Good morning for everyone! I have a behavior than I can not solved in a server with (Ubuntu 12.04.5 LTS (Precise Pangolin)) ISPConfig 3.0.5.4p5. The server has every service (web, panel, mail, dns, db). The behavior occurs specifically for the mail server when trying to connect via webmail (roundcube and squierrelmail) and email clients like thunderbird and outlook. When the squirrelmail trying to access e gives the following error: 530 5.7.0 Must issue a STARTTLS command first When I configured the roundcube in the following ways: SMTP SSL (465), SMTP STARTTLS (587) and SMTP (25) and IMAP (143) and IMAPS (993). None of the above let me enter the account and does not show me any error. When I set up thunderbird imap smtp port 25 and port 143, I can download the mails, but when I try to send an email, repeats the error: 530 5.7.0 Must issue a STARTTLS command first When I set up thunderbird STARTTLS SMTP imap port 587 and port 143, I can download the mail but when I try to send an email, I get the error that I can not connect to the server. (The port 587 is allowed in both firewalls, server and border) The only way I could send mail from thunderbird is with SSL SMTPS (465). I already check the configuration of the master.cf and main.cf file server problems, I will compare with files from other mail servers that have it running and are practically identical in configuration. I tried to disable STARTTLS configuration with the following parameters and restart the postfix service but continued behavior, that is I can not connect from squirrelmail or roundcube and I can not send mails without SSL. smtp_use_tls = no smtpd_use_tls = no smtp_tls_security_level = may smtpd_tls_security_level = may If anyone has any idea about how to resolve this behavior is the greatly appreciate it. I will do several tests more and I will attach the logs.
Post the /etc/postfix/master.cf file and check the roundcube config to ensure the the smpt server is set to "localhost".
I think there is an email client setting that must be checked, at outgoing - server requires authentication.
Good Morning This is the main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = meproispc1.meprosa.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = meproispc1.meprosa.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 31457280
This is the roundcube config.php <?php /* Local configuration for Roundcube Webmail */ // ---------------------------------- // SQL DATABASE // ---------------------------------- // Database connection string (DSN) for read+write operations // Format (compatible with PEAR MDB2): db_provider://userassword@host/database // Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv // For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php // NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646' $config['db_dsnw'] = 'mysql://rcmaildbu:XXXXX@localhost/roundcubedb'; // ---------------------------------- // IMAP // ---------------------------------- // The mail host chosen to perform the log-in. // Leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // Supported replacement variables: // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %t = domain.tld // WARNING: After hostname change update of mail_host column in users table is // required to match old user data records with the new host. $config['default_host'] = 'tls://meproispc1.meprosa.com'; // TCP port used for IMAP connections $config['default_port'] = 587; // IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use // best server supported one) $config['imap_auth_type'] = 'LOGIN'; // ---------------------------------- // SMTP // ---------------------------------- // SMTP server host (for sending mails). // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // If left blank, the PHP mail() function is used // Supported replacement variables: // %h - user's IMAP hostname // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %t = domain.tld $config['smtp_server'] = 'ssl://meproispc1.meprosa.com'; // SMTP port (default is 25; use 587 for STARTTLS or 465 for the // deprecated SSL over SMTP (aka SMTPS)) $config['smtp_port'] = 465; // SMTP username (if required) if you use %u as the username Roundcube // will use the current username for login $config['smtp_user'] = '%u'; // SMTP password (if required) if you use %p as the password Roundcube // will use the current user's password for login $config['smtp_pass'] = '%p'; // SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use // best server supported one) $config['smtp_auth_type'] = 'LOGIN'; // provide an URL where a user can get support for this Roundcube installation // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! $config['support_url'] = ''; // automatically create a new Roundcube user when log-in the first time. // a new user will be created once the IMAP login succeeds. // set to false if only registered users can use this service $config['auto_create_user'] = false; // use this folder to store log files // must be writeable for the user who runs PHP process (Apache user if mod_php is being used) // This is used by the 'file' log driver. $config['log_dir'] = '/var/www/roundcube/logs/'; // use this folder to store temp files // must be writeable for the user who runs PHP process (Apache user if mod_php is being used) $config['temp_dir'] = '/var/www/roundcube/temp/'; // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. $config['des_key'] = 'R9?t&S+UR++w$PCsJKK&&Pig'; // ---------------------------------- // PLUGINS // ---------------------------------- // List of active plugins (in plugins/ directory) $config['plugins'] = array('jqueryui', 'zipdownload'); // the default locale setting (leave empty for auto-detection) // RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR $config['language'] = 'es_ES'; // compose html formatted messages by default // 0 - never, 1 - always, 2 - on reply to HTML message, 3 - on forward or reply to HTML message $config['htmleditor'] = 1;
Hi Till, I change the config fail name servers to localhost, but I have the same error... this is the log that I get when I try to login in roundcube: Apr 27 08:50:01 meproispc1 postfix/submission/smtpd[10164]: connect from localhost[127.0.0.1] Apr 27 08:50:01 meproispc1 postfix/submission/smtpd[10164]: lost connection after CONNECT from localhost[127.0.0.1] Apr 27 08:50:01 meproispc1 postfix/submission/smtpd[10164]: disconnect from localhost[127.0.0.1] Apr 27 08:50:01 meproispc1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured Apr 27 08:50:01 meproispc1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured Apr 27 08:50:01 meproispc1 postfix/submission/smtpd[10164]: connect from localhost[127.0.0.1] Apr 27 08:50:01 meproispc1 postfix/submission/smtpd[10164]: lost connection after CONNECT from localhost[127.0.0.1] Apr 27 08:50:01 meproispc1 postfix/submission/smtpd[10164]: disconnect from localhost[127.0.0.1] Apr 27 08:50:02 meproispc1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured Apr 27 08:50:02 meproispc1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured Apr 27 08:51:01 meproispc1 postfix/submission/smtpd[10164]: connect from localhost[127.0.0.1] Apr 27 08:51:01 meproispc1 postfix/submission/smtpd[10164]: lost connection after CONNECT from localhost[127.0.0.1] Apr 27 08:51:01 meproispc1 postfix/submission/smtpd[10164]: disconnect from localhost[127.0.0.1] Apr 27 08:51:01 meproispc1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured Apr 27 08:51:01 meproispc1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Hi Till This is the master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy #submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
Till already it is working. It works both sending thunderbird and outlook for ports 25 and 587. Squierrelmail and Rouncube still give the mailbox access error. I will have to review more in detail the configuration files and logs for achieving found. At the moment I find the reason for the failure roundcube, I'll post it.
Hi Till Now I check if roundcube configuration, to check authentication for missing mail server and the same is present. Now the strange thing is that I did a test, riding a roundcube on my own machine with the database on my machine and also the connection to the server that has all ispconfig services. The result is that from my machine run the roundcube me perfectly, and I could go and delete e-mail send and receive. After the test on my machine, I fully migrated roundcube running on my machine and put it on the server but not worked. Note: I did not migrate to the server, the database roundcube from my machine. This is very rare. Anyone there will be some similar case happened? Note: when installing roundcube, I have the option to try sending, and IMAP connection. Strangely on the server if those tests work, but the login to the roundcube as such no.
