Hi there. New install of ISPConfig 3 on Debian Squeeze [previously on Lenny] Created using: http://www.ispconfig.org/news/tutor...eze-debian-6-0-with-bind-courier-ispconfig-3/ Previous server used: Port: 465 Connection security: SSL/TLS Authentication method: normal password If I try to use these setting on this fresh install [complete format with previous back up files stored on a seperate drive] I get the following error: Sending of message failed. The message could not be sent because connecting to SMTP server mail.myserver.com (changed from real name - error has correct name) failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server settings are correct and try again, or contact the server administrator. I can send using: Port: 25 Connection security: STARTTLS Authentication method: normal password No errors appear in mail.log or mail.err I've compared the master.cf pre/post [original/current] Differing section appears to be: Original Current main.cf has a couple of minor differences Original *This line is missing in the current main.cf Current *These lines do not appear in the original main.cf No firewall rules are set to block ports. hopefully I've provided enough detail.
The output of postconf -a should be: cyrus dovecot Here is a working main.cf (uncommented only) from a fairly new sqeeze setup for you to compare with: smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no readme_directory = /usr/share/doc/postfix smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = mail.example.tld alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.example.tld, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_tls_security_level = may transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 You can compare and check that /etc/mailname contains your proper mail name. Also check that ports are open in your router.
Confirmed Only difference is the last 3 lines on my main.cf smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = *These 3 lines also appeared in my previous main.cf /etc/mailname confirmed Same external setup [router, cable etc] as per previous server which worked.
Comment them out (you can always uncomment them later if you want to): #smtp_sasl_auth_enable = yes #smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd #smtp_sasl_security_options = Then reload and restart postfix. /etc/init.d/postfix reload /etc/init.d/postfix restart /etc/init.d/dovecot restart Also check out your smtp dialogue at mxtoolbox.com After that the next thing you can look at it your dovecot configuration in /etc/dovecot/dovecot.conf
Commented out the 3 lines - done /etc/init.d/postfix reload - done /etc/init.d/postfix restart - done /etc/init.d/dovecot restart - done Change SMTP settings to SSL/TLS 465 - done Test email to external adr - fail [as per previous error] Change SMTP settings back to STARTTLS 25 - done Test email to external adr - bounce back fail from relay outbound.mailhop.org [required to use this due to blacklisting issues] Uncomment lines, reload/restart - done. Returned to usable state. MXtoolbox results: 220 *correct server name* ESMTP Postfix (Debian/GNU) OK - correct IP resolves to correct IP at ISP Warning - Reverse DNS does not match SMTP Banner 0 seconds - Good on Connection time Not an open relay. 1.513 seconds - Good on Transaction time 6 open ports: 25 smtp Success 218 ms 80 http Success 218 ms 110 pop3 Success 218 ms 143 imap Success 218 ms 443 https Success 218 ms 8080 webcache Success 218 ms These ports were closed: 21 ftp Timeout 0 ms 22 ssh Timeout 0 ms 23 telnet Timeout 0 ms 53 dns Timeout 0 ms 139 netbios Timeout 0 ms 389 ldap Timeout 0 ms 587 msa-outlook Timeout 0 ms 1352 lotus notes Timeout 0 ms 1433 sql server Timeout 0 ms 3306 my sql Timeout 0 ms 3389 remote desktop Thread was being aborted. 0 ms I notice that it doesn't check 465 or any other mail ports like 993.
Confirmed those 3 lines are required to relay through DynDNS https://www.dyndns.com/support/kb/mail_servers_and_mailhop_outbound.html#postfix Plus this line which was in my original main.cf smtp_tls_CAfile = /etc/postfix/cert.pem testing now
1. In a normal setup you don't have a /etc/postfix/cert.pem 2. Those dyndns lines are "optional" and perhaps you should look at your DNS setup first. Do you have a dynamic IP?
Yes my IP is dynamic - which is why I've used DynDNS for as long as I can remember to in conjunction with mail & web services. DNS is fine - website works, webmail works. The only reason I'm using the DynDNS lines is they were in my previous operating Lenny setup. Is there is a reason why the cert wasn't included in this version of ISPConfig? I was running with out the extra lines but still using the relay with out problem - I had hoped adding them would fix the 465 access issue. The differences in the master.cf above aren't the problem?
No I don't think that the lack of a postfix cert is the problem here. You should have a smtpd.cert in /etc/postfix and that is why you have the following lines in main.cf smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key Your mail record should not be a CNAME record. It should be an MX record. Have a read here: http://www.dyndns.com/support/kb/email_mail_exchangers_and_dns.html The easiest way to get things working are to follow the howto and then set up your DNS using the wizard. This will generate a mail record which will have the same value as that in /etc/mailname. You will need to wait for changes you make in the DNS to propogate (they say 12 hours) Also have a look here: http://www.howtoforge.com/forums/showthread.php?t=22036
MX Record is already set: Preference Mail Exchangers 10 my.server.name [changed] 20 mx2.mailhop.org It appears that your MX records are setup correctly. Just uncommented the master.cf entries & did a reload/restart..... I have SSL/TLS 465 SMTP access. BUT: There's a new problem - now mail wont deliver: Aug 30 20:12:14 **server.name** postfix/error[22643]: 302922C436C: to=, relay=none, delay=351, delays=350/0.14/0/0.33, dsn=4.3.0, status=deferred (mail transport unavailable) Aug 30 20:12:14 **server.name** postfix/error[22644]: AF9182C436E: to=, relay=none, delay=322, delays=322/0.26/0/0.26, dsn=4.3.0, status=deferred (mail transport unavailable) Tried a postfix flush with no result. Reverted to the commented master.cf, reload/restart - back to receiving mail but sending via 25
uncommenting the below in the master.cf gave me the result I required smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes I have also re-done the MX record on DYNDNS as per the above. users can now send mail via port 465 with SSL/TLS enabled user can now receive mail via port 993 with SSL/TLS enabled