need fully-qualified hostname;
I have tried all kinds of things. Any ideas??? This problem occurs when I try to the Outlook account test. The server is now receiving email and can send email if I use mailx. Outside sources appear not to authenticate properly.
/etc/postfix :postconf -n
brokensaslauth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
headerchecks = regexp:/etc/postfix/headerchecks
html_directory = no
localdestinationconcurrency_limit = 5
localdestinationrecipient_limit = 300
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mimeheaderchecks = pcre:/etc/postfix/body_checks
mydestination = $myhostname, localhost
mydomain = sigmadogs.com
myhostname = sigmadogs.com
mynetworks_style = host
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readmedirectory = /usr/share/doc/postfix-2.3.3/READMEFILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname
smtpdhelorequired = no
smtpdrecipientrestrictions = permitmynetworks, permitsaslauthenticated, rejectnonfqdnhelohostname, rejectinvalidhelohostname, rejectunauthdestination
smtpdsaslauth_enable = no
smtpdsasllocal_domain =
smtpdsaslsecurity_options = noanonymous
soft_bounce = no
unknownlocalrecipientrejectcode = 550
virtualaliasmaps = hash:/etc/postfix/virtual
28 Replies
Because permitsaslauthenticated appears before rejectnonfqdnhelohostname in the smtpdrecipientrestrictions configuration, any mail client that properly completes SASL authentication will not be subject to the requirement for a fully-qualified hostname.
@daudet:
smtpdsaslauth_enable = no
You haven't set up authentication on your smtpd service. Have you set up a separate submission port? What does postconf -M show?
btree
cidr
environ
hash
ldap
mysql
nis
pcre
pgsql
proxy
regexp
static
unix
I am not the one that set this up originally but I am now left to try to fix it. Any help is greatly appreciated.
postconf: fatal: usage: postconf [-a (server SASL types)] [-A (client SASL types)] [-b (bounce templates)] [-c config_dir] [-d (defaults)] [-e (edit)] [-# (comment-out)] [-h (no names)] [-l (lock types)] [-m (map types)] [-n (non-defaults)] [-v] [name…]
/etc/postfix :
Try this instead:
grep -v ^# /etc/postfix/master.cf
I can give you pointers but I'm not really qualified to offer paid help. This really isn't my field, I just run my own email server on the side.
/etc/postfix :grep -v ^# /etc/postfix/master.cf
smtp inet n - - - - smtpd
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtpfallbackrelay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
pickup fifo n - n 60 1 pickup
-o content_filter=
submission inet n - n - - smtpd
-o smtpdenforcetls=yes
-o smtpdsaslauth_enable=yes
-o smtpdclientrestrictions=permitmynetworks,permitsasl_authenticated,reject
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain}
smtp-amavis unix - - - - 2 smtp
-o smtpdatadone_timeout=1200
-o smtpsendxforward_command=yes
-o disablednslookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o localrecipientmaps=
-o relayrecipientmaps=
-o smtpdrestrictionclasses=
-o smtpddelayreject=no
-o smtpdclientrestrictions=permit_mynetworks,reject
-o smtpdhelorestrictions=
-o smtpdsenderrestrictions=
-o smtpdrecipientrestrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strictrfc821envelopes=yes
-o smtpderrorsleep_time=0
-o smtpdsofterror_limit=1001
-o smtpdharderror_limit=1000
-o smtpdclientconnectioncountlimit=0
-o smtpdclientconnectionratelimit=0
-o receiveoverrideoptions=noheaderbodychecks,nounknownrecipientchecks,noaddressmappings
@daudet:
submission inet n - n - - smtpd
-o smtpdenforcetls=yes
-o smtpdsaslauth_enable=yes
-o smtpdclientrestrictions=permitmynetworks,permitsasl_authenticated,reject
OK, that is what we were looking for. You have the submission port set up for SASL auth. Try setting your outlook client to use port 587 for outgoing smtp.
'Dan' on 6/14/2017 4:11 PM
504 5.5.2
I really need to get the domain name check turned off. It should be off due to this…
smtpdhelorequired = no
So I don't get it.
Is it possible that something else in the configuration is overriding this?
@daudet:
smtpdhelorequired = no
That just means the server doesn't require the client to HELO, but if the client does anyway (most will) then it is still subject to whatever checking you have enabled.
That said, I'd agree with the first reply from Vance - I don't see any reason why your server as configured would do any HELO checks on a SASL authenticated connection. Your errors imply that you are not authenticating, so I'd look at that end of things to see where the problem lies. Do you have TLS and authentication enabled for the outgoing SMTP server settings in your outlook client?
Maybe also check your mail log file when you try and send? You'd be looking for something like this:
Jun 15 11:40:36 xxxxx postfix/submission/smtpd[32139]: connect from unknown[xx.xx.xx.xx]
Jun 15 11:40:36 xxxxx postfix/submission/smtpd[32139]: Anonymous TLS connection established from unknown[xx.xx.xx.xx]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jun 15 11:40:37 xxxxx postfix/submission/smtpd[32139]: 239C3BCE6: client=unknown[xx.xx.xx.xx], sasl_method=PLAIN, sasl_username=xxxxx
I am not sure what I need to do for TLS?
Jun 15 12:58:48 fido postfix/smtpd[16988]: connect from unknown[75.90.50.25]
Jun 15 12:58:48 fido postfix/smtpd[16988]: lost connection after EHLO from unknown[75.90.50.25]
Jun 15 12:58:48 fido postfix/smtpd[16988]: disconnect from unknown[75.90.50.25]
alias_maps = hash:/etc/aliases
After adding I now get this…
Jun 15 13:04:05 fido postfix/smtpd[17147]: connect from unknown[75.90.50.25]
Jun 15 13:04:05 fido postfix/smtpd[17147]: lost connection after EHLO from unknown[75.90.50.25]
Jun 15 13:04:05 fido postfix/smtpd[17147]: disconnect from unknown[75.90.50.25]
@daudet:
I am indicating that my server requires username and password.
I am not sure what I need to do for TLS?
I haven't used Outlook in ages, but there should be some setting about encryption method for the outgoing server settings.
@daudet:
How do I turn off the requirement for encryption?
You really shouldn't do that as it will leave your authentication information exposed on the internet.
If you want to do it for testing (or if you just want to ignore my advice), you would comment out the smtpdenforcetls line in master.cf
submission inet n - n - - smtpd
#-o smtpd_enforce_tls=yes
Did you install things by following the Linode guidetroubleshooting guide
As I said everything works fine if you are sitting on the server. The only problem as I know it, is with external clients.
etc/postfix :doveadm user dan
userdb lookup: user dan doesn't exist
When I dug into this further it appears that the database piece wasn't done. I think the person originally working on this, had some way of using a file instead of the database, but I am not seeing how this could have worked. I will wrestle with this until I get the test above to work.
and where else do I need to change things.
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
…
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
…
}
/etc/dovecot/conf.d :service dovecot restart
Stopping Dovecot Imap: [FAILED]
Starting Dovecot Imap: Error: service(auth): unlink(/var/spool/postfix/private/auth) failed: Is a directory
Fatal: Failed to start listeners
[FAILED]
My guess, is that I forgot a parameter after a path somewhere.
Jun 16 16:43:59 fido postfix/sendmail[3610]: fatal: open /etc/postfix/main.cf: Permission denied
My best suggestions at this point would be to either start over fresh and follow the Linode guide for Postfix, Dovecot, and MySQLGoogle
Good luck!
Do I have options, other than Dovecot?
The postfix documentation is not very good and it fails to describe vital information about how postfix works. The main.cf configuration will set various global parameters, but will also set the way the default smtpd process will respond to port 25. For example, when a connection is made on port 25, various items will be checked in turn:
smtpdclientrestrictions
smtpdhelorestrictions
smtpdsenderrestrictions
smtpdrelayrestrictions
smtpdrecipientrestrictions
smtpddatarestrictions
smtpdendofdatarestrictions
You may place various checks, processes, milters, etc on any of the above steps that will be run in turn. So in this case the original poster's problem is because of the HELO checks under smtpdhelorestrictions, those restrictions will block the horrible M$ outlook client. This is not wrong, actually this is the correct thing! Because we are talking about port 25 by default in the main.cf, which should be used by other MTA's and not a MUA.
The actual MUA communication should happen via the submission port (587), which should have full encryption as a requirement, a lax HELO policy (to allow the horrible Outlook to connect), enforced authentication, milters like OpenDKIM and other details like that. But all that, does not happen in the main.cf, but in the master.cf file, under the "submission" line.
I hope I didn't confuse you even more