[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
07/04/2009 at 08:37PM PDT, ID: 24544452
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.0

Can't solve Postfix SMTP/TLS problems

Asked by ktwdallas in Postfix, Email Software, Linux

Tags: postfix smtp mysql TLS error

Okay, I'm really at the end of my rope here. I have a mail server that I have set up which was supposed to be copy of a working machine. This machine runs Dovecot as a mail server and Postfix as an SMTP server. I use MySQL for the account information (and postfixadmin to administer).

The email server (IMAP) works, and I can receive email from the outside just fine. Anyone emails my address, I get the email. What is NOT working is using the server as my outbound SMTP server.

I am using a non-standard port, 2525 to send out, with authentication (obviously so it's not an open relay) and I have an SSL certificate, the same one as my web server.

When I attempt to send, it just times out. No specific error message, just seems to go nowhere and eventually on my mail client (Mac Mail.app in this case) it just comes back with a "can't send".

I can telnet to the server (telnet www.eightounce.com 2525) and it will respond, but then closes the connection when I do a test with ehlo. Files and logs below. I'm baffled. I do see TLS errors in the log file, but I don't know how to start to fix them. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:

main.cf
 
 
# postfix config file eightounce.com
 
# uncomment for debugging if needed
soft_bounce=no
 
# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4
 
# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
 
# network settings
inet_interfaces = all
mydomain = eightounce.com
myhostname = server1.$mydomain
mynetworks = 192.168.0.0/16,
	216.19.0.0/16,
        127.0.0.0/8
mydestination = $myhostname, localhost.$mydomain
#relay_domains = $mydestination
 
#######Changes for MAILMAN
#relay_domains = $mydestination,eightounce.com
#transport_maps = hash:/etc/postfix/transport 
 
message_size_limit = 40960000
 
 
#mailman_destination_recipient_limit = 1
 
# mail delivery
recipient_delimiter = + 
 
# mappings
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases,hash:/etc/postfix/aliases
 
local_recipient_maps = $alias_maps 
 
# virtual setup
virtual_alias_domains = hash:/etc/postfix/virtual_domains
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
 
 
 
virtual_gid_maps = static:89
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_transport = virtual
virtual_uid_maps = static:89
 
# debugging
#debug_peer_level = 1
#debug_peer_list = 127.0.0.1
#debugger_command =
#         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
#         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
#rules restrictions
smtpd_client_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_hostname
 
smtpd_sender_restrictions =
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
 
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain
 
# authentication
smtpd_use_tls = yes
 
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_authenticated_header = yes
smtp_sasl_mechanism_filter = login, plain
 
# tls config
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer =yes
smtp_use_tls = yes
smtpd_use_tls = yes
 
 
smtpd_tls_cert_file = /etc/ssl/eightounce.crt
smtpd_tls_key_file = /etc/ssl/eightounce.key
smtpd_tls_CAfile = /etc/ssl/bundle.crt
 
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_received_header = no
tls_random_source = dev:/dev/urandom
 
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
 
 
master.cf
 
smtp      inet  n       -       n       -       -       smtpd 
smtps     inet  n       -       n       -       -       smtpd -v
	 -o smtpd_sasl_auth_enable=yes
	 -o smtpd_enforce_tls=yes
	 -o smtpd_tls_wrappermode=yes
submission inet n       -       n       -       -       smtpd -v
	 -o smtpd_sasl_auth_enable=yes
	 -o smtpd_enforce_tls=yes
2525     inet   n       -       n       -       -       smtpd -v
	 -o smtpd_sasl_auth_enable=yes
	 -o smtpd_enforce_tls=yes
	 -o smtpd_tls_wrappermode=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
  -o content_filter= 
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
 
 
maillog (-n200)
 
