Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Email System For The Home Network - Version 2.1
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 5, 6, 7 ... 25, 26, 27  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Mon Jun 30, 2003 8:37 am    Post subject: Reply with quote

First let me appologize for taking so long to get back to you... things are hectic lately for me... sorry...

BlueEar

RE relay host: i didn't include it in my conf file... since sasl should determine where to send the email...

RE grep output: I gather you aren't using SSL (TLS)? When you compiled Cyrus-SASL, did your use flags have SSL in it? I'm not sure what side effects occur when sasl is compiled for SSL but not used... If on the other hand you intended to use SSL, then you're /etc/postfix/main.cf file is missing the appropriate lines... Depending on which way you're going (IE: No ssl), you may wish to try SSL hehe and get it working as it should, then work on taking SSL out of the picture...

--

taskara

Great that fcron is working :)
1 & 2: I believe the problems to be related...
Can you follow this code block, matching output with yours... except for username specific stuff..:
Code:
root@server # sasl2dblistuser
beowulf@odin.beowulf.bounceme.net: cmusaslsecretOTP
beowulf@odin.beowulf.bounceme.net: userPassword
root@server # grep -v ^# /usr/lib/sasl2/smtpd.conf | grep pwcheck
pwcheck_method:sasldb
root@server # /etc/init.d/saslauthd status
 * status:  stopped
root@server # grep -v ^# /etc/postfix/saslpass
smtp.isp.some.server.com          isp_smtp_user:isp_smtp_pass
root@server # ls -l /etc/sasl2/sasldb2
-rw-------    1 postfix  root        12288 May 23 21:44 sasldb2
root@server # postfix check
root@server # grep -v ^# /etc/postfix/main.cf | grep smtp
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options =
root@server #

Also, what error do you get when you send to your work email address?

3: What's not working with SSL? I appologize, as i know you're getting frustrated with this guide and me... but i need a bit more to go on... is authenticating with SSL not working? If that's the case, did you compile the software with the USE flag ssl? What errors are you getting? Still the same log error about socket not existing? Is it when sending an email over SSL it is failing? Are your ssl cert files in /etc/postfix world readable? Again, sorry... but just a touch more info would be most helpful in solving this re-occuring problem...

4: Yep... you need your SSL key generated by someone like Thawte, Verisign or one of those other people that charge $100 for a year... It's a home network so who really cares if your SSL cert isn't verified... but if you do, http://www.verisign.com & http://www.thawte.com

--

hope this helps... if not, post back and try to give as much detail as you can... hears to hoping the problems will be solved soon :)
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
jcummins
n00b
n00b


Joined: 17 Jun 2003
Posts: 15
Location: Springfield, Mo

PostPosted: Tue Jul 01, 2003 4:40 am    Post subject: Reply with quote

I had the same problem with CA.pl asking me for a passphrase as well. For some reason, executing the CA.pl script, the -nodes switch wasn't being used. Even after checking the CA.pl to make sure I added the switch in the correct places, it still didn't work. I bet this is the same problem taskara was having.

I noticed that on the HOWTO, it said to run the command:
./CA.pl -newca

however, the HOWTO says to add the -nodes switch in the -newcert area. So I ran ./CA.ok -newcert, and it didn't prompt me for the passphrase.


Last edited by jcummins on Tue Jul 01, 2003 6:39 am; edited 2 times in total
Back to top
View user's profile Send private message
jcummins
n00b
n00b


Joined: 17 Jun 2003
Posts: 15
Location: Springfield, Mo

PostPosted: Tue Jul 01, 2003 6:17 am    Post subject: Reply with quote

I am having a slight problem with my setup. The setup and configuration went (semi) smoothly. I am able to connect to the gentoo box and get my IMAP mail. However, I am unable to send email. When I try, my e-mail client (Outlook Express) fails with this error:

Code:
Unable to establish a SSL connection with the server. Account: '192.168.1.101', Server: '192.168.1.101', Protocol: SMTP, Server Response: '454 TLS not available due to temporary reason', Port: 25, Secure(SSL): Yes, Server Error: 454, Error Number: 0x800CCC7F


here is the output of /var/log/messages:
Code:
Jul  1 09:26:25 drunkenmonkey imapd-ssl: Connection, ip=[192.168.1.100]
Jul  1 09:26:25 drunkenmonkey imapd-ssl: LOGIN, user=jcummins, ip=[192.168.1.100]
Jul  1 09:26:25 drunkenmonkey imapd-ssl: couriertls: read: Connection reset by peer
Jul  1 09:26:25 drunkenmonkey imapd-ssl: DISCONNECTED, user=jcummins, ip=[192.168.1.100], headers=0, body=0

Any Ideas?[/code]
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Tue Jul 01, 2003 7:29 am    Post subject: Reply with quote

I had this same problem..

in your /etc/postfix/main.cf file what do you have for relay_domains?
Quote:

relay_domains = $mydestination


P.S - did you get squirrelmail working ?
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Wed Jul 02, 2003 2:38 am    Post subject: Reply with quote

beowulf wrote:
First let me appologize for taking so long to get back to you... things are hectic lately for me... sorry...

--

taskara

Great that fcron is working :)
1 & 2: I believe the problems to be related...
Can you follow this code block, matching output with yours... except for username specific stuff..:
Code:
root@server # sasl2dblistuser
beowulf@odin.beowulf.bounceme.net: cmusaslsecretOTP
beowulf@odin.beowulf.bounceme.net: userPassword
root@server # grep -v ^# /usr/lib/sasl2/smtpd.conf | grep pwcheck
pwcheck_method:sasldb
root@server # /etc/init.d/saslauthd status
 * status:  stopped
root@server # grep -v ^# /etc/postfix/saslpass
smtp.isp.some.server.com          isp_smtp_user:isp_smtp_pass
root@server # ls -l /etc/sasl2/sasldb2
-rw-------    1 postfix  root        12288 May 23 21:44 sasldb2
root@server # postfix check
root@server # grep -v ^# /etc/postfix/main.cf | grep smtp
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options =
root@server #

Also, what error do you get when you send to your work email address?

3: What's not working with SSL? I appologize, as i know you're getting frustrated with this guide and me... but i need a bit more to go on... is authenticating with SSL not working? If that's the case, did you compile the software with the USE flag ssl? What errors are you getting? Still the same log error about socket not existing? Is it when sending an email over SSL it is failing? Are your ssl cert files in /etc/postfix world readable? Again, sorry... but just a touch more info would be most helpful in solving this re-occuring problem...

4: Yep... you need your SSL key generated by someone like Thawte, Verisign or one of those other people that charge $100 for a year... It's a home network so who really cares if your SSL cert isn't verified... but if you do, http://www.verisign.com & http://www.thawte.com

--

hope this helps... if not, post back and try to give as much detail as you can... hears to hoping the problems will be solved soon :)


MATE, no problems! I have been making leaps and bounds since I posted last.

I have fetchmail working well through fcron as local user (not root), I have courier imap working with ssl, I have squirrelmail working, I have postfix working (and sending to any address I want - the problem was in my main.cf, where I had
Quote:
relay_domains = $mydomain
instead of
Quote:
relay_domains = $mydestination
:oops:

I think I have postfix working with ssl, here is the output of the port
Code:
root@server / # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.taskara.dyndns.org ESMTP Postfix
EHLO taskara.dyndns.org
250-server.taskara.dyndns.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-XVERP
250 8BITMIME


u can see 250-STARTTLS there.. I think that should mean it's running tls, but you can see there is NO refernce to AUTH :?

