Follow meSMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers.
Thanks to the new SASL support in Dovecot 1.0 and the new Dovecot SASL support in Postfix 2.3, setting up SMTP authentication is now easier. Instead of setting up two separate authentication for Postfix and Dovecot, we can now just setup the authentication in Dovecot and just let Postfix talk to Dovecot.
Configure Postfix and Dovecot
auth default {
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
mechanisms = plain login
}
If you are using Ubuntu, edit /etc/dovecot/dovecot.conf.
2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
3. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix.Test Postfix
In a Terminal window, type in the highlighted commands below.Sample postfix session
[root@mail ~]# telnet mail smtp
Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.
Trying 192.168.0.1...
Connected to mail.acme.local (192.168.0.1).
Escape character is '^]'.
220 mail.acme.local ESMTP Postfix
ehlo localhost
250-mail.acme.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Note the new 250-AUTH lines. See the old SMTP Telnet Test.
mail from:<johndoe> 250 2.1.0 Ok rcpt to:<test@example.com> 554 5.7.1 <test@example.com>: Relay access denied
It works, now to check if we can send it after authenticating.
auth plain AGpvaG5kb2UAcGFzc3dvcmQ= 235 2.0.0 Authentication successful rcpt to:<test@example.com> 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
You can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside.
The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form below.
If you encounter any problems, check the log file at /var/log/maillog (mail.log in Ubuntu).
Visit the forum to ask for help or to give a comment.
***
Posted on 4/13/2008 and last updated on 9/13/2011
Filed under CentOS 5 , Dovecot , Postfix , Red Hat Enterprise Linux 5 , SASL , Ubuntu 10.04
April 16th, 2008 at 4:12 pm
Hi,
Is this a new addition to the guide? I didn’t encounter this in the original article I followed. Anyway, I encountered a problem. My logs show this:
Apr 16 23:58:36 mail2 postfix/smtpd[7419]: warning: SASL: Connect to private/auth failed: No such file or directory
Apr 16 23:58:36 mail2 postfix/smtpd[7419]: fatal: no SASL authentication mechanisms
Apr 16 23:58:37 mail2 postfix/master[7345]: warning: process /usr/libexec/postfix/smtpd pid 7419 exit status 1
Apr 16 23:58:37 mail2 postfix/master[7345]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
I think this has something to do with missing SASL Libraries perhaps?
By the way, using CentOS 5.1
April 16th, 2008 at 4:36 pm
Here are my packages after doing rpm -qa | grep sasl:
cyrus-sasl-ldap-2.1.22-4
cyrus-sasl-plain-2.1.22-4
gnu-crypto-sasl-jdk1.4-2.1.0-2jpp.1
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-ntlm-2.1.22-4
Is there anything that I missed to install?
April 17th, 2008 at 4:32 am
It looks like your Postfix does not have SASL capabilities compiled in it. Make sure you include SASL in your build option or download my prebuilt Postfix RPM packages.
April 17th, 2008 at 9:53 am
I downloaded the package but still no go. How will I know if the postfix version I installed has the SASL capabilities?
April 17th, 2008 at 3:06 pm
Type in postcont -a in a terminal window. It will return the SASL support compiled in it.
April 25th, 2008 at 7:34 am
Hi,
Im following your guide and installed postix,dovecot but when testing I encountered the following error:
#telnet localhost smtp
#Trying 127.0.0.1…
#Connected to localhost.localdomain (127.0.0.1).
#Escape character is ‘^]’.
#Connection closed by foreign host.
This is after I configured postfix and dovecot for SMTP and SASL.
Any clue on what is the problem?
April 25th, 2008 at 8:05 am
Please check the log file at /var/log/maillog. It will show you why it terminated immediately.
April 25th, 2008 at 8:34 am
Thanks for the reply…
It logged the following errors:
warning: SASL: Connect to private/auth failed: No such file or directory
fatal: no SASL authentication mechanisms
warning: process /usr/libexec/postfix/smtpd pid 25194 exit status 1
warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Does this mean I don’t have SASL installed?
April 25th, 2008 at 8:45 am
I have postfix 2.3.3-2 package installed and it seemed that this version has SMTP AUTH (SASL) support.
Im using Centos 5.1
April 25th, 2008 at 2:25 pm
1. In your dovecot.conf, make sure you have the lines below.
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
2. Restart dovecot
3. Check if /var/spool/postfix/private/auth is created
type in ls -l /var/spool/postfix/private/auth to confirm.
Dovecot is the one that creates this file
4. Did you touch the queue_directory in Postfix?
queue_directory = /var/spool/postfix
If yes, update the path in dovecot.conf and try again.
April 28th, 2008 at 1:04 am
Hi there,
I followed the steps you suggested above but /var/spool/postfix/private/auth is not created… I also did not touch the queue_directory in postfix…
Thanks for the reply…
April 28th, 2008 at 1:15 am
Just got it working… It seemed that I was missing a bracket in my dovecot config… Thanks for the help…
April 28th, 2008 at 1:39 am
There is still a problem in connecting to localhost… It will just return an error:
#telnet localhost smtp
#trying 127.0.0.1…
#Connected to localhost.localdomain(127.0.0.1).
#Escape character is ‘^]’
#421 4.4.2 localhost.localdomain Error: Timeout exceeded..
My maillog says:
#warning: database /etc/aliases.db is older than source file /etc/aliases
#localhost postfix/smtpd[3469]: connect from #localhost.localdomain[127.0.0.1]
#localhost postfix/smtpd[3469]: timeout after CONNECT from localhost.localdomain[127.0.0.1]
#localhost postfix/smtpd[3469]: disconnect from #localhost.localdomain[127.0.0.1]
April 28th, 2008 at 6:06 am
Type in newaliases to recreate the aliases.db file
April 30th, 2008 at 9:50 am
Why is it that I can’t connect to my machine if I use
the name of my machine instead of localhost on this command.
#telnet mymachine smtp
It says:
telnet: Connect to address x.x.x.x: Connection Refused
telnet: Unable to connect to remote host: Connection Refused
April 30th, 2008 at 9:59 am
Why is it that i can’t connect to my machine when i use the name of my machine.
#telnet mymachine smtp
It says:
telnet: Unable to connect to address x.x.x.x: Connection Refused
telnet: Unable to connect to remote host: Connection Refused
April 30th, 2008 at 11:23 am
1. Are you sure Postfix is running? Try service postfix status
2. Can you connect to the localhost? Try telnet localhost smtp
3. Is Postfix listening to all available network interfaces? Check the /etc/postfix/main.cf and make sure inet_interfaces = all
May 5th, 2008 at 2:04 am
Hi,
So far so good except when I get to:
——
rcpt to: test@domain.local
554 5.7.1 : Relay access denied
——
I get a 250 2.1.5 Ok instead if Relay access denied.
