Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Wheez

G'day

Firstly, love you work Falko.

Last week while rebuilding my machine, I accidently formatted the disk that my VM's were on so I had to completely rebuild. I chose Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Wheezy) howto and followed it word by word.

At completion, I logged into Squirrel and there were already emails arriving. Things were looking good, but unfortunately, that is as far as I have been able to get.

I can log into squirrel from inside and external to my network, and see emails without issue. I couldn't send last night at home but have been able to today from external.

The real pain is, I can't set up the email accounts on my phones, tabs or computer. I suspect my ISP or modem don't like the new server settings, but have no idea why or how to go about fixing them.

Any help would be greatly appreciated.

Cheers

Champs

 

Had you checked that all ports needed are open on Server, Router etc. and also on any used Firewall? Check from external if Port 25, 143, 465, 587 are open.

 

Quaxth

The forwarding rules on my modem hadn't changed, but I ducked home and added the other ports you mentioned that were not already done and mail started flowing.

Unfortunately, this has not resolved the issue of being able to send mail out to mail addresses not on my server.

Transaction failed554 5.7.1 <[email protected]>: Relay access denied

 

Did you use an SMTP Relay server for to send Mail? If so, that Relay server may need authentication! Many ISP's didn't providing Free SMTP Server's and even blocking Port 25 or other.

To find out the SMTP Relay Server is open, means no need authentication, you could use the following website: http://www.mydnstools.info/smtprelay

Place the full SMTP Server address, like mail.mydomain.com, in the search box and see what happen. If the Server is an Open Relay server, the result will shown as OK. If not, it could mention need authentication or others.

It's worth to test, me think!

 

Still getting Relay access denied.

The website that you posted came back with the same thing....Relay access denied

 

That's what I expected!

So, now tell WHERE is that SMTP Server located? On your Server? Means an internal, from ISOConfig running SMTP or a Relay SMTP Server from some ISP?

 

It's on my server, but I am not running ISPConfig

 

So, you say that the Relay is on your own Server?! In that case you limit yourself.

Start checking all Mail and Firewall related settings. You have to open the required ports to public. If you didn't do that, your mail wont work!

Beside of open the ports and ad exceptions to the Firewall, you need also to key in the authentication data, means Username and Password for the SMTP Relay.

And as long as you didn't explain what system etc. you've running and how it were setup etc. others maybe have the same problem to help you.

 

Umm... OK

Don't know how I can be more specific about the set up than the subject title of this thread. But here goes....

It set up word for word as per the Howto.

http://www.howtoforge.com/virtual-u...-courier-mysql-and-squirrelmail-debian-wheezy

As for the settings, if I knew that much about the settings, I wouldn't need to ask for help.

Basically, the only thing I can think of is that I have cut and paste a command out of the how to but neglected to change the mydomain.com.tld to my real domain name or something like that.

But because I don't know what is triggering the Relay Access Denied, I don't know what config file to look for to find the issue.

If someone knows this how to, and understands what triggers the Relay Access Denied, can they point me in the right direction.

Cheers

 

Please have a look in the following files first:
/etc/mailname
/etc/hostname
/etc/postfix/main.cf

 

server.2sog.com

server

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server.2sog.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server.2sog.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mys$
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, re$
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_lim$
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota$
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $vir$
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

I noticed that relayhost is blank..... Is that my issue?

 

No

Ok, I read the whole thread again.
It seems that you either missed setting up smtp authentication (trying to send mails without username/password is not permitted in this configuration - and should not be due to security reasons) or your smtp authentication daemon does not work correctly.

Doublecheck your phone's settings that you did enter smtp auth credentials and not only imap.

 

Hostname should be the same as Mail name and vice versa! So in your coase they both should be server.2sog.com

In main.cf you didn't gave any Relay set! There should be the name of the SMTP server your using.

You may could use the SMTP of your ISP, for to test all other settings are correct and you could send Mail. For to find out your ISP's SMTP is an open relay, test that with MyDNSTools.

What Firewall you're using? if you use Bastille, check /etc/bastille/bastille-firewall.cfg! There shuld some line like this:

Code:

TCP_PUBLIC_SERVICES="20 21 22 25 53 80 110 143 443 993 995 3306 8081 8088 10000"                                        # MINIMAL/SAFEST
UDP_PUBLIC_SERVICES="53 3306"                                        # MINIMAL/SAFEST
TCP_INTERNAL_SERVICES=""                                # MINIMAL/SAFEST
UDP_INTERNAL_SERVICES=""                                # MINIMAL/SAFEST

Under TCP_PUBLIC_SERVICES are all TCP port which should be open and the same applies for UDP_PUBLIC_SERVICES where should be at lest "53 3306"

 

Croyden

It's not just my phone. My Icedove (thunderbird) and the Squirrelmail web inteface refuse to send as well.

Code:

Sending of message failed.
The message could not be sent because connecting to SMTP server smtp.2sog.com failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server settings are correct and try again, or contact the server administrator.

Quaxth

I changed my email client on my desktop to use my ISP's SMTP server and it sent straight away.

I'm not using a seperate firwall. The modem works well enough for me, but you appear to have more open ports than I do

 

What is the output of your "lsof -i" ?

 

Code:

root@server:~# lsof -i
COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind   1647     root    6u  IPv4   5016      0t0  UDP *:sunrpc 
rpcbind   1647     root    7u  IPv4   5019      0t0  UDP *:974 
rpcbind   1647     root    8u  IPv4   5020      0t0  TCP *:sunrpc (LISTEN)
rpcbind   1647     root    9u  IPv6   5023      0t0  UDP *:sunrpc 
rpcbind   1647     root   10u  IPv6   5026      0t0  UDP *:974 
rpcbind   1647     root   11u  IPv6   5027      0t0  TCP *:sunrpc (LISTEN)
rpc.statd 1678    statd    4w  IPv4   5074      0t0  UDP localhost:1006 
rpc.statd 1678    statd    7u  IPv4   5081      0t0  UDP *:43469 
rpc.statd 1678    statd    8u  IPv4   5085      0t0  TCP *:49082 (LISTEN)
rpc.statd 1678    statd    9u  IPv6   5089      0t0  UDP *:52990 
rpc.statd 1678    statd   10u  IPv6   5093      0t0  TCP *:51442 (LISTEN)
/usr/sbin 2145   amavis    5u  IPv4   5511      0t0  TCP localhost:10024 (LISTEN)
apache2   2165     root    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
apache2   2314 www-data    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
apache2   2315 www-data    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
apache2   2316 www-data    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
apache2   2317 www-data    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
apache2   2318 www-data    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
couriertc 2649     root    3u  IPv6   6085      0t0  TCP *:imap2 (LISTEN)
couriertc 2689     root    3u  IPv6   6111      0t0  TCP *:imaps (LISTEN)
couriertc 2714     root    3u  IPv6   6136      0t0  TCP *:pop3 (LISTEN)
couriertc 2729     root    3u  IPv6   6166      0t0  TCP *:pop3s (LISTEN)
mysqld    3134    mysql   10u  IPv4   6515      0t0  TCP localhost:mysql (LISTEN)
sshd      3181     root    3u  IPv4   6502      0t0  TCP *:ssh (LISTEN)
sshd      3181     root    4u  IPv6   6504      0t0  TCP *:ssh (LISTEN)
master    3443     root   12u  IPv4   7120      0t0  TCP *:smtp (LISTEN)
master    3443     root   13u  IPv6   7122      0t0  TCP *:smtp (LISTEN)
master    3443     root  107u  IPv4   7217      0t0  TCP localhost:10025 (LISTEN)
apache2   4307 www-data    4u  IPv6   5543      0t0  TCP *:http (LISTEN)
/usr/sbin 4362   amavis    5u  IPv4   5511      0t0  TCP localhost:10024 (LISTEN)
/usr/sbin 4362   amavis   11u  IPv4  16184      0t0  TCP localhost:59520->localhost:10025 (CLOSE_WAIT)
/usr/sbin 4415   amavis    5u  IPv4   5511      0t0  TCP localhost:10024 (LISTEN)
/usr/sbin 4415   amavis   11u  IPv4  17175      0t0  TCP localhost:59540->localhost:10025 (ESTABLISHED)
sshd      4453     root    3r  IPv4  16372      0t0  TCP server.BigPond:ssh->192.168.1.4:35431 (ESTABLISHED)
smtpd     4571  postfix    6u  IPv4   7120      0t0  TCP *:smtp (LISTEN)
smtpd     4571  postfix    7u  IPv6   7122      0t0  TCP *:smtp (LISTEN)
smtpd     4583  postfix    6u  IPv4   7217      0t0  TCP localhost:10025 (LISTEN)
smtpd     4583  postfix   14u  IPv4  17190      0t0  TCP localhost:10025->localhost:59540 (ESTABLISHED)

 

Your Desktop isn't your Server!

The open ports I using are those I need to have open. It's depend on the Applications etc. what I using.In total If more that 70 Ports open on my LAN, means all computer running on my LAN.

I'm not a Linux Specialist or expert, so some I tell could be wrong. Working with different servers over quite q bit of years, incl. IBM AS400 and RISC Machines. PC wise it's mainly Microsoft Servers. With Mail Servers I'm quite OK and have no problems on Windows PC.

But I'll wait what Croydon found out.

 

Ok Next one.

What's the output of
iptables -L -n

And just to check: are you sure, that your mail clients (thunderbird or phone) are set up to use port 25 and do not try to use port 587 (which is quite common) or SSL-enabled ports?
I do not see any listening smtps port, so if your mail client enabled ssl by default... might malfunction.

 

Code:

root@server:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

And then I checked the smtp settings......... so stupid.

My old mail server used 587 so I never thought twice about the old settings.

Thank you both for your help. Sorry that I took your time for something so silly

Cheers

Champs

 

That's why also told you re-check your settings!

Anyway, hope all is working now for you and you could send and receive mail with no more problems. Not forget to backup all imported files or even the whole system after all is working.

I just clone the whole HDD to an other. It just need 30min to copy the whole working system back if anything goes wrong or the HDD fails. And that's just an "extra" while I also use RAID1 mirroring too. Just to be on the secure and sure site!