Jul  4 20:28:27 www postfix/smtpd[20245]: warning: TLS library problem: 20245:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:562:
Jul  4 20:28:27 www postfix/smtpd[20245]: match_hostname: S010600226b4ce77a.vc.shawcable.net ~? 192.168.0.0/16
Jul  4 20:28:27 www postfix/smtpd[20245]: match_hostaddr: 96.49.199.117 ~? 192.168.0.0/16
Jul  4 20:28:27 www postfix/smtpd[20245]: match_hostname: S010600226b4ce77a.vc.shawcable.net ~? 216.19.0.0/16
Jul  4 20:28:27 www postfix/smtpd[20245]: match_hostaddr: 96.49.199.117 ~? 216.19.0.0/16
Jul  4 20:28:27 www postfix/smtpd[20245]: match_hostname: S010600226b4ce77a.vc.shawcable.net ~? 127.0.0.0/8
Jul  4 20:28:27 www postfix/smtpd[20245]: match_hostaddr: 96.49.199.117 ~? 127.0.0.0/8
Jul  4 20:28:27 www postfix/smtpd[20245]: match_list_match: S010600226b4ce77a.vc.shawcable.net: no match
Jul  4 20:28:27 www postfix/smtpd[20245]: match_list_match: 96.49.199.117: no match
Jul  4 20:28:27 www postfix/smtpd[20245]: send attr request = disconnect
Jul  4 20:28:27 www postfix/smtpd[20245]: send attr ident = 2525:96.49.199.117
Jul  4 20:28:27 www postfix/smtpd[20245]: private/anvil: wanted attribute: status
Jul  4 20:28:27 www postfix/smtpd[20245]: input attribute name: status
Jul  4 20:28:27 www postfix/smtpd[20245]: input attribute value: 0
Jul  4 20:28:27 www postfix/smtpd[20245]: private/anvil: wanted attribute: (list terminator)
Jul  4 20:28:27 www postfix/smtpd[20245]: input attribute name: (end)
Jul  4 20:28:27 www postfix/smtpd[20245]: lost connection after CONNECT from S010600226b4ce77a.vc.shawcable.net[96.49.199.117]
Jul  4 20:28:27 www postfix/smtpd[20245]: disconnect from S010600226b4ce77a.vc.shawcable.net[96.49.199.117]
Jul  4 20:28:27 www postfix/smtpd[20245]: master_notify: status 1
Jul  4 20:28:27 www postfix/smtpd[20245]: connection closed
Jul  4 20:28:28 www postfix/smtpd[20245]: auto_clnt_close: disconnect private/tlsmgr stream
Jul  4 20:28:43 www postfix/smtpd[20245]: connection established
Jul  4 20:28:43 www postfix/smtpd[20245]: master_notify: status 0
Jul  4 20:28:43 www postfix/smtpd[20245]: name_mask: resource
Jul  4 20:28:43 www postfix/smtpd[20245]: name_mask: software
Jul  4 20:28:43 www postfix/smtpd[20245]: xsasl_cyrus_server_create: SASL service=smtp, realm=server1.eightounce.com
Jul  4 20:28:43 www postfix/smtpd[20245]: name_mask: noanonymous
Jul  4 20:28:43 www postfix/smtpd[20245]: connect from localhost[127.0.0.1]
Jul  4 20:28:43 www postfix/smtpd[20245]: match_list_match: localhost: no match
Jul  4 20:28:43 www postfix/smtpd[20245]: match_list_match: 127.0.0.1: no match
Jul  4 20:28:43 www postfix/smtpd[20245]: match_list_match: localhost: no match
Jul  4 20:28:43 www postfix/smtpd[20245]: match_list_match: 127.0.0.1: no match
Jul  4 20:28:43 www postfix/smtpd[20245]: setting up TLS connection from localhost[127.0.0.1]
Jul  4 20:28:43 www postfix/smtpd[20245]: localhost[127.0.0.1]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Jul  4 20:28:43 www postfix/smtpd[20245]: auto_clnt_open: connected to private/tlsmgr
Jul  4 20:28:43 www postfix/smtpd[20245]: send attr request = seed
Jul  4 20:28:43 www postfix/smtpd[20245]: send attr size = 32
Jul  4 20:28:43 www postfix/smtpd[20245]: private/tlsmgr: wanted attribute: status
Jul  4 20:28:43 www postfix/smtpd[20245]: input attribute name: status
Jul  4 20:28:43 www postfix/smtpd[20245]: input attribute value: 0
Jul  4 20:28:43 www postfix/smtpd[20245]: private/tlsmgr: wanted attribute: seed
Jul  4 20:28:43 www postfix/smtpd[20245]: input attribute name: seed
Jul  4 20:28:43 www postfix/smtpd[20245]: input attribute value: daRlRjHOPU7GEqT4AAE2vPZgUd6lVsb/OFN8FYfwCUQ=
Jul  4 20:28:43 www postfix/smtpd[20245]: private/tlsmgr: wanted attribute: (list terminator)
Jul  4 20:28:43 www postfix/smtpd[20245]: input attribute name: (end)
Jul  4 20:28:43 www postfix/smtpd[20245]: SSL_accept:before/accept initialization
Jul  4 20:28:43 www postfix/smtpd[20245]: read from 004B4CE0 [004C21F8] (11 bytes => -1 (0xFFFFFFFF))
Jul  4 20:28:44 www postfix/smtpd[20245]: read from 004B4CE0 [004C21F8] (11 bytes => 11 (0xB))
Jul  4 20:28:44 www postfix/smtpd[20245]: 0000 65 68 6c 6f 20 6c 6f 63|61 6c 68                 ehlo loc alh
