On 10/12/2011 05:35 PM, Viktor Dukhovni wrote:
On Wed, Oct 12, 2011 at 09:13:45AM +0300, Tolga wrote:
Below are my postconf -n and master.cf:
root@vps:~# postconf -n
debug_peer_level = 3
debug_peer_list = localhost
Don't.
What should I do? Remove these?
myhostname = vps.ozses.net
No such host in the public DNS.
Okay, fixed.
mynetworks = 127.0.0.0/8 127.0.0.2/32 184.82.40.0/24 64.120.177.0/24
They are all my IP addresses for my box, but I'll remove it.
This looks wrong, with hosts like:
...
176.177.120.64.in-addr.arpa. IN PTR
64-120-177-176.static.hostnoc.net.
177.177.120.64.in-addr.arpa. IN PTR
64-120-177-177.static.hostnoc.net.
178.177.120.64.in-addr.arpa. IN PTR vpn.cyber-army.com.
179.177.120.64.in-addr.arpa. IN PTR lulz.maximumtrolling.pl.
180.177.120.64.in-addr.arpa. IN PTR chat.topbaby.com.br.
181.177.120.64.in-addr.arpa. IN PTR mitm.madhacker.biz.
182.177.120.64.in-addr.arpa. IN PTR sli6.amigo.co.za.
183.177.120.64.in-addr.arpa. IN PTR
64-120-177-183.static.hostnoc.net.
184.177.120.64.in-addr.arpa. IN PTR
64-120-177-184.static.hostnoc.net.
185.177.120.64.in-addr.arpa. IN PTR
64-120-177-185.static.hostnoc.net.
186.177.120.64.in-addr.arpa. IN PTR
64-120-177-186.static.hostnoc.net.
...
on 64.120.177, it seems unlikely they're all suitable trusted clients for
your Postfix server.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
Good, this won't allow unauthenticated systems outside mynetworks
to send email.
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
Assuming dovecot is running and configured appropriately, this
should enable SASL auth (dovecot's auth socket needs to be
in /var/spool/postfix/private).
Dovecot is running, and configured properly (I hope).
virtual_transport = virtual
If you have dovecot, you should probably use LMTP.
Looking into it.
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
You forgot to uncomment the submission options, so your submission
port does not offer TLS, and you don't have a cert/key configured
in main.cf.
Is this why my box is not receiving mail on submission port? Anyway,
should I comment out smtp so that it only listens on 587? If I do, I
can't receive mail.
Unfortunately, there are no errors / logs related to this. I just
don't get any mail/logs when I use the submission port.
The Postfix SMTP server logs all TCP connections and any subsequent
mail transactions. With no logs, the best conclusion is that you do
not in fact "use the submission port".
You must show evidence that you're in fact connecting to this
Postfix on port 587 by showing appropriate logs, output of
attempts via "telnet hostname 587", packet traces, ...
Oct 13 15:36:25 vps postfix/smtpd[5598]: connect from
mail-bw0-f44.google.com[209.85.214.44]
Oct 13 15:36:25 vps postfix/smtpd[5598]: 5BFCB4100575:
client=mail-bw0-f44.google.com[209.85.214.44]
Oct 13 15:36:25 vps postfix/cleanup[5603]: 5BFCB4100575:
message-id=<4e96cd36.30...@ozses.net>
Oct 13 15:36:25 vps postfix/qmgr[5605]: 5BFCB4100575:
from=<to...@ozses.net>, size=1066, nrcpt=1 (queue active)
Oct 13 15:36:25 vps postfix/virtual[5606]: 5BFCB4100575:
to=<bi...@bilgisayarciniz.org>, relay=virtual, delay=0.39,
delays=0.35/0/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 15:36:25 vps postfix/qmgr[5605]: 5BFCB4100575: removed
This is when I enable both smtp port and submission port.
Regards,