I guess the question is - will it still transmit emails withOUT ssl? I assumed it wasn't working, because I could send an email withOUT ssl :oops:

SO the only thing that I don't have working now is Authentication on my mail server. atm anyone can send out an email :?

ahh here is the output of everything you requested

Code:
root@server chris # sasldblistusers2
chris@server.taskara.dyndns.org: cmusaslsecretOTP
chris@server.taskara.dyndns.org: userPassword
root@server chris # grep -v ^# /usr/lib/sasl2/smtpd.conf | grep pwcheck
pwcheck_method: sasldb
root@server chris # /etc/init.d/saslauthd status
 * status:  stopped
root@server chris # grep -v ^# /etc/postfix/saslpass
mail.internode.on.net :
root@server chris # ls -l /etc/sasl2/sasldb2
-rw-------    1 postfix  root        12288 Jun 25 22:32 /etc/sasl2/sasldb2
root@server chris # postfix check
root@server chris # grep -v ^# /etc/postfix/main.cf | grep smtp
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
root@server chris #


I think everything is the same as yours, except that my isp does not require auth to send email

so I don't know why auth isn't working.. any other ideas?

cheers!

Chris
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Wed Jul 02, 2003 3:09 am    Post subject: Reply with quote

some developments:

I ran some tests and here are the results.

I CAN send email:
WITH auth only
withOUT auth
withOUT auth and with SSL

I could NOT send email:
with auth and with ssl

but I COULD send emails:
with auth and ssl with secure password.


so what I would like is to ONLY be able to send an email with auth ssl and secure password.

so that if ANYONE tries to send an email with out auth or without ssl, then it is rejected.

that's the plan :)

thanks guys, any thoughts?
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
usingloser
Apprentice
Apprentice


Joined: 18 May 2003
Posts: 297
Location: ->Here<-

PostPosted: Thu Jul 03, 2003 5:54 pm    Post subject: Reply with quote

sasl says that there isnt a secret in my database, any help?
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Thu Jul 03, 2003 9:06 pm    Post subject: Reply with quote

Did you delete the existing saslsb file before you tried to follow the steps in the guide?
_________________
Greetings,
Proteus
Back to top
View user's profile Send private message
usingloser
Apprentice
Apprentice


Joined: 18 May 2003
Posts: 297
Location: ->Here<-

PostPosted: Thu Jul 03, 2003 9:09 pm    Post subject: Reply with quote

yes, i deleted the database before i created a new one by adding a new user
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Thu Jul 03, 2003 10:06 pm    Post subject: Reply with quote

Can you please retry that specific section of the guide and post any errors. Normally this should work flawlessly. We need more info to be able to help you.
_________________
Greetings,
Proteus
Back to top
View user's profile Send private message
tekM
n00b
n00b


Joined: 25 Jun 2003
Posts: 29
Location: Tucson, AZ

PostPosted: Thu Jul 03, 2003 11:59 pm    Post subject: got most working.....cant authenticate smtp over tls Reply with quote

Ok,

First off.....GREAT GUIDE.

I got everything going with one exception. Im useing postfix, sasl, tls, impa_ssl squirrelmail, kmail etc. Im not relaying to my isp and just want secure password require over tls smtp services. Imap over SSL works flawlessly...squirrelmail isalso flawless.

My problem is with Kmail sending to my new smtp service. I tell it to use authentication and under security I tell it to use TLS and Digest-md5.....first time around cert popped up and i accepted and said continue etc. then delivery fails saying this:

Sending failed:
Authentication failed.
Most likely the password is wrong.
The server responded: "Error: authentication failed "

Ive re-run through step 3.3 in the guide 4 times now....making sure to delete sasldb2 each time of course. No matter what I do I keep getting that "Authentication failed" When Ive got authentication and TLS selected.

Here is what does work. Authentication with None for encryption and no authentication with none for encryption. Which is bad cause I only want smtp to work when its athenticated to. Ive also telnet into my server and did an EHLO example.com followed by a starttls......that worked and server responded tls ready or somthing to that effect.

Here is a copy of my main.cf. Any help would be enormously appreciated:

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, $mydomain
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
home_mailbox = .maildir/
relay_domains = $mydestination
mynetworks = 192.168.2.0/24,127.0.0.0/8

smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options =
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
_________________
>tek<
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Fri Jul 04, 2003 12:08 am    Post subject: Re: got most working.....cant authenticate smtp over tls Reply with quote

tekM wrote:

Sending failed:
Authentication failed.