What am I missing? Thanks!
May 5th, 2008 at 2:09 am
This is I get when I type in “ehlo host”
——
250-mbox.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
——
I noticed that I only have:
250-AUTH PLAIN
250-AUTH=PLAIN
instead of
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
Could this be an issue?
May 5th, 2008 at 2:09 am
Double check that you are not connecting to localhost or 127.0.0.1. localhost is a trusted IP so the test will not fail.
May 5th, 2008 at 2:25 am
> I noticed that I only have:
> 250-AUTH PLAIN
> 250-AUTH=PLAIN
> Could this be an issue?
Yes if you will be using Outlook/Outlook Express since either one does not support plain authentication. I’ve discovered that the dovecot.conf in CentOS 5.1 is different from CentOS 5.0. Please review my guide above, I’ve revised the instructions for 5.1 users.
May 24th, 2008 at 8:24 am
I have the “missing auth” figured out. The problem isn’t that the correct support is missing (it’s all there), the problem is that the based upon the installation instructions above the dovecot socket for authentication can’t be created.
The /var/spool/postfix/private directory is owned by postfix with 700 permissions. Dovecot does NOT run as postfix. Thus, when dovecot tries to startup, it cannot create the auth socket you’re telling it to and thus postfix has no where to auth.
At this point i’ve gone in and made the private diretory 777 permissions. It’s a cheap way for me to test it out and it works (the socket gets created). Anyone have a more creative way to fix the permisions issue?
–Doug
May 24th, 2008 at 8:50 am
auth default {
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
mechanisms = plain login
}
The highlighted lines above enables dovecot to write to the /var/spool/postfix directory. My guess is that your dovecot is not running as root which prevents it from becoming the user postfix. Check which user is used for the dovecot process, the default is root.
auth default {
.
.
.
user = root
.
.
.
}
May 30th, 2008 at 4:05 am
[root@orion etc]# /etc/init.d/dovecot restart
Stopping Dovecot Imap: [FAILED]
Starting Dovecot Imap: Error: Error in configuration file /etc/dovecot.conf line 736: Unknown setting: mechanisms
May 30th, 2008 at 1:12 pm
Please ensure that mechanism is inside auth default
auth default {
mechanisms = plain login
.
.
.
}
May 31st, 2008 at 4:30 am
hi, how can i configure a localhost can send email outside the network…thnx
May 31st, 2008 at 4:55 am
The IP address of localhost is 127.0.0.1 which is a trusted address so it should be able to send outside the network.
May 31st, 2008 at 5:39 am
Starting Dovecot Imap: Error: Error in configuration file /etc/dovecot.conf line 773: Unknown section type
Line 773 = passdb pam {
May 31st, 2008 at 5:47 am
Check the open and closing brackets, there could be an unpaired bracket.
auth default { . . . socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } mechanisms = plain login . . . passdb pam { . . . } }June 15th, 2008 at 10:36 pm
Went through all of the instructions but cannot get one email address to work. Sales sends all mail to root. How would i fix this issue?
June 15th, 2008 at 11:56 pm
There is a default set of predefined email addresses required by RFC 822 and RFC 2124. These email addresses are defined in /etc/aliases. Edit the aliases file then type in newaliases to update the aliases database file then restart Postfix or MailScanner to immediately effect the changes.
July 9th, 2008 at 4:21 pm
i did as your instructions in setting up postfix smtp authentication and devcot sasl, when testing the postfix the auth plain and base64 encode value i get 535 5.7.0 Error: authentication failed:
maillog shows this:
Jul 9 04:08:53 afl postfix/smtpd[21802]: NOQUEUE: reject: RCPT from unknown[10.1.0.1]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Jul 9 04:09:33 afl postfix/smtpd[21802]: warning: unknown[10.1.0.1]: SASL plain authentication failed:
Please advise……
thanks
July 10th, 2008 at 3:28 pm
I followed the directions and have the two new 250-AUTH lines but when I test the authentication, I never get the Relay access denied. I get the following
mail from: johndoe
250 2.1.0 Ok
rcpt to: test@domain.local
250 2.1.5 Ok
ANy ideas as to what I am doing wrong?
July 10th, 2008 at 3:38 pm
That usually happens when you connect to 127.0.0.1 or localhost which is a trusted connection.
July 10th, 2008 at 3:45 pm
Jul 9 04:09:33 afl postfix/smtpd[21802]: warning: unknown[10.1.0.1]: SASL plain authentication failed:
July 10th, 2008 at 4:09 pm
Can you login into dovecot? If yes, try using a real mail client.
July 10th, 2008 at 4:19 pm
I am definitely not using 127.0.0.1 or localhost but instead the name of the server which is mail.marketing.com and never get the relay access denied.
July 10th, 2008 at 5:54 pm
Any Ideas? Should I send you the dovecot or postfix config files?
July 10th, 2008 at 6:13 pm
Even if you use mail.marketing.com, if the network is not properly configured, it still resolves to 127.0.0.1. After issuing the telnet command, check what IP it actually connects to.
If it really isn’t 127.0.0.1, send your main.cf to consultant(at)linuxmail.info
July 10th, 2008 at 6:55 pm
Being fairly new to Linux, I must have the network configured improperly. It is seeing 127.0.0.1 instead of the ip address assigned to the server. I added the server name and IP adress to the host file, but when I run a ping it still comes back with the 127.0.0.1, could you tell me what I am doing wrong?
July 10th, 2008 at 7:21 pm
Finally figured it out. Thanks for all your help. You have been an invalueable resource.
August 20th, 2008 at 9:14 pm
Rob,
you took the trouble to respond,
and say thank you (which is commendable),
tell us figured it out (which is great for you),
but you dont tell us how you did it (which is frustrating for those of us who still cant get it working)
August 21st, 2008 at 2:34 pm
Londo,
My appologies. After contemplating the possible network configuration issue I could have missed, I realized that I had the host file incorrect. I had pointed 127.0.0.1 to the correct server name but this was incorrect see my example of what I did wrong and the correct host config:
Wrong –
I changed the following
127.0.0.1 localhost.localdomain localhost
to
127.0.0.1 name.domain.com localhost
Correct –
I left
127.0.0.1 localhost.localdomain localhost
and then added
xxx.xxx.xxx.xxx name.domain.com mail
where xxx.xxx.xxx.xxx is the correct IP of the system and name.domain.com is the real name of the box (i.e., test.success.com; the mail after the hostname defines the server type.
Hope this helpd. Good luck.
September 16th, 2008 at 11:07 pm
Hello everyone,
I followed the directions but i have a problem. i have “Authentification successful” but just after i have “Relay access denied”.
Con you help me ?
