Hi all, I had to quickly move servers, so did a fresh install of ispconfig2 on a new centos 6.4 box, since I did not have time to learn ispconfig3 and move all 180 sites. Install went fine, then using this thread http://www.howtoforge.com/forums/showthread.php?t=2717&highlight=move+ispconfig&page=19 we moved the server over. All went well with the exception of smtp is now only working on port 25, and for the life of me I can not figure out why 465 & 587 are not working. Now looking into things, yum installed Dovecot 2.0.9 which may be my issue but running only shows So not sure if I should revert back, old server was running dovecot 1.0.7 or if there is another work around. thanks, Mike
More information nobody have any ideas? I see over 50 of you have looked...... Here is my postfix and dovecot configs to see if anyone sees anything glaring wrong. postfix main.cf ( alter/masked domain and ip ) Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.6/samples readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination mynetworks = 127.0.0.0/8,xx.xx.xx.xx/28 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom myhostname = host01.mydomain.com home_mailbox = Maildir/ mailbox_command = virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names master.cf Code: smtp inet n - n - - smtpd smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient dovecot.conf Code: protocols = imap pop3 dict { } !include conf.d/*.conf I've also included all the dovecot/conf.d files uncommented lines. Code: 10-auth.conf:disable_plaintext_auth = no 10-auth.conf:auth_mechanisms = plain 10-auth.conf:!include auth-system.conf.ext 10-director.conf:service director { 10-director.conf: unix_listener login/director { 10-director.conf: } 10-director.conf: fifo_listener login/proxy-notify { 10-director.conf: } 10-director.conf: unix_listener director-userdb { 10-director.conf: } 10-director.conf: inet_listener { 10-director.conf: } 10-director.conf:} 10-director.conf:service imap-login { 10-director.conf:} 10-director.conf:service pop3-login { 10-director.conf:} 10-director.conf:protocol lmtp { 10-director.conf:} 10-logging.conf:plugin { 10-logging.conf:} 10-mail.conf:mail_location = maildir:~/Maildir 10-mail.conf:mbox_write_locks = fcntl 10-master.conf:service imap-login { 10-master.conf: inet_listener imap { 10-master.conf: } 10-master.conf: inet_listener imaps { 10-master.conf: } 10-master.conf:} 10-master.conf:service pop3-login { 10-master.conf: inet_listener pop3 { 10-master.conf: } 10-master.conf: inet_listener pop3s { 10-master.conf: } 10-master.conf:} 10-master.conf:service lmtp { 10-master.conf: unix_listener lmtp { 10-master.conf: } 10-master.conf:} 10-master.conf:service imap { 10-master.conf:} 10-master.conf:service pop3 { 10-master.conf:} 10-master.conf:service auth { 10-master.conf: unix_listener auth-userdb { 10-master.conf: } 10-master.conf:} 10-master.conf:service auth-worker { 10-master.conf:} 10-master.conf:service dict { 10-master.conf: unix_listener dict { 10-master.conf: } 10-master.conf:} 10-ssl.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem 10-ssl.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem 15-lda.conf:protocol lda { 15-lda.conf:} 20-imap.conf:protocol imap { 20-imap.conf:} 20-lmtp.conf:protocol lmtp { 20-lmtp.conf:} 20-pop3.conf:protocol pop3 { 20-pop3.conf:} 90-acl.conf:plugin { 90-acl.conf:} 90-acl.conf:plugin { 90-acl.conf:} 90-plugin.conf:plugin { 90-plugin.conf:} 90-quota.conf:plugin { 90-quota.conf:} 90-quota.conf:plugin { 90-quota.conf:} 90-quota.conf:plugin { 90-quota.conf:} 90-quota.conf:plugin { 90-quota.conf:} dovecot-new.conf:disable_plaintext_auth = no dovecot-new.conf:mail_location = maildir:~/Maildir dovecot-new.conf:mbox_write_locks = fcntl dovecot-new.conf:passdb { dovecot-new.conf: driver = pam dovecot-new.conf:} dovecot-new.conf:protocols = imap pop3 dovecot-new.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem dovecot-new.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem dovecot-new.conf:userdb { dovecot-new.conf: driver = passwd dovecot-new.conf:} Again, any help would be appreciated. Mike
Those ports can be configured in /etc/postfix/master.cf. Dovecot has nothing to do with this. Can you post your full master.cf?
Here is my master.cf Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_sasl_type=dovecot # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} Thanks
Please uncomment the following lines as well and restart Postfix: Code: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot
Hi Falko, Did the change restarted postfix and no change. I can still connect using port 25 w TLS but not to 465 or 587. Firewall is not blocking them either. Stumped.
Falko, Here is the results: Code: iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere loopback/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- base-address.mcast.net/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (10 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:81 PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:ndmp ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-SSH (0 references) target prot opt source destination RETURN all -- anywhere anywhere Code: # selinuxenabled && echo enabled || echo disabled disabled # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. #SELINUX=enforcing SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted Thanks, Mike