Email issues

Discussion in 'ISPConfig 3 Priority Support' started by keshwarsingh, Jul 15, 2013.

Thread Status:
Not open for further replies.
  1. keshwarsingh

    keshwarsingh Member

    Do you have any idea what might be causing the following ?

    root@master:/etc/postfix# tail -f /var/log/mail.log
    Jul 15 19:55:01 master postfix/smtps/smtpd[27051]: lost connection after CONNECT from localhost[::1]
    Jul 15 19:55:01 master postfix/smtps/smtpd[27051]: disconnect from localhost[::1]
    Jul 15 19:55:01 master dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<+pkU4o7h7wAAAAAAAAAAAAAAAAAAAAAB>
    Jul 15 19:55:09 master postfix/smtps/smtpd[26953]: SSL_accept error from mail-am1lp0019.outbound.protection.outlook.com[213.199.154.19]: Connection timed out
    Jul 15 19:55:09 master postfix/smtps/smtpd[26953]: lost connection after CONNECT from mail-am1lp0019.outbound.protection.outlook.com[213.199.154.19]
    Jul 15 19:55:09 master postfix/smtps/smtpd[26953]: disconnect from mail-am1lp0019.outbound.protection.outlook.com[213.199.154.19]
    Jul 15 19:55:24 master postfix/smtps/smtpd[26978]: SSL_accept error from localhost[::1]: Connection timed out
    Jul 15 19:55:24 master postfix/smtps/smtpd[26978]: lost connection after CONNECT from localhost[::1]
    Jul 15 19:55:24 master postfix/smtps/smtpd[26978]: disconnect from localhost[::1]
    Jul 15 19:56:10 master postfix/smtps/smtpd[27051]: connect from mail-db3lp0077.outbound.protection.outlook.com[213.199.154.77]
     
    keshwarsingh, Jul 15, 2013
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe ssl is not enabled correctly in master.cf or the ssl cert is broken. Please post the content of the file /etc/postfix/master.cf
     
    till, Jul 15, 2013
    #2
  3. keshwarsingh

    keshwarsingh Member

    It's a new installation on debian wheezy, followed the steps to secure ispconfig3 with startssl, i'm using class2 & adjusted the values...

    #
    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n - - - - smtpd
    #smtp inet n - - - 1 postscreen
    #smtpd pass - - - - - smtpd
    #dnsblog unix - - - - 0 dnsblog
    #tlsproxy unix - - - - 0 tlsproxy
    #submission inet n - - - - smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #smtps inet n - - - - smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #628 inet n - - - - qmqpd
    pickup fifo n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - n 300 1 oqmgr
    tlsmgr unix - - - 1000? 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - - - - smtp
    relay unix - - - - - smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    # mailbox_transport = lmtp:inet:localhost
    # virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus unix - n n - - pipe
    # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix - n n - - pipe
    # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}

    dovecot unix - n n - - pipe
    flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes

    127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
     
    keshwarsingh, Jul 15, 2013
    #3
  4. keshwarsingh

    keshwarsingh Member

    Here's the permissions for ssl...

    root@master:/usr/local/ispconfig/interface/ssl# ls -la
    total 60
    drwxr-s--- 2 ispconfig ispconfig 4096 Jul 15 18:18 .
    drwxr-sr-x 7 ispconfig ispconfig 4096 Jul 8 14:05 ..
    -rw-r--r-- 1 ispconfig ispconfig 2399 Jul 6 18:38 ispserver.crt
    -rwxr-x--- 1 ispconfig ispconfig 2252 Jul 15 13:51 ispserver.crt_bak
    -rwxr-x--- 1 ispconfig ispconfig 1817 Jul 15 13:51 ispserver.csr_bak
    -rw-r--r-- 1 ispconfig ispconfig 1675 Jul 6 18:37 ispserver.key
    -rwxr-x--- 1 ispconfig ispconfig 3247 Jul 15 13:51 ispserver.key_bak
    -rwxr-x--- 1 ispconfig ispconfig 3311 Jul 15 13:50 ispserver.key.secure_bak
    -rw------- 1 ispconfig ispconfig 9046 Jul 6 18:43 ispserver.pem
    -rw-r--r-- 1 ispconfig ispconfig 2760 May 7 2008 startssl.ca.crt
    -rw-r--r-- 1 ispconfig ispconfig 4972 Jul 6 18:43 startssl.chain.class2.server.crt
    -rw-r--r-- 1 ispconfig ispconfig 2212 Apr 18 2010 startssl.sub.class2.server.ca.crt
    root@master:/usr/local/ispconfig/interface/ssl#