September 23rd, 2008 at 1:47 pm
It looks like your configuration is missing the setting “permit_sasl_authenticated”. If you placed the setting in a new line, make sure you have a few whitespace in front so that Postfix will know that the setting is a continuation of the previous line.
October 2nd, 2008 at 11:01 pm
Do you think there will be an issue to setup smtp authentication for postfix if we have barracuda spam filter as a main smtp server. i just don’t have a machine to test it and don’t have chance to test it in a live busy mail server. hope you can answer. thanks.
October 2nd, 2008 at 11:57 pm
Hi bugz,
The barracuda spam filter is only that, a spam filter. Barracuda will forward mails to your main smtp server after it has performed its checkings.
November 1st, 2008 at 6:35 am
Thanks for info. It works 😉
November 19th, 2008 at 6:39 am
Hi,
I’m totally new to Linux but I really wanted to learn and create my own mail server.
November 19th, 2008 at 6:47 am
Hi,
I’m totally new to Linux but I really wanted to learn and create my own mail server.
Could somebody please tell me how to do the advice of Rob in #43.
Thanks in advance.
November 24th, 2008 at 11:03 am
Hi, my smtp authentication using postfix + dovecot + barracuda spam filter is working. there is a settings in barracuda to pass the smtp auth to the main mail server. thanks for your site, its really helpful.
December 1st, 2008 at 12:27 pm
Hi, I tried this method and everything is OK.
But when i try to send mail using telnet between two users on the same Domain, it didn’t require any authentication.
For Example:
My Domain name xyz.com
and i want to send mail from abc@xyz.com to 123@xyz.com with authentication required.
Note:
When i send mail from abc@xyz.com to abc@yahoo.com, it required from me to authenticate first(Relay Access Denied).
Thank You.
December 1st, 2008 at 2:39 pm
Hi Ams,
That’s the correct behavior. Otherwise, you won’t be able to accept mail from the outside.
December 10th, 2008 at 7:37 pm
In case it helps someone in the future, if you’re not using dovecot for imap and pop under Centos 5.2, I found that I also had to add:
protocols = none
to the dovecot.conf file (near the top of the file next to the comments about it)
Otherwise, dovecot would crap out with a message to the effect that the imap port was already in use.
December 25th, 2008 at 1:46 pm
hai consultant,
i’ve follow your tutorial and i found strange thing. when i try to test via telnet :
[root@www postfix]# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mymail.server ESMTP Postfix
ehlo localhost
250-mymail.server
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AGJ1ZGhpAHBhc3Nicmcy
235 2.0.0 Authentication successful
but when i try to sending email from mail client (thunderbird and outlook) it’s always failed. and in maillog i have this line :
Dec 25 21:33:43 www postfix/smtpd[8482]: connect from unknown[192.168.2.254]
Dec 25 21:33:45 www dovecot: auth(default): client in: AUTH 1 LOGIN service=smtp
Dec 25 21:33:45 www dovecot: auth(default): client out: CONT 1 VXNlcm5hbWU6
Dec 25 21:33:46 www dovecot: auth(default): client in: CONT 1 YWRtaW4=
Dec 25 21:33:46 www dovecot: auth(default): client out: CONT 1 UGFzc3dvcmQ6
Dec 25 21:33:47 www dovecot: auth(default): client in: CONT 1 YWRtaW4=
Dec 25 21:33:47 www dovecot: auth(default): pam(admin): lookup service=dovecot
Dec 25 21:33:49 www dovecot: auth(default): pam(admin): pam_authenticate() failed: User not known to the underlying authentication module
Dec 25 21:33:50 www dovecot: auth(default): client out: FAIL 1 user=admin
Dec 25 21:33:50 www postfix/smtpd[8482]: warning: unknown[192.168.2.254]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
can u help me what the problem is?
December 25th, 2008 at 11:52 pm
hi budhi,
Please try to login to dovecot using telnet
December 26th, 2008 at 12:54 am
[root@www postfix]# telnet localhost 110
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
+OK Dovecot ready.
user budhi
+OK
pass somepass
+OK Logged in.
list
+OK 47 messages:
then i try to execute testsaslauthd :
#testsaslauthd -u budhi -p somepass
0: OK “Success.”
and one thing i wonder is, everytime i make connection to send email via thunderbird, the user auth to server is always admin, evethough i’ve setup in my outgoing configuration my own username (budhi).
am i missing something?
December 26th, 2008 at 2:12 am
That is indeed weird. Please try all the test again but instead of localhost use www or whatever is the host name you specified in your mail clients.
December 26th, 2008 at 2:08 pm
okay… i’ve tried to telnet via my fqdn server name still i’ve succed to authenticated. but when i use thunderbird or outlook stil i cant send email, in maillog i got this line :
authenticate() failed: User not known to the underlying authentication module
Dec 26 22:00:24 www dovecot: auth(default): client out: FAIL 1 user=someuser@myserver
Dec 26 22:00:24 www dovecot: imap-login: Disconnected: user=, method=PLAIN, rip=::ffff:192.168.x.x, lip=::ffff:192.168.x.x
Dec 26 22:00:24 www dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=::ffff:192.168.x.x rip=::ffff:192.168.x.x resp=AHZpbmNlbnRnb2hAaWhjLmNvbS5ibgBnaXptbw==
what the meaning of this line :
User not known to the underlying authentication module
December 29th, 2008 at 3:02 pm
Hi,
got maillog as below:
Dec 29 21:40:33 mata dovecot: Dovecot v1.0.rc15 starting up
Dec 29 21:40:34 mata dovecot: Auth process died too early – shutting down
Dec 29 21:40:34 mata dovecot: auth(default): bind(/var/spool/postfix/private/auth) failed: Permission denied
Dec 29 21:40:34 mata dovecot: auth(default): net_listen_unix(/var/spool/postfix/private/auth) failed: Permission denied
Dec 29 21:40:34 mata dovecot: child 6265 (auth) returned error 89
Dec 29 21:40:34 mata dovecot: Temporary failure in creating login processes, slowing down for now
pls advice!!!
December 30th, 2008 at 12:46 am
hi…
After troubleshooting whole night, found to solution. the “auth(default): bind(/var/spool/postfix/private/auth) failed: Permission denied” is caused by SElinux prevention and after setting up the policies, everything is running find….
January 15th, 2009 at 5:06 pm
Hi, I’m trying this tutorial but I’m stucked on smtp authenticationt test.
I get the same answer that colombo, which is:
“…when testing the postfix the auth plain and base64 encode value i get
535 5.7.0 Error: authentication failed:”
my telnet session is like this:
root@proxy:~# telnet 10.1.0.99 smtp
Trying 10.1.0.99…
Connected to 10.1.0.99 (10.1.0.99).
Escape character is ‘^]’.
