Hi All
Thankyou all for helping me out, and giving me ideas on what to look at.
The argument
smtpd_tls_security_level = may
didn't help according to openssl
openssl s_client -connect bounce:25 -starttls smtp
Loading 'screen' into random state - done
CONNECTED(00000244)
didn't found starttls in server response, try anyway...
write:errno=10053
Can the mysql queries really be affected by using or not using ssl? I don't
understand how, if the connecting SMTP is not using authentication?The Dovecot
authenticates fine to the db.The configuration is completely ripped from Set up
a mail server with PostfixAdmin and MariaDB on CentOS 7
as I couldn't get it working myself :-)
The mysql config files:mysql_virtual_alias_domain_catchall_maps.cfuser = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain =
'%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND
alias.active = 1 AND alias_domain.active='1'
mysql_virtual_alias_domain_mailbox_maps.cfuser = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE
alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@',
alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
mysql_virtual_alias_domain_maps.cf
user = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain =
'%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND
alias.active = 1 AND alias_domain.active='1'
mysql_virtual_alias_maps.cfuser = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100
mysql_virtual_domains_maps.cfuser = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx =
'0' AND active = '1'
#expansion_limit = 100
mysql_virtual_mailbox_limit_maps.cf
user = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
mysql_virtual_mailbox_maps.cf
user = foouser
password = foopass
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active =
'1'
#expansion_limit = 100
I'll try and have a look at the MYSQL log, thanks.
Best regardsKenneth
Den 15:23 tirsdag den 21. november 2017 skrev Michael Munger
<mich...@highpoweredhelp.com>:
#yiv1436706585 #yiv1436706585 -- _filtered #yiv1436706585
{font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv1436706585
{font-family:Wingdings;panose-1:5 0 0 0 0 0 0 0 0 0;} _filtered #yiv1436706585
{panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv1436706585
{font-family:DengXian;panose-1:2 1 6 0 3 1 1 1 1 1;} _filtered #yiv1436706585
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv1436706585
{panose-1:2 1 6 0 3 1 1 1 1 1;}#yiv1436706585 #yiv1436706585
p.yiv1436706585MsoNormal, #yiv1436706585 li.yiv1436706585MsoNormal,
#yiv1436706585 div.yiv1436706585MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv1436706585 a:link,
#yiv1436706585 span.yiv1436706585MsoHyperlink
{color:#0563C1;text-decoration:underline;}#yiv1436706585 a:visited,
#yiv1436706585 span.yiv1436706585MsoHyperlinkFollowed
{color:#954F72;text-decoration:underline;}#yiv1436706585 pre
{margin:0in;margin-bottom:.0001pt;font-size:10.0pt;}#yiv1436706585
p.yiv1436706585msonormal0, #yiv1436706585 li.yiv1436706585msonormal0,
#yiv1436706585 div.yiv1436706585msonormal0
{margin-right:0in;margin-left:0in;font-size:12.0pt;}#yiv1436706585
span.yiv1436706585EmailStyle18 {color:#1F497D;}#yiv1436706585
span.yiv1436706585HTMLPreformattedChar {}#yiv1436706585 span.yiv1436706585kwd
{}#yiv1436706585 span.yiv1436706585pln {}#yiv1436706585 span.yiv1436706585pun
{}#yiv1436706585 span.yiv1436706585lit {}#yiv1436706585 span.yiv1436706585str
{}#yiv1436706585 .yiv1436706585MsoChpDefault {font-size:10.0pt;} _filtered
#yiv1436706585 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv1436706585
div.yiv1436706585WordSection1 {}#yiv1436706585 _filtered #yiv1436706585 {}
_filtered #yiv1436706585 {font-family:Symbol;} _filtered #yiv1436706585 {}
_filtered #yiv1436706585 {font-family:Wingdings;} _filtered #yiv1436706585
{font-family:Wingdings;} _filtered #yiv1436706585 {font-family:Wingdings;}
_filtered #yiv1436706585 {font-family:Wingdings;} _filtered #yiv1436706585
{font-family:Wingdings;} _filtered #yiv1436706585 {font-family:Wingdings;}
_filtered #yiv1436706585 {font-family:Wingdings;} _filtered #yiv1436706585 {}
_filtered #yiv1436706585 {font-family:Symbol;} _filtered #yiv1436706585 {}
_filtered #yiv1436706585 {font-family:Wingdings;} _filtered #yiv1436706585
{font-family:Wingdings;} _filtered #yiv1436706585 {font-family:Wingdings;}
_filtered #yiv1436706585 {font-family:Wingdings;} _filtered #yiv1436706585
{font-family:Wingdings;} _filtered #yiv1436706585 {font-family:Wingdings;}
_filtered #yiv1436706585 {font-family:Wingdings;}#yiv1436706585 ol
{margin-bottom:0in;}#yiv1436706585 ul {margin-bottom:0in;}#yiv1436706585 For
the lack of STARTTLS offers: /etc/postfix/main.cf:
smtpd_tls_security_level = may For the rejections: Most likely, your
recipient is getting rejected because postfix cannot properly communicate with
MySQL or the queries are wrong. Since you’re trying to do this with a MySQL
backend, we need (at minimum) the MySQL conf files. Sanitize ONLY the
passwords to foopass and main username to foouser. Don’t try to change table
names or columns to obfuscate your structure. A good place to start is to
look at the actual queries being sent to MySQL. You can do that by enabling
logging in the CLI, and then looking at the queries that are coming through:
To enable logging: SET global general_log = 1; SET global
log_output = 'table'; View the log select * from mysql.general_log
Disable Query logging on the database SET global general_log = 0;
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org]On Behalf Of K F
Sent: Tuesday, November 21, 2017 8:53 AM
To: postfix-us...@cloud9.net
Subject: Problem with using STARTTLS Hi Guys I'm having a couple of
problems. I have the certificate configured, but I can't seem to be able to
send to the server with STARTTLS If I connect on port 25 with EHLO, it
doesn't show that it can do starttls? If I connect on port 587, it shows
that it can do starttls, but the receipient is rejected. Some examples from
the logfile, both sending with the same info: Without TLS: Nov 21 14:33:31
bounce postfix/lmtp[14706]: B0E8110092B71: to=<u...@helpdesk.dk>,
relay=bounce[private/dovecot-lmtp], delay=0.06, delays=0.05/0/0/0.01,
dsn=2.0.0, status=sent (250 2.0.0 <u...@helpdesk.dk> dXDgL/oqFFpzOQAAtPSY4w
Saved) With TLS Nov 21 14:32:02 bounce postfix/submission/smtpd[14601]:
NOQUEUE: reject: RCPT from alpha00021[x.x.x.x]: 554 5.7.1 <u...@helpdesk.dk>:
Recipient address rejected: Access denied; from=<t...@domain.dk>
to=<u...@helpdesk.dk> proto=ESMTP helo=<domain.dk> This will be a public
SMTP server, so there is no authentication, but it should allow STARTTLS to run
anyways. I hope somebody can tell me what I did wrong in postfix? This is
from main.cf myhostname = bounce
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
smtpd_tls_cert_file = /etc/pki/tls/certs/star.domain.combined.pem
smtpd_tls_key_file = /etc/pki/tls/private/star.domain.dk.key
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
mynetworks = 127.0.0.0/8