    root@master:/etc/postfix# ls -la
    total 192
    drwxr-xr-x 4 root root 4096 Jul 15 21:23 .
    drwxr-xr-x 107 root root 4096 Jul 15 19:59 ..
    -rw-r--r-- 1 root root 0 Jul 15 13:49 body_checks
    drwxr-xr-x 2 root root 4096 Jul 15 18:59 dkim
    -rw-r--r-- 1 root root 329 Jul 15 11:46 dynamicmaps.cf
    -rw-r--r-- 1 root root 0 Jul 15 13:49 header_checks
    -rw-r--r-- 1 root root 3738 Jul 15 21:18 main.cf
    -rw-r--r-- 1 root root 3551 Jul 15 15:36 main.cf~
    -rw-r--r-- 1 root root 3406 Jul 15 13:50 main.cf~2
    -rw-r--r-- 1 root root 3310 Jul 15 13:50 main.cf~3
    -rw-r--r-- 1 root root 6342 Jul 15 13:50 master.cf
    -r-------- 1 root root 5727 Jul 15 13:50 master.cf~
    -r-------- 1 root root 5571 Jul 15 13:50 master.cf~2
    -rw-r--r-- 1 root root 0 Jul 15 13:49 mime_header_checks
    -rw-r----- 1 root postfix 231 Jul 15 13:49 mysql-virtual_client.cf
    -rw-r----- 1 root postfix 221 Jul 15 13:49 mysql-virtual_domains.cf
    -rw-r----- 1 root postfix 218 Jul 15 13:49 mysql-virtual_email2email.cf
    -rw-r----- 1 root postfix 230 Jul 15 13:49 mysql-virtual_forwardings.cf
    -rw-r----- 1 root postfix 288 Jul 15 13:49 mysql-virtual_mailboxes.cf
    -rw-r----- 1 root postfix 252 Jul 15 13:49 mysql-virtual_recipient.cf
    -rw-r----- 1 root postfix 224 Jul 15 13:49 mysql-virtual_relaydomains.cf
    -rw-r----- 1 root postfix 230 Jul 15 13:49 mysql-virtual_relayrecipientmaps.cf
    -rw-r----- 1 root postfix 249 Jul 15 13:49 mysql-virtual_sender.cf
    -rw-r----- 1 root postfix 227 Jul 15 13:49 mysql-virtual_transports.cf
    -rw-r--r-- 1 root root 0 Jul 15 13:49 nested_header_checks
    -rw-r--r-- 1 root root 19707 Mar 6 21:04 postfix-files
    -rwxr-xr-x 1 root root 8729 Mar 6 21:04 postfix-script
    -rwxr-xr-x 1 root root 26498 Mar 6 21:04 post-install
    -rw-r--r-- 1 root root 60 Jul 15 19:40 recipient_bcc
    -rw-r--r-- 1 root root 12288 Jul 15 19:14 recipient_bcc.db
    drwxr-xr-x 2 root root 4096 Mar 6 21:04 sasl
    -rw-r--r-- 1 root root 60 Jul 15 19:40 sender_bcc
    -rw-r--r-- 1 root root 12288 Jul 15 19:14 sender_bcc.db
    lrwxrwxrwx 1 root root 48 Jul 15 18:19 smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt
    -rw-r--r-- 1 root root 2252 Jul 15 13:50 smtpd.cert_bak
    lrwxrwxrwx 1 root root 48 Jul 15 18:20 smtpd.key -> /usr/local/ispconfig/interface/ssl/ispserver.key
    -rw-r----- 1 root root 3272 Jul 15 13:50 smtpd.key_bak
    root@master:/etc/postfix#

    root@master:/etc/ssl/private# ls -la
    total 16
    drwx--x--- 2 root ssl-cert 4096 Jul 15 18:21 .
    drwxr-xr-x 4 root root 4096 Jul 15 11:10 ..
    lrwxrwxrwx 1 root root 48 Jul 15 18:21 pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem
    -rw------- 1 root root 3266 Jul 15 12:47 pure-ftpd.pem_bak
    -rw-r----- 1 root ssl-cert 1704 Jul 15 11:45 ssl-cert-snakeoil.key
    root@master:/etc/ssl/private#
     
    keshwarsingh, Jul 15, 2013
    #4
  5. keshwarsingh

    keshwarsingh Member

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class2.server.crt
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
     
    keshwarsingh, Jul 15, 2013
    #5
  6. keshwarsingh

    keshwarsingh Member

    I've just switched back to the original certs to to make sure it isn't a cert issue.

    problem still persists..
     
    keshwarsingh, Jul 15, 2013
    #6
  7. keshwarsingh

    keshwarsingh Member

    Solved :)

    I forgot to uncomment the submission and smtps section..
     
    keshwarsingh, Jul 15, 2013
    #7
Thread Status:
Not open for further replies.

Share This Page