220 di11-vm-centos.mpm ESMTP Postfix
ehlo proxy.mpm
250-di11-vm-centos.mpm
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: administrador@di11-vm-centos.mpm
250 2.1.0 Ok
rcpt to: ronermarcelo@gmail.com
554 5.7.1 : Relay access denied
auth plain YWRtaW5pc3RyYWRvckBkaTExLXZtLWNlbnRvcy5tcG0JbXBtMjAwMgo=
535 5.7.0 Error: authentication failed:
maillog shows this:
Jan 14 03:13:26 di11-vm-centos postfix/smtpd[4977]: connect from proxy.mpm[10.1.0.82]
Jan 14 03:13:39 di11-vm-centos postfix/smtpd[4977]: NOQUEUE: reject: RCPT from proxy.mpm[10.1.0.82]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Jan 14 03:13:59 di11-vm-centos postfix/smtpd[4977]: warning: proxy.mpm[10.1.0.82]: SASL plain authentication failed:
I already tested the dovecot connection (telnet localhost pop3) and it’s working fine.
I’d appreciate any help.
thanks.
January 16th, 2009 at 5:15 pm
About comment 62:
I only get the message authentication successfull when I use the command perl -MMIME::Base64 -e ‘print encode_base64(“administradoradministradorpasswd”);’ to encode my credencials.
If I try to encode my credencials with the domain I can’t get authenticated.
January 16th, 2009 at 9:04 pm
Hi roner,
Does it work in dovecot if you include the domain?
If it worked, try the command below
perl -MMIME::Base64 -e ‘print encode_base64(”\000user\@domain.com\000password”)’
January 19th, 2009 at 7:46 pm
Hi consultant,
I doesn’t work if I try your suggestion.
It only work if I encode with the command:
perl -MMIME::Base64 -e ‘print encode_base64(“useruserpassword”);’
February 4th, 2009 at 12:58 am
Hello thanks for the tutorial, it really helped me setting things up. But i still have the following problem. Everything with smtp auth is working as told above. I can not send email with telnet without using the auth key. If i use the auth key is sends the email. But when i use an email client (outlook) on my workstation locally it stills connects and sends mail to the postfix server without using smtp authenticating. Can you help me with this problem? My thanks are great !
February 4th, 2009 at 2:35 am
hello again,
i found out how did comes: i was sending during the test to a another usr in my own domain. Then i can send without smtp auth. If i send to other domain for example gmail.com then i need smtp auth. Is this normal? how can i turn off that even sending to my own domain also needs smtp auth. It feels like i am vulnerable to spammers now (spamming within my own domain)
February 4th, 2009 at 6:18 am
Hi I have followed these very excellent guides and now have postfix and Dovecot authenticating to Active Directory. However when adding the above instructions I get authentication failures.
I have tried all suggestions above.
I am NOT telnetting to 127.0.0.1
I am using an existing user.
I have tried encoding with the form above and with perl -MMIME::Base64 both with and without domain.
My maillog only shows:
SASL plain authentication failed:
I have tried from evolution mail client with the same results.
I am using centos 5.1 and the prebuilt postfix-2.5.1-1.mysql.sasl2.vda.rhel5 rpms from this site.
Any help please?
February 4th, 2009 at 12:31 pm
Hi rob gevers,
Yes, that’s the proper behavior. Otherwise, you won’t be able to receive mail from the outside since they cannot authenticate.
February 14th, 2009 at 11:21 am
When I start postfix and dovecot I get this error:
auth process died too early shutting down
socket already exists
error 89
temporary failure in creating auth processes.
I have dovecot running as root, the private/auth file is owned by postfix. can’t see whats wrong in my setup.
February 18th, 2009 at 8:42 pm
Hi,
Following your excellent guide i’ve got webmail working with mailscanner now and it all seems to be working quite well so long a i use webmail.
However when i setup clients (applemail atm) it will recieve email but appears to refuse the smtp connection, it’s not an outright rejection it’s as though the process hangs for a few minutes then times out.
Do you have any ideas what may be causing this? In the mydestination steps when we change this to localhost mydomain etc have we restricted the access to purely allow access only from localhost or configured it so that it requires a login.
I have also noted that connecting to the smtp server via telnet allows you to still send emails to any users still on the server but not to allow relay without authenticating. Is this something i have misconfigured and need to go through again or is there another way to disable this as if i setup mailing lists then this will leave the company open to large volumes of spam appearing to have come from a valid user account within the network?!
Thank you for any help that you can provide.
February 18th, 2009 at 10:24 pm
Hi Danny,
“I have also noted that connecting to the smtp server via telnet allows you to still send emails to any users still on the server but not to allow relay without authenticating.”
The above is correct as it allows you to receive mail from the outside.
Sorry, but I’m not familiar with Applemail.
March 3rd, 2009 at 10:48 pm
Hi,
I got some troubles authenticating using your base64 generator.
After many tries I decided to generate base64 text with another util (http://chiralsoftware.com/linux-system-administration/source/base64password.jar) and that worked great.
Hope this will help.
March 4th, 2009 at 1:38 am
Hi Kevin,
You’re right. I tried inputting johndoe@acme.local and password and the result did not match the output specified in the article. I have fixed the code, thank you very much for sharing this.
March 14th, 2009 at 3:41 am
please tell me how to solve this
[root@admin ~]# telnet admin smtp
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Connection closed by foreign host.
please i need an immediate answer
March 14th, 2009 at 3:49 am
Hi roxanne,
Please check the log file at /var/log/maillog. This should give you a clue on what the problem is.
March 14th, 2009 at 5:53 am
this is the log files I got
Mar 15 10:31:54 admin dovecot: Dovecot v1.0.7 starting up
Mar 15 10:31:54 admin dovecot: Generating Diffie-Hellman parameters for the first time. This may take a while..
