Hi. I installed ISPConfig with FC5 with the great Falko HowTos. Everything worked fine for a couple of months. The server use to have a public IP address. The ISP added an external Firewall and i have changed the Server IP address to an internal 192.168.0.7 address instead of the public. I made some changes on the named , httpd, hosts, resolv.conf files and others and almost everything worked fine but only the SMTP RELAY ACCESS IS NOT WORKING NOW as before when the users use outlook. (with squirrel and uebimiau is working ok) The sasl auth looks like working well and authenticate the user but now it is not allowing the relay. it looks like the SMTP AUTH connection works but is not saved or cached ??? The maillog shows that outlook is trying to send the email before the Login and the Logout in the past logs was in the same order but in the second time the user try to send the email the connection was allowed. I will appreciate any help or hint. Regards. Adolfo Oviedo / Costa Rica --------------------------- I have changed the IP in ISPCONFIG -> Management --> Server -- Settings -> IP address ----------------------------- SASL is working... [root@dominios log]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 dominios.com ESMTP Postfix ehlo localhost 250-dominios.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME ------------- Here is the maillog .. the Login is allowed and Nov 20 22:53:29 dominios postfix/smtpd[21069]: connect from unknown[196.40.56.7] Nov 20 22:53:29 dominios postfix/smtpd[21069]: NOQUEUE: reject: RCPT from unknown[196.40.56.7]: 572 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<yyy> Nov 20 22:53:29 dominios postfix/smtpd[21069]: disconnect from unknown[196.40.56.7] Nov 20 22:53:29 dominios dovecot: pop3-login: Login: user=<web3_xxx>, method=PLAIN, rip=::ffff:196.40.56.7, lip=::ffff:192.168.0.7 Nov 20 22:53:29 dominios dovecot: pop3(web3_xxx): Logout. top=0/0, retr=0/ del=0/0, size=0 N ---------------- this is the end of the main.cf virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names relay_domains = $mydestination append_at_myorigin = no smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ ------------- I also tested adding this parameters with no luck #smtpd_sasl_type = dovecot #smtpd_sasl_path = private/auth #smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache #smtpd_tls_session_cache_timeout = 3600 #smtp_connection_cache_time_limit = 3600 #smtp_connection_cache_on_demand = yes -------------- the file /etc/sysconfig/saslauthd has MECH=pam -------------- i checked and the domain is listed ok in /etc/postfix/local-host-names with www and without www ----------------
What's the output of Code: netstat -tap ? Did you enable "Server requires authentication." in your email client? What's the output of Code: postconf -d|grep mynetworks and Code: postconf -n|grep mynetworks ?
PostconfOutputs Hi Falko thanks for your great support. Hope i can contribute to the ISPconfig in some way in the near future. I have a good expertise in php and c++ programming. ------------------------------------------ Regarding your questions. I saw that the postconf -d have a problem in mynetworks because there is not ',' between the subnets.. How can i update the output for postconf -d ?? mynetworks = 127.0.0.0/8 192.168.0.0/24 the main.cf have it well with the ',' and the postconf -n shows mynetworks = 127.0.0.0/8, 192.168.0.0/24 ----------------------------------------------------------- Did you enable "Server requires authentication." in your email client? Sure... and everything was working great before changing the IP. Does pop-before-smtp works with the postfix configuration for ISPConfig ? ------------------------------------------------------------ the output of netstat -tap is: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 2608/mysqld tcp 0 0 *:40847 *:* LISTEN 1435/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 1416/portmap tcp 0 0 *:ndmp *:* LISTEN 3454/perl tcp 0 0 *:hosts2-ns *:* LISTEN 3192/ispconfig_http tcp 0 0 dominios:domain *:* LISTEN 3426/named tcp 0 0 dominios:domain *:* LISTEN 3426/named tcp 0 0 dominios:domain *:* LISTEN 3426/named tcp 0 0 dominios:ipp *:* LISTEN 1657/cupsd tcp 0 0 *:smtp *:* LISTEN 3582/master tcp 0 0 dominios:rndc *:* LISTEN 3426/named tcp 0 0 *:imaps *:* LISTEN 1813/dovecot tcp 0 0 *op3s *:* LISTEN 1813/dovecot tcp 0 0 *op3 *:* LISTEN 1813/dovecot tcp 0 0 *:imap *:* LISTEN 1813/dovecot tcp 0 0 *:http *:* LISTEN 3326/httpd tcp 0 0 *:ftp *:* LISTEN 3443/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 1676/sshd tcp 0 0 ::1:rndc *:* LISTEN 3426/named tcp 0 0 *:https *:* LISTEN 3326/httpd ---------------- postconf -d | grep mynetworks mynetworks = 127.0.0.0/8 192.168.0.0/24 mynetworks_style = subnet parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination --------------------- [root@dominios log]# postconf -n|grep mynetworks mynetworks = 127.0.0.0/8, 192.168.0.0/24 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination -------------- Thank you for any help.
New developers are alawys welcome postconf -d shows the defaults while postconf -n shows the current configuration used by postfix. I think the correct configuration will be without ",", so it might be better to remove it in main.cf and restart postfix. No. Pop before SMTP is not supported. Thats ok so far. Postfix is listening on all IP addresses.
Still.... Relay access denied I was playing the during all the night with several parameters like smtpd_sender_restrictions , smtpd_sender_restrictions with no luck. (i commented it at last) The Login with dovecot looks ok... but still with Relay access denied; I tried the mynetworks in the main.cf with and without comma but still the same problem i don't know why permit_sasl_authenticated,is not working.... ---------------------------------------------------------------------- This is a recent log... it is the same. Nov 28 03:53:03 dominios postfix/smtpd[18241]: connect from unknown[196.40.56.7] Nov 28 03:53:03 dominios postfix/smtpd[18241]: NOQUEUE: reject: RCPT from unknown[196.40.56.7]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<adolfo> Nov 28 03:53:03 dominios postfix/smtpd[18241]: disconnect from unknown[196.40.56.7] Nov 28 03:53:03 dominios dovecot: pop3-login: Login: user=<web3_xxx>, method=PLAIN, rip=::ffff:196.40.56.7, lip=::ffff:192.168.0.7 Nov 28 03:53:03 dominios dovecot: pop3(web3_adolfo): Logout. top=0/0, retr=0/ del=0/0, size=0 -------------------------------- i think postconf -d (default) is not necesary... because it is overwrited by the current ??? -------------------------------- Here is all the output from postconf -n ? It's almost the same as the perfect setup fedora core 5 alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_at_myorigin = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = /etc/postfix/local-host-names mynetworks = 192.168.0.0/24 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.2.8/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 --------------------------------- If i add manually my IP 196.40.56.7 to the mynetworks in the main.cf it works but i can't be all day adding the clients Ips and restarting... SMTP_AUTH have to do this work. !!! This is the correct log when the ip was added manually and the message sended ... Nov 28 04:21:26 dominios postfix/smtpd[21532]: connect from unknown[196.40.56.7] Nov 28 04:21:27 dominios postfix/smtpd[21532]: 26EB2D70717: client=unknown[196.40.56.7] Nov 28 04:21:27 dominios postfix/cleanup[21534]: 26EB2D70717: message-id=<000201c712d7$19f00f20$0f00a8c0@adolfo> Nov 28 04:21:27 dominios postfix/qmgr[21525]: 26EB2D70717: from=<[email protected]>, size=1345, nrcpt=1 (queue active) Nov 28 04:21:27 dominios postfix/smtpd[21532]: disconnect from unknown[196.40.56.7] Nov 28 04:21:27 dominios dovecot: pop3-login: Login: user=<web3_xxx>, method=PLAIN, rip=::ffff:196.40.56.7, lip=::ffff:192.168.0.7 Nov 28 04:21:27 dominios dovecot: pop3(web3_xxx): Logout. top=0/0, retr=0/ del=0/0, size=0 Nov 28 04:21:27 dominios postfix/smtp[21528]: 26EB2D70717: to=<[email protected]>, relay=mail.hotmail.com[195.40.56.6], delay=0, status=sent (250 2.0.0 kASAeQDQ030199 Message accepted for delivery) Nov 28 04:21:27 dominios postfix/qmgr[21525]: 26EB2D70717: removed ----------------- Still with the same problem... !!!
Which mailclient are you using? For me it looks like your mailclient does not send authentication informations, as it is logged as unknown: Please try another mailclient like thunderbird to see if the problem is related to the server or client.
Other mail clients have the same Thanks for the hint but no luck yet. I tried with outlook, netscape email and thunderbird with exactly the same results My server require authentication (server login user/pass) is active. Nov 28 04:47:47 dominios postfix/smtpd[22269]: connect from unknown[196.40.56.7] Nov 28 04:47:47 dominios postfix/smtpd[22269]: NOQUEUE: reject: RCPT from unknown[196.40.56.7]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<[adolfo]> Nov 28 04:47:48 dominios postfix/smtpd[22269]: lost connection after RCPT from unknown[196.40.56.7] Nov 28 04:47:48 dominios postfix/smtpd[22269]: disconnect from unknown[196.40.56.7]
Somebody knows why ??? Another clue.... If i try from the same machine... telnet localhost 25 i receive: ------------------------------------------------------- Trying 192.168.0.7... Connected to www.dominiostek.com (192.168.0.7). Escape character is '^]'. 220 dominiostek.com ESMTP Postfix ------------------------------------------------------- but if i try from an external machine telnet dominiostek.com 25 i just saw 220 ***************************** I don't know why ??? Is that ok ??? ------------------------------------------------------- Authenthication looks ok... because people receive emails but nobody can send... (at least i stay all day adding the IP in mynetworks !) I reviewed again the the file /etc/sysconfig/saslauthd has MECH=pam but i saw some forum messages for some people using MECH=shadow. Is that ok ?
Is 200.122.152.12 your server's public IP address? Because that's the IP address that dominiostek.com is pointing to.
Problem Solved. Thanks Yes Falko and thanks for everything.... Hope i can contribute in the ISPConfig soon... maybe with some small php programming to start i have some expertise in php and c i think i have some ideas to add more features soon and share it... I solved the problem yesterday. I deleted all the postfix files main.cf and others and did a fresh postfix reinstall and it is working now. I will try to change this posts to make a small mini-Howto change IP with ISPCONFIG ISPConfig is great... i just saw some small problems by now: 1 - when i delete a user don't delete everything from the mysql database etc.... and cannot create it again with the same name 2 - now it's not updating the named files and virtualusers when creating domains and users... (i am doing that manually) Regards Adolfo Oviedo / Costa Rica http://www.tecni.com
Thats the intended behavoiur ISPConfig has a recycle bin like most modern desktop enviroment (Gnome, KDE, Windows, MacOS). If you empty the recycle bin, the records where removed from the database. Please have a look at the ISPConfig logfile /home/admispconfig/ispconfig/ispconfig.log for errors.