Jul  4 20:28:44 www postfix/smtpd[20245]: SSL_accept:error in SSLv2/v3 read client hello A
Jul  4 20:28:44 www postfix/smtpd[20245]: SSL_accept error from localhost[127.0.0.1]: -1
Jul  4 20:28:44 www postfix/smtpd[20245]: warning: TLS library problem: 20245:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:562:
Jul  4 20:28:44 www postfix/smtpd[20245]: match_hostname: localhost ~? 192.168.0.0/16
Jul  4 20:28:44 www postfix/smtpd[20245]: match_hostaddr: 127.0.0.1 ~? 192.168.0.0/16
Jul  4 20:28:44 www postfix/smtpd[20245]: match_hostname: localhost ~? 216.19.0.0/16
Jul  4 20:28:44 www postfix/smtpd[20245]: match_hostaddr: 127.0.0.1 ~? 216.19.0.0/16
Jul  4 20:28:44 www postfix/smtpd[20245]: match_hostname: localhost ~? 127.0.0.0/8
Jul  4 20:28:44 www postfix/smtpd[20245]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
Jul  4 20:28:44 www postfix/smtpd[20245]: lost connection after CONNECT from localhost[127.0.0.1]
Jul  4 20:28:44 www postfix/smtpd[20245]: disconnect from localhost[127.0.0.1]
Jul  4 20:28:44 www postfix/smtpd[20245]: master_notify: status 1
Jul  4 20:28:44 www postfix/smtpd[20245]: connection closed
Jul  4 20:28:48 www postfix/smtpd[20245]: auto_clnt_close: disconnect private/tlsmgr stream
Jul  4 20:29:13 www postfix/smtpd[20285]: warning: database /etc/aliases.db is older than source file /etc/aliases
Jul  4 20:29:13 www postfix/smtpd[20285]: initializing the server-side TLS engine
Jul  4 20:29:13 www postfix/smtpd[20285]: connect from k2smtpout01-01.prod.mesa1.secureserver.net[64.202.189.88]
Jul  4 20:29:13 www postfix/smtpd[20285]: DF7E7412001: client=k2smtpout01-01.prod.mesa1.secureserver.net[64.202.189.88]
Jul  4 20:29:13 www postfix/cleanup[20289]: DF7E7412001: message-id=<2703D51A-BE39-4C17-9AEF-FEFDB236BB2E@eightounce.com>
Jul  4 20:29:14 www postfix/qmgr[6302]: DF7E7412001: from=<kris.white@eightounce.com>, size=1147, nrcpt=1 (queue active)
Jul  4 20:29:14 www postfix/smtpd[20285]: disconnect from k2smtpout01-01.prod.mesa1.secureserver.net[64.202.189.88]
Jul  4 20:29:14 www postfix/virtual[20291]: DF7E7412001: to=<kris.white@eightounce.com>, relay=virtual, delay=0.34, delays=0.26/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Jul  4 20:29:14 www postfix/qmgr[6302]: DF7E7412001: removed
Jul  4 20:29:20 www postfix/smtpd[20285]: connect from k2smtpout04-01.prod.mesa1.secureserver.net[64.202.189.166]
Jul  4 20:29:20 www postfix/smtpd[20285]: 857D8412001: client=k2smtpout04-01.prod.mesa1.secureserver.net[64.202.189.166]
Jul  4 20:29:20 www postfix/cleanup[20289]: 857D8412001: message-id=<E9E5686B-A900-4D04-9EED-72C96F5B1184@eightounce.com>
Jul  4 20:29:20 www postfix/qmgr[6302]: 857D8412001: from=<kris.white@eightounce.com>, size=1147, nrcpt=1 (queue active)
Jul  4 20:29:20 www postfix/smtpd[20285]: disconnect from k2smtpout04-01.prod.mesa1.secureserver.net[64.202.189.166]
Jul  4 20:29:20 www postfix/virtual[20291]: 857D8412001: to=<kris.white@eightounce.com>, relay=virtual, delay=0.24, delays=0.19/0/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Jul  4 20:29:20 www postfix/qmgr[6302]: 857D8412001: removed
Jul  4 20:30:24 www postfix/smtpd[20245]: idle timeout -- exiting
Jul  4 20:32:40 www postfix/anvil[20246]: statistics: max connection rate 1/60s for (smtp:64.202.189.88) at Jul  4 20:29:13
Jul  4 20:32:40 www postfix/anvil[20246]: statistics: max connection count 1 for (smtp:64.202.189.88) at Jul  4 20:29:13
Jul  4 20:32:40 www postfix/anvil[20246]: statistics: max cache size 2 at Jul  4 20:29:20
 
Keywords: Can't solve Postfix SMTP/TLS problems
Title
1 setup centos5/postfix/dovecot pro…
2 Server for small office
3 Setting up a mail server and configurin…
4 Cyrus Imap - FC3
 
Loading Advertisement...
 
[+][-]07/06/09 01:55 AM, ID: 24783500

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/06/09 02:07 AM, ID: 24783541

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/06/09 10:23 AM, ID: 24787307

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/07/09 08:01 AM, ID: 24794825

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Postfix, Email Software, Linux
Tags: postfix smtp mysql TLS error
Sign Up Now!
Solution Provided By: martino87r
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20090824-EE-VQP-74 - Hierarchy / EE_QW_3_20090701_SELECT_ZONES