Mar 15 10:32:21 admin dovecot: ssl-build-param: SSL parameters regeneration completed
Mar 15 10:40:21 admin dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Mar 15 10:41:16 admin dovecot: POP3(amaclc): Disconnected: Logged out top=0/0, retr=1/477, del=0/1, size=461
Mar 15 10:47:12 admin dovecot: Killed with signal 15
Mar 15 10:47:20 admin postfix/postfix-script: stopping the Postfix mail system
Mar 15 10:47:20 admin postfix/master[7260]: terminating on signal 15
Mar 15 10:47:20 admin postfix/postfix-script: starting the Postfix mail system
Mar 15 10:47:21 admin postfix/master[8327]: daemon started — version 2.3.3, configuration /etc/postfix
Mar 15 10:49:51 admin postfix/smtpd[8388]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 10:49:51 admin postfix/smtpd[8388]: fatal: no SASL authentication mechanisms
Mar 15 10:49:52 admin postfix/master[8327]: warning: process /usr/libexec/postfix/smtpd pid 8388 exit status 1
Mar 15 10:49:52 admin postfix/master[8327]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 10:50:52 admin postfix/smtpd[8393]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 10:50:52 admin postfix/smtpd[8393]: fatal: no SASL authentication mechanisms
Mar 15 10:50:53 admin postfix/master[8327]: warning: process /usr/libexec/postfix/smtpd pid 8393 exit status 1
Mar 15 10:50:53 admin postfix/master[8327]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 10:51:53 admin postfix/smtpd[8424]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 10:51:53 admin postfix/smtpd[8424]: fatal: no SASL authentication mechanisms
Mar 15 10:51:54 admin postfix/master[8327]: warning: process /usr/libexec/postfix/smtpd pid 8424 exit status 1
Mar 15 10:51:54 admin postfix/master[8327]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 10:52:54 admin postfix/smtpd[8429]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 10:52:54 admin postfix/smtpd[8429]: fatal: no SASL authentication mechanisms
Mar 15 10:52:55 admin postfix/master[8327]: warning: process /usr/libexec/postfix/smtpd pid 8429 exit status 1
Mar 15 10:52:55 admin postfix/master[8327]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 10:54:19 admin postfix/postfix-script: stopping the Postfix mail system
Mar 15 10:54:19 admin postfix/master[8327]: terminating on signal 15
Mar 15 10:54:19 admin postfix/postfix-script: starting the Postfix mail system
Mar 15 10:54:19 admin postfix/master[8614]: daemon started — version 2.3.3, configuration /etc/postfix
Mar 15 10:55:02 admin postfix/smtpd[8636]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 10:55:02 admin postfix/smtpd[8636]: fatal: no SASL authentication mechanisms
Mar 15 10:55:03 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 8636 exit status 1
Mar 15 10:55:03 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 10:56:25 admin postfix/smtpd[8644]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 10:56:25 admin postfix/smtpd[8644]: fatal: no SASL authentication mechanisms
Mar 15 10:56:26 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 8644 exit status 1
Mar 15 10:56:26 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 11:26:24 admin postfix/smtpd[8829]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 11:26:24 admin postfix/smtpd[8829]: fatal: no SASL authentication mechanisms
Mar 15 11:26:25 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 8829 exit status 1
Mar 15 11:26:25 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 11:27:25 admin postfix/smtpd[8833]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 11:27:25 admin postfix/smtpd[8833]: fatal: no SASL authentication mechanisms
Mar 15 11:27:26 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 8833 exit status 1
Mar 15 11:27:26 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 11:35:19 admin postfix/smtpd[9018]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 11:35:19 admin postfix/smtpd[9018]: fatal: no SASL authentication mechanisms
Mar 15 11:35:20 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9018 exit status 1
Mar 15 11:35:20 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 11:36:20 admin postfix/smtpd[9022]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 11:36:20 admin postfix/smtpd[9022]: fatal: no SASL authentication mechanisms
Mar 15 11:36:21 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9022 exit status 1
Mar 15 11:36:21 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 11:51:14 admin postfix/smtpd[9242]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 11:51:14 admin postfix/smtpd[9242]: fatal: no SASL authentication mechanisms
Mar 15 11:51:15 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9242 exit status 1
Mar 15 11:51:15 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 12:07:21 admin postfix/smtpd[9600]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 12:07:21 admin postfix/smtpd[9600]: fatal: no SASL authentication mechanisms
Mar 15 12:07:22 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9600 exit status 1
Mar 15 12:07:22 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 12:08:50 admin postfix/smtpd[9632]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 12:08:50 admin postfix/smtpd[9632]: fatal: no SASL authentication mechanisms
Mar 15 12:08:51 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9632 exit status 1
Mar 15 12:08:51 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 12:16:40 admin postfix/smtpd[9657]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 12:16:40 admin postfix/smtpd[9657]: fatal: no SASL authentication mechanisms
Mar 15 12:16:41 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9657 exit status 1
Mar 15 12:16:41 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 12:24:39 admin postfix/smtpd[9733]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 12:24:39 admin postfix/smtpd[9733]: fatal: no SASL authentication mechanisms
Mar 15 12:24:40 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 9733 exit status 1
Mar 15 12:24:40 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 12:28:27 admin postfix/postfix-script: fatal: the Postfix mail system is already running
Mar 15 13:32:28 admin dovecot: Dovecot v1.0.7 starting up
Mar 15 13:32:28 admin dovecot: Auth process died too early – shutting down
Mar 15 13:32:28 admin dovecot: auth(default): You’ll need to add at least one userdb
Mar 15 13:32:28 admin dovecot: child 12587 (auth) returned error 89
Mar 15 13:33:07 admin dovecot: Dovecot v1.0.7 starting up
Mar 15 13:33:07 admin dovecot: Auth process died too early – shutting down
Mar 15 13:33:07 admin dovecot: auth(default): You’ll need to add at least one userdb
Mar 15 13:33:07 admin dovecot: child 12622 (auth) returned error 89
Mar 15 13:33:38 admin postfix/smtpd[12667]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 13:33:38 admin postfix/smtpd[12667]: fatal: no SASL authentication mechanisms
Mar 15 13:33:39 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 12667 exit status 1
Mar 15 13:33:39 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 13:34:39 admin postfix/smtpd[12702]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 13:34:39 admin postfix/smtpd[12702]: fatal: no SASL authentication mechanisms
Mar 15 13:34:40 admin postfix/master[8614]: warning: process /usr/libexec/postfix/smtpd pid 12702 exit status 1
Mar 15 13:34:40 admin postfix/master[8614]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 13:35:46 admin postfix/postfix-script: fatal: the Postfix mail system is already running
Mar 15 13:37:46 admin postfix/postfix-script: fatal: the Postfix mail system is already running
Mar 15 13:37:52 admin postfix/postfix-script: stopping the Postfix mail system
Mar 15 13:37:52 admin postfix/master[8614]: terminating on signal 15
Mar 15 13:37:52 admin postfix/postfix-script: starting the Postfix mail system
Mar 15 13:37:52 admin postfix/master[12919]: daemon started — version 2.3.3, configuration /etc/postfix
Mar 15 13:37:54 admin postfix/postfix-script: fatal: the Postfix mail system is already running
Mar 15 13:37:57 admin postfix/postfix-script: stopping the Postfix mail system
Mar 15 13:37:57 admin postfix/master[12919]: terminating on signal 15
Mar 15 13:38:00 admin postfix/postfix-script: starting the Postfix mail system
Mar 15 13:38:00 admin postfix/master[13051]: daemon started — version 2.3.3, configuration /etc/postfix
Mar 15 13:38:21 admin postfix/smtpd[13098]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 13:38:21 admin postfix/smtpd[13098]: fatal: no SASL authentication mechanisms
Mar 15 13:38:22 admin postfix/master[13051]: warning: process /usr/libexec/postfix/smtpd pid 13098 exit status 1
Mar 15 13:38:22 admin postfix/master[13051]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 13:40:27 admin dovecot: Dovecot v1.0.7 starting up
Mar 15 13:40:27 admin dovecot: Auth process died too early – shutting down
Mar 15 13:40:27 admin dovecot: auth(default): You’ll need to add at least one userdb
Mar 15 13:40:27 admin dovecot: child 13231 (auth) returned error 89
Mar 15 13:40:30 admin dovecot: Dovecot v1.0.7 starting up
Mar 15 13:40:30 admin dovecot: Auth process died too early – shutting down
Mar 15 13:40:30 admin dovecot: auth(default): You’ll need to add at least one userdb
Mar 15 13:40:30 admin dovecot: child 13271 (auth) returned error 89
Mar 15 13:40:41 admin postfix/smtpd[13316]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 13:40:41 admin postfix/smtpd[13316]: fatal: no SASL authentication mechanisms
Mar 15 13:40:42 admin postfix/master[13051]: warning: process /usr/libexec/postfix/smtpd pid 13316 exit status 1
Mar 15 13:40:42 admin postfix/master[13051]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
Mar 15 13:41:42 admin postfix/smtpd[13322]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar 15 13:41:42 admin postfix/smtpd[13322]: fatal: no SASL authentication mechanisms
Mar 15 13:41:43 admin postfix/master[13051]: warning: process /usr/libexec/postfix/smtpd pid 13322 exit status 1
Mar 15 13:41:43 admin postfix/master[13051]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
March 14th, 2009 at 6:06 am
dovecot dead but subsys locked
plss I need it to pass my subject
March 14th, 2009 at 6:54 am
Hi roxanne,
That’s still not enough information to analyze. Maybe there’s something wrong with your /etc/dovecot.conf file similar to comment #12.
