+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: SMTP problem (/thread-1449.html)
RE: SMTP problem - BeNe - 11-12-2007 07:48 PM
Quote:User not known to the underlying authentication moduleAnd the user is really right ??
Greez BeNe
RE: SMTP problem - bpratt - 11-12-2007 07:57 PM
BeNe Wrote:Quote:User not known to the underlying authentication moduleAnd the user is really right ??
Yes, the actual user does exist in ispcp
It's almost like the wrong auth module set or something.
RE: SMTP problem - joximu - 11-12-2007 08:30 PM
Hi bpratt
can you turn off saslauthd?
Postfix has a built in sasl service - normally you don't need an extra service.
/Joxi
RE: SMTP problem - bpratt - 11-12-2007 09:21 PM
joximu Wrote:can you turn off saslauthd?
Postfix has a built in sasl service - normally you don't need an extra service.
Yeah I did just that, but didn't make any difference.
Just gave me the generic failure and cannot connect to saslauthd server
RE: SMTP problem - joximu - 11-12-2007 09:41 PM
Hm, well...
we don't know what was running on the server before you installed ispcp. On a fresh installation there are no problems (at least not theese).
a dpkg -l | grep sasl brings this on my server:
libsasl2
libsasl2-2
libsasl2-modules
sasl2-bin
so, could you remove the unneeded packages. Restart postfix and give us feedback.
If it's still not working - you'd better give us the output of "postconf -n" and maybe the master.cf.
Also have a look in the other threads - there are similar thing (most of them did not follow the official install way - or they don't run debian etch...)
/Joximu
RE: SMTP problem - bpratt - 11-12-2007 09:55 PM
joximu Wrote:we don't know what was running on the server before you installed ispcp. On a fresh installation there are no problems (at least not theese).
Fresh Debian Etch install, then I installed ispcp on the box.
Quote:a dpkg -l | grep sasl brings this on my server:
libsasl2
libsasl2-2
libsasl2-modules
sasl2-bin
dpkg -l | grep sasl
ii libsasl2 2.1.22.dfsg1-8 Authentication abstraction library
ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
ii libsasl2-modules 2.1.22.dfsg1-8 Pluggable Authentication Modules for SASL
ii sasl2-bin 2.1.22.dfsg1-8 Administration programs for SASL users datab
So pretty much the same as you.
Quote:If it's still not working - you'd better give us the output of "postconf -n" and maybe the master.cf.
Also have a look in the other threads - there are similar thing (most of them did not follow the official install way - or they don't run debian etch...)
I looked at other threads, and unfortunately they didn't give me much to go on with or weren't in English.
Here's my postconf -n and master.cf
Code:
postconf -n
alias_database = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
inet_interfaces = all
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
local_transport = local
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain
mydomain = virtual.overflow.net.au
myhostname = virtual.overflow.net.au
mynetworks_style = host
myorigin = $mydomain
setgid_group = postdrop
smtpd_banner = $myhostname ISPCP 1.0 Priamos Managed ESMTP 1.0.0 RC2 OMEGA
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination check_policy_service inet:127.0.0.1:60000
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = hash:/etc/postfix/ispcp/transport
virtual_alias_maps = hash:/etc/postfix/ispcp/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes
virtual_minimum_uid = 1001
virtual_transport = virtual
virtual_uid_maps = static:1001Code:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# For AOL-Accounts
587 inet n - - - - smtpd
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# ====================================================================
# ISPCP Ï OMEGA configuration
# ====================================================================
# AMaViS => Antivir / Antispam
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_override_options=no_address_mappings
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
# ISPCP autoresponder
ispcp-arpl unix - n n - - pipe
flags=O user=vmail argv=/var/www/ispcp/engine/messager/ispcp-arpl-msgr
# TSL - Activate, if TSL is avaiable/used
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipientRE: SMTP problem - joximu - 11-12-2007 10:08 PM
ok.
the main.cf: I'm sure you'll find an error in mail.err that mydomain and myhostname is the same - this is not ok.
Since I have a slightly newer snapshot installed and there were some changes it's slightly different on my server.
You can have a look in the new main.cf:
http://www.isp-control.net/ispcp/browser/trunk/configs/postfix/main.cf
ust take a deeper look in the *sasl* variables and the myhostname/mydomain thing.
they should not be the same. But they also should not be like a domain you want to run virtually on the box. So you need two hostnames.
Id' take: myhostname: the FQDN of the server. $mydomain: take the hostname of the URL for ispcp: "admin.$myhostname" or whatever... - should exist...
Then do a postfix "restart".
If I connect on your server, there are not all options we normally have:
Code:
# telnet virtual.overflow.net.au 587
Trying 203.55.214.70...
Connected to virtual.overflow.net.au.
Escape character is '^]'.
220 virtual.overflow.net.au ISPCP 1.0 Priamos Managed ESMTP 1.0.0 RC2 OMEGA
ehlo localhost
250-virtual.overflow.net.au
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.normally we have theese two AUTH lines:
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM
250-AUTH=CRAM-MD5 DIGEST-MD5 NTLM
and - if plaintext is allowed
250-AUTH NTLM DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-AUTH=NTLM DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
so, the md5/digest thing seems to be missing totally on your server.
/J
RE: SMTP problem - bpratt - 11-12-2007 10:40 PM
joximu Wrote:the main.cf: I'm sure you'll find an error in mail.err that mydomain and myhostname is the same - this is not ok.
Changed that now.
Quote:Since I have a slightly newer snapshot installed and there were some changes it's slightly different on my server.I downloaded the RC2c straight from the home page here, no later development versions.
You can have a look in the new main.cf:
http://www.isp-control.net/ispcp/browser/trunk/configs/postfix/main.cf
Quote:ust take a deeper look in the *sasl* variables and the myhostname/mydomain thing.
they should not be the same. But they also should not be like a domain you want to run virtually on the box. So you need two hostnames.
Id' take: myhostname: the FQDN of the server. $mydomain: take the hostname of the URL for ispcp: "admin.$myhostname" or whatever... - should exist...
Then do a postfix "restart".
Done that, no luck.
Quote:normally we have theese two AUTH lines:
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM
250-AUTH=CRAM-MD5 DIGEST-MD5 NTLM
and - if plaintext is allowed
250-AUTH NTLM DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-AUTH=NTLM DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
so, the md5/digest thing seems to be missing totally on your server.
Should that be in the smtpd.conf file ? as all I've got in there for the mech_list is plain and login .... or are there other packages that need to be installed ?
Thanks for your help so far.
RE: SMTP problem - joximu - 11-12-2007 11:04 PM
Ok, the rc2c is not really new... (from may).
I'd recommend to either take a daily snapshot or wait for rc3...
I don't have a smtpd.conf on my server...
do a rename and restart postfix - maybe this is the right direction... :-)
RE: SMTP problem - bpratt - 11-13-2007 08:50 AM
joximu Wrote:Ok, the rc2c is not really new... (from may).
I'd recommend to either take a daily snapshot or wait for rc3...
I wasn't game to run a snapshot here, which is why I went for rc2c. I'm hoping that when rc3 arrives they'll be an easy way to upgrade to it.
Quote:I don't have a smtpd.conf on my server...
do a rename and restart postfix - maybe this is the right direction... :-)
That seems to have worked, at least to the stage where it's rejecting the email address as user unknown now.
Thanks.