gmail!) so I guess that postfix + courier + virtual hosts saved in mysql work ok. I can see folders and files in /var/spool/mail/virtual/virtual_user_dir... Then I tryed to install roundcube, and set it up, but when I try to enter my virtual user credentials, roundcube alerts me with error Connection to IMAP server failed. I checked the logs: /var/log/auth.log and /var/log/mail.err give no error for this, but in /var/log/mail.log i found this: sunzone imapd-ssl: couriertls: /etc/ssl/certs/905b837e.0: No such file or directory. I tryed to see does /etc/ssl/certs/905b837e.0 exists and i found a symlink to a real file (lrwxrwxrwx 1 root root 33 Dec 19 14:00 905b837e.0 -> /etc/mail/tls/sendmail-server.crt) but the real file doesn't exist! Even more in /etc/mail i have no /tls/ dir! I tryed to delete the symlink but, UBUNTU 12.04 is recreating it again with a new symlink name and the same destination. I remember that in on tutorial i followed before the last one, I did create certificates name sendmail-server... but honestly, i can't remember wich one was it... I strongly believe that IMAP error that Roundcube gives me is related to this certfile error, but again, I'm not sure... Please help me with this one - I'm rellay tired and sleepless for past three days trying to set this email up
Update: I turned off TLS and tried to connect via SquirrelMail, and I had success. I also, managed to configure the Outlook to access mailbox via POP protocol. It seems that port 25 is not accessible outside of the localhost (i have to figure out how to turn it on). Also, IMAP is working on localhost but not visible on the outside. Once I manage to turn these porst on, I'll try to turn back to TLS step by step...
Hi Falko, thanks for trying to help, netstat -tap: ------------------------------------ Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:imap2 *:* LISTEN 2086/couriertcpd tcp 0 0 localhost:spamd *:* LISTEN 1534/spamd.pid tcp 0 0 *:sunrpc *:* LISTEN 604/rpcbind tcp 0 0 *:webmin *:* LISTEN 2347/perl tcp 0 0 localhost:720 *:* LISTEN 2240/famd tcp 0 0 *:ssmtp *:* LISTEN 2212/master tcp 0 0 sunzone.server.c:domain *:* LISTEN 1368/named tcp 0 0 localhost:domain *:* LISTEN 1368/named tcp 0 0 *:smtp *:* LISTEN 2212/master tcp 0 0 localhost:953 *:* LISTEN 1368/named tcp 0 0 *:XXX *:* LISTEN 841/sshd tcp 0 0 localhost:10023 *:* LISTEN 1518/postgrey.pid - tcp 0 0 localhost:10024 *:* LISTEN 1411/amavisd (maste tcp 0 0 localhost:10025 *:* LISTEN 2212/master tcp 0 0 localhost:mysql *:* LISTEN 1303/mysqld tcp 0 0 *:submission *:* LISTEN 2212/master tcp 0 0 sunzone.server.co:XXX xx.xxx.xxx.xx-dsl:54900 TIME_WAIT - tcp 55 0 localhost:59403 localhost:10025 CLOSE_WAIT 1532/amavisd (ch1-a tcp 0 248 sunzone.server.co:XXX xx.xxx.xxx.x-dsl:54921 ESTABLISHED 13275/sshd: user [p tcp 55 0 localhost:59400 localhost:10025 CLOSE_WAIT 1531/amavisd (ch1-a tcp6 0 0 [::]:pop3 [::]:* LISTEN 2108/couriertcpd tcp6 0 0 [::]:sunrpc [::]:* LISTEN 604/rpcbind tcp6 0 0 [::]:http [::]:* LISTEN 2312/apache2 tcp6 0 0 [::]:ssmtp [::]:* LISTEN 2212/master tcp6 0 0 [::]:domain [::]:* LISTEN 1368/named tcp6 0 0 [::]:smtp [::]:* LISTEN 2212/master tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1368/named tcp6 0 0 [::]:XXX [::]:* LISTEN 841/sshd tcp6 0 0 [::]:submission [::]:* LISTEN 2212/master iptables -L --------------------------------- Code: Chain INPUT (policy DROP) target prot opt source destination dynamic all -- anywhere anywhere ctstate INVALID,NEW net2fw all -- anywhere anywhere ACCEPT all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:" reject all -- anywhere anywhere [goto] Chain FORWARD (policy DROP) target prot opt source destination Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:" reject all -- anywhere anywhere [goto] Chain OUTPUT (policy DROP) target prot opt source destination fw2net all -- anywhere anywhere ACCEPT all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:" reject all -- anywhere anywhere [goto] Chain Broadcast (2 references) target prot opt source destination DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST DROP all -- anywhere base-address.mcast.net/4 Chain Drop (1 references) target prot opt source destination all -- anywhere anywhere reject tcp -- anywhere anywhere tcp dpt:auth /* Auth */ Broadcast all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */ ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */ Invalid all -- anywhere anywhere DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */ DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */ DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */ DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */ DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */ NotSyn tcp -- anywhere anywhere DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */ Chain Invalid (2 references) target prot opt source destination DROP all -- anywhere anywhere ctstate INVALID Chain NotSyn (2 references) target prot opt source destination DROP tcp -- anywhere anywhere tcpflags:! FIN,SYN,RST,ACK/SYN Chain Reject (3 references) target prot opt source destination all -- anywhere anywhere reject tcp -- anywhere anywhere tcp dpt:auth /* Auth */ Broadcast all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */ ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */ Invalid all -- anywhere anywhere reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */ reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */ reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */ reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */ DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */ NotSyn tcp -- anywhere anywhere DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */ Chain dynamic (3 references) target prot opt source destination Chain eth0_fwd (0 references) target prot opt source destination dynamic all -- anywhere anywhere ctstate INVALID,NEW Chain fw2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain logdrop (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain logreject (0 references) target prot opt source destination reject all -- anywhere anywhere Chain net2fw (1 references) target prot opt source destination dynamic all -- anywhere anywhere ctstate INVALID,NEW ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 /* POP3 */ ACCEPT tcp -- anywhere anywhere tcp dpt:smtp /* SMTP */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */ ACCEPT tcp -- anywhere anywhere tcp dpt:webmin /* Webmin */ ACCEPT tcp -- anywhere anywhere tcp dpt:http /* Web */ ACCEPT tcp -- anywhere anywhere tcp dpt:https /* Web */ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* SSH */ Drop all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net2fw:DROP:" DROP all -- anywhere anywhere Chain reject (10 references) target prot opt source destination DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST DROP all -- base-address.mcast.net/4 anywhere DROP igmp -- anywhere anywhere REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain shorewall (0 references) target prot opt source destination i configured shorewall to suit my needs and I think haven't locked myself out when I try to telnet to smtp port from outside, i get no response so i guess that no program is actually listening this port...
Hi falko, last night I followed one of your tutorials but still not able to access the mail via imap (with squirrelmail or even from outside network) or access the smtp from outside... I think that no daemon listens to ports outside of localhost... is that possible? How can I check that? UPDATE: ------------- I enabled the firewall port 587 and now I'm able to send emails from Outlook also Another thing I did, was adding inet_interfaces = all in main.cf and IMAP is working also