March 17th, 2009 at 9:21 am
Hi consultant,
great site! Best tutorial in the web for this. My problem: in the maillog I find the line
postfix/smtpd: warning: SASL authentication problem: unable to open berkeley db /etc/sasl2db: No such file or directory
I found different guides in the web but couldn’t figure out which one’s the right for me. Do you have any idea how to troubleshoot? Thanks so far, Marco
March 22nd, 2009 at 10:50 pm
Hi roxanne,
Sorry, your log file post got spammed.
In the log, there’s a “You’ll need to add at least one userdb” entry. Check the section below in /etc/dovecot.conf
userdb passwd {
}
and make sure it is not commented out.
March 22nd, 2009 at 11:00 pm
Hi marco,
You can enable verbose postfix logging. Edit /etc/postfix/master.cf and add -v to smtpd
Ex.
smtp inet n – n – – smtpd -v
then restart postfix.
March 29th, 2009 at 2:46 am
I have double checked everything, but cannot get a successful authorization. I would love to include /var/log/maillog, but it does not exist. Any help would be greatly appreciated.
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AHRycEB0aW1wYXJoYW0uY29tAHJzY210cn==
535 5.7.0 Error: authentication failed:
March 29th, 2009 at 5:44 am
Hi trp,
Try logging in to dovecot first, see if it works.
March 30th, 2009 at 9:33 pm
Thanks for the push in the right direction. It is working now.
April 1st, 2009 at 3:59 pm
I recently went through all these tutorials and had successfully setup my Linux server to send/receive email using my domain name. Everything was working fine up until a few days ago(I am using port 587 and have been all along). Now, all of a sudden, I can still send email from port 587 or 25 on my server, from example@mydomain.com to any email address known to man. I can also send email from example@mydomain.com to example_other@mydomain.com just fine. The problem is, I cannot receive email at any example@mydomain.com accounts from any emails from the outside world.
Nothing shows in my log files when I try to send from something like myname@yahoo.com to example@mydomain.com. It’s like it never even hits my server to get rejected or delivered to my users maildir. I am with Comcast ISP. Could it be something THEY have done? I use relay_host = smtp.comcast.net in my postfix/main.cf
April 9th, 2009 at 5:18 am
Hi Consultant,
What do you mean by “Try logging in to dovecot first, see if it works.”?
Can you please explain it further?
Thanks,
Marvin
April 9th, 2009 at 11:31 am
Marvin,
Here.
http://www.linuxmail.info/install-setup-dovecot-centos-5/
May 3rd, 2009 at 10:03 pm
Hi
I’m trying to set up a mailserver following your instructions.
I’m using CentOS 5.3 and the latest RPM’s.
Configuring Dovecot and Postfix worked great for steps 1 and 2 but I can’t get this part working.
I’ve made the changes in this guide twice (backed up the conf files prior just in case so I started from the default again just to be sure).
My issue is that telnetting doesn’t recognize my server name (I’m new to linux so I could not have set my servername properly but telnet says root@mailserver which is my server name).
I’ve also tried using local host and my session is closed automatically by foreign host.
I don’t have a /var/spool/postfix/private/auth folder either.
I’m sure I edited the file properly but I didn’t add the last closing bracket after the mechanisims tag as there is an unused one further down and if I try to add it, I get an error when starting the service that my conf file is wrong.
Any help would be greatly appreciated.
Thanks.
May 4th, 2009 at 3:52 am
I figured posting the relevant part of maillog would help.
May 3 23:33:59 mailserver dovecot: Dovecot v1.0.7 starting up
May 3 23:34:00 mailserver dovecot: auth(default): bind(/var/run/dovecot/var/spool/postfix/private/auth) failed: No such file or directory
May 3 23:34:00 mailserver dovecot: auth(default): net_listen_unix(/var/run/dovecot/var/spool/postfix/private/auth) failed: No such file or directory
May 3 23:34:00 mailserver dovecot: Auth process died too early – shutting down
May 3 23:34:00 mailserver dovecot: child 2458 (auth) returned error 89
May 3 23:34:01 mailserver postfix/postfix-script: starting the Postfix mail system
May 3 23:34:01 mailserver postfix/master[2510]: daemon started — version 2.3.3, configuration /etc/postfix
May 3 23:38:21 mailserver postfix/smtpd[3096]: warning: SASL: Connect to private/auth failed: No such file or directory
May 3 23:38:21 mailserver postfix/smtpd[3096]: fatal: no SASL authentication mechanisms
May 3 23:38:22 mailserver postfix/master[2510]: warning: process /usr/libexec/postfix/smtpd pid 3096 exit status 1
May 3 23:38:22 mailserver postfix/master[2510]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
May 5th, 2009 at 2:00 am
Hi
I managed to get passed half of my issue.
I had not removed the comments from the file in dovecot.conf, I had simply typed them in exactly as in the instructions up there one after the other creating new entries. That means they were not in their right place. So I’ve got a working auth file now and everything works fine while using localhost.
However, I still can’t seem to access my mailserver from the internet. I’ve decided to use the box’s IP instead to simplify things. I’ve also changed the postfix port to 2025 as in your guide as my ISP blocks port 25 and I’ll be using no-ip mail reflector once everything is set up anyway.
However, my box now says connection refused when I try to log in from telnet using my IP. My firewall is routing the port properly and my ISP doesn’t block port 2025 (both tested on my windows box) but it’s not getting through for some reason. The firewall is opened and nmap tells me port 2025 is listening so I’m somewhat at a loss here.
I don’t have a great deal of experience in Linux if you can’t tell!) but my install is exactly like the one described on this site.
Any help would be great.
Thanks.
May 5th, 2009 at 2:02 am
Quick correction, I meant to say my router is routing the port properly. Should have re-read more than once!
May 5th, 2009 at 12:39 pm
Marc,
Do the command hostname.
What does your server say it’s hostname is?
Check your /etc/hosts file. You should have a line with your servers IP first, then it’s full hostname next then it’s name. It should look something like this
127.0.0.1 localhost.localdomain localhost
192.168.0.150 http://www.myserver.com www
Also, check your Linux Firewall.
/etc/sysconfig/iptables and ip6tables
There should be a line for port 2025. It is probably not there if you did not add it.
Making any changes to the Linux Firewalls requires you to restart them like this
/etc/init.d/iptables restart
/etc/init.d/ip6tables restart
Make sure you have also restarted dovecot and postfix in the same manner.
May 5th, 2009 at 3:14 pm
Hi Mike
Thanks for the advice.
I had modified the host file but I had not added the name of the server after the full name (as in the www part in your example up there was missing). I added it and restarted and I can now use it instead of using the IP.
As for the firewall, I had set it up through the GUI and rebooted and port 2025 is there if I manually look in iptables.
So, after modifying the hosts file and rebooting, the short name for my server now works, but it still says connection refused.
I’ve tried the nmap command again but I also used it with my server name along with localhost and there is indeed a port issue. Using nmap -p 2025 localhost, lists the port as being open but using nmap -p 2025 mailserver, it lists the port as being closed.
So something is interfering with port 2025 being opened.
Here are some troubleshooting info :
Here is the relevant port line in ipconfg :
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 2025 -j ACCEPT
here is the output from netstat -tulpn | less :
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2025 0.0.0.0:* LISTEN 3570/master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2140/portmap
tcp 0 0 0.0.0.0:659 0.0.0.0:* LISTEN 2173/rpc.statd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2416/cupsd
tcp 0 0 :::993 :::* LISTEN 2453/dovecot
tcp 0 0 :::995 :::* LISTEN 2453/dovecot
tcp 0 0 :::110 :::* LISTEN 2453/dovecot
tcp 0 0 :::143 :::* LISTEN 2453/dovecot
tcp 0 0 :::22 :::* LISTEN 2405/sshd
udp 0 0 0.0.0.0:51328 0.0.0.0:* 2622/avahi-daemon:
udp 0 0 0.0.0.0:653 0.0.0.0:* 2173/rpc.statd
udp 0 0 0.0.0.0:656 0.0.0.0:* 2173/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 2016/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2622/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2140/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 2416/cupsd
udp 0 0 192.168.0.100:123 0.0.0.0:* 2442/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2442/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2442/ntpd
udp 0 0 :::36960 :::* 2622/avahi-daemon:
udp 0 0 :::5353 :::* 2622/avahi-daemon:
udp 0 0 fe80::207:95ff:feae:123 :::* 2442/ntpd
udp 0 0 ::1:123 :::* 2442/ntpd
udp 0 0 :::123 :::* 2442/ntpd
(END)
Here is the output from iptables -L -n :
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all — 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp — 0.0.0.0/0 0.0.0.0/0
ACCEPT ah — 0.0.0.0/0 0.0.0.0/0
ACCEPT udp — 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all — 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2025
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Hopefully that can help troubleshoot the issue.
Thanks.
May 5th, 2009 at 4:40 pm
For some reason, my last comment isn’t showing up.
Bottom line is, under nmap, my port is shown as opened using localhost but closed using my server name.
IP tables appear fine (port 2025 is listed as accepted) and postfix is listening to the right port (as evidence by its response under localhost) and my isp and router are letting through the port for sure so I’m at a loss as to what to do here.
Any further help would be appreciated.
May 5th, 2009 at 5:00 pm
Marc. I’m starting to wonder if it has something to do with your Linux server’s hostname. Possibly not setup correctly?
May 5th, 2009 at 5:21 pm
Mike
Here is the content of my hosts file (I’ve replaced my domain name with xxxxx.xxx for this paste) :
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.100 mailserver.xxxx.xxx mailserver
::1 localhost6.localdomain6 localhost6
192.168.0.100 is my iternal IP obviously as I’m beind a router but that’s how I believe its supposed to be setup.
My server name is showing up when logging in in centos (upper right corner) as well as under DNS in network config.
In the post that didn’t show up I had posted the resulting output from a -tulpn command. My port is showing up but it seems to be tied to the 127.0.0.0 adress somehow. Whther that’s normal behavior or not I can’t say. Here is the line :
tcp 0 0 127.0.0.1:2025 0.0.0.0:* LISTEN 3570/master
here is the output concerning port 2025 from iptables -L -n :
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2025
I’ve been searching around trying to troubleshoot without any success so far.
I’m no whiz about these things but I’d doubt its an hosts issue as even if I use the IP directly in telnet (internal or external IP), it’s not working either. It’s only working using localhost.
May 5th, 2009 at 5:49 pm
Marc,
Without competing the test have you at least tried to send and receive email from your server using an email client like Outlook or other? Also, my hosts file, i commented out the local server IP and changed to my internet’s outside IP. I run a web server as well and mail server.
May 5th, 2009 at 6:07 pm
Marc,
I just thought of something. Try opening telnet port 23 in your router and point it to your server’s IP. Only do this temporarily as telnet is not secure.
I too can only telnet to localhost. If I try to telnet to my server’s name, I have to open telnet port on my router first. Also, add port 23 for telnet in your iptables while you test.
May 5th, 2009 at 6:30 pm
Mike
Based on your suggestion, I just did and the plot thickens.
I can retrieve mail from the server but not send any. I used the imap protocol. Pop3 also works.
So the problem would appear to be isolated to postfix alone as dovecot works as it should.
I’ll start back from the postfix default files in case there was a mistake on my part during configuration and I’ll report back the results. If you have any other suggestions however, I’m all ears.
May 5th, 2009 at 6:47 pm
Make sure in /etc/postfix/main.cf you have the relay line setup as this or similar:
relayhost = smtp.yourISP.com
May 5th, 2009 at 8:58 pm
It’s there.
I’ll continue looking around and call a friend of mine who’s my resident linux guru(TM). Tried to avoid bothering him as he’s in exams right now but I guess it can,t be avoided.
He should be able to point me in the right direction.
I’ll post the results here if I ever get to fix it so everybody can be made aware of the solution.
Thanks for your help so far. I really do appreciate it.
June 8th, 2009 at 5:16 am
The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe@acme.local and password password.
JUST AN OBSERVATION
I got the following erros while testing this on FreeBSD 7.1:
SASL plain authentication failed
I know it’s FreeBSD and I’m actually trying to port this tutorial to FreeBSD. Once I finish by the way, I’ll ask the author if I can post it for the FreeBSD people out there. I also followed this setup on CentOS 5.1 and the same problem cropped-up. Seems to me, this small observation might help some of the people here.
About above, I noticed that the value for the base encoded value did not work if I included the domain. In this case, johndoe@acme.local should only be encoded as johndoe only. I don’t know, perhaps consultant can clarify this.
Francis
June 8th, 2009 at 1:55 pm
Hi Francis,
Sorry about that. I failed to update the test portion when I converted from Cyrus SASL to Dovecot SASL. I have already updated the article, thanks for pointing that out.
July 22nd, 2009 at 11:05 pm
Hello, i get the following message when doing the test in this section.. all previous tests worked. blanked the server name with X.
thank you… rudy
[root@mail2 ~]# telnet xxxx.xxxxxxx.com
Trying 192.168.1.239…
telnet: connect to address 192.168.1.239: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@mail2 ~]# telnet localhost smtp
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Connection closed by foreign host.
[root@mail2 ~]#
July 22nd, 2009 at 11:22 pm
this is the main.cf file
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private_auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
July 22nd, 2009 at 11:44 pm
dovecot.conf
protocols = pop3 pop3s imap imaps
protocol imap {
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@example.com
}
auth default {
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
mechanisms = plain login
}
dict {
}
plugin {
}
July 23rd, 2009 at 4:48 am
never mind, fat fingers = stupid mistakes
just needed to step away for a while to find it.
August 7th, 2009 at 2:26 pm
can u help me to fixed my smtp authentiation error on my mail server:
This is the error i cant send mail outside my network but can received from outside.
Aug 7 13:29:33 mail postfix/smtp[8400]: 297CA7D8081:
to=, relay=10.10.20.21[10.10.20.21]:25,
delay=16, delays=0.04/0.01/6.9/8.7, dsn=5.0.0, status=bounced (host 10.10.20.21[10.10.20.21] said: 553 sorry, that domain isn’t in my list of allowed rcpthosts (#5.5.3 – chkuser) (in reply to RCPT TO command)) Aug 7 13:29:36 mail postfix/smtp[8400]: 297CA7D8081:
August 19th, 2009 at 2:32 am
Hi. I’ve followed the tutorial and everything is working except authentication. I’m able to send outbound email without auth. Here is an example:
220 MYEMAILSERVER.com ESMTP Postfix
ehlo host
250-MYEMAILSERVER.com
250-PIPELINING
250-SIZE 51210000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: johndoe@MYEMAILSERVER.com
250 2.1.0 Ok
rcpt to: johndoe@gmail.com
250 2.1.5 Ok
Shouldn’t I be getting Relay Access Denied here?
On the flipside.. If I follow the example and use domain.local I get rejected…
220 MYEMAILSERVER.com ESMTP Postfix
ehlo host
250-MYEMAILSERVER.com
250-PIPELINING
250-SIZE 51210000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: johndoe@MYEMAILSERVER.com
250 2.1.0 Ok
rcpt to: test@domain.local
554 5.7.1 : Relay access denied
August 19th, 2009 at 8:32 am
Hi dC,
SASL is not configured properly in your case but reject_unknown_recipient_domain is.
August 19th, 2009 at 8:49 am
Could you elaborate any further? I’m not sure what I should configure for SASL. My configurations look like what is above. Is there a separate SASL configuration I missed?
August 19th, 2009 at 9:37 pm
Hi dC,
You have a misconfiguration somewhere but I do not know where. Please post the result of postconf -n
August 19th, 2009 at 10:52 pm
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 551200000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51210000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
August 19th, 2009 at 11:05 pm
Looks like you are missing these lines
mydomain = yourdomain.com
myhostname = http://www.yourdomain.com
myorigin = $mydomain
August 20th, 2009 at 7:16 am
Hi dC,
We have basically the same configuration but it is working in my case. Sorry, I have no more ideas.
September 1st, 2009 at 11:31 pm
dovecot failed. The error was: Iniciando Dovecot Imap: Error: Error in configuration file /etc/dovecot.conf line 1024: Plugin section not allowed here (section changed at line 1024)
Fatal: Invalid configuration in /etc/dovecot.conf
[FALLÓ]
???
September 3rd, 2009 at 4:57 am
Hi Consultant. After running some more tests, I’ve narrowed down my open relay problem a little and am hoping you can help.
When trying to use a RCPT TO: name@domain.COM I get: 250 2.1.5 Ok. That goes for any email address destine for any server ending in .COM.
However, if I try to email out to a .NET, .ORG .EDU etc, I get 554 5.7.1 : Relay access denied as expected. Any ideas?
September 8th, 2009 at 4:06 pm
I am using Centos 5.3, we are facing following errors,
warning: SASL: Connect to private/auth failed: No such file or directory
fatal: no SASL authentication mechanisms
warning: process /usr/libexec/postfix/smtpd pid 25194 exit status 1
warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
I have entered everything correctly,
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
September 9th, 2009 at 1:48 am
Please help to solve this issue
I am using Centos 5.3, we are facing following errors,
warning: SASL: Connect to private/auth failed: No such file or directory
fatal: no SASL authentication mechanisms
warning: process /usr/libexec/postfix/smtpd pid 25194 exit status 1
warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
I have entered everything correctly,
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
September 11th, 2009 at 9:15 pm
Hi Basheer,
Make sure you have properly configured Dovecot since Dovecot is the one creating /var/spool/postfix/private/auth. Also try to restart Dovecot and check if it creates the auth file.
September 13th, 2009 at 12:15 am
Mr Consultant, I have restarted Dovecot, so many times after configuring dovecot, but still it doesnt create auth file. I am using new centos5.3, please help me, I need it to be solved badly.
September 13th, 2009 at 6:40 am
Hi Basheer,
1. Check if the directory /var/spool/postfix/private exists
2. Type in dovecot -n, if the configuration is correct you should see
auth default:
mechanisms: plain login
.
.
.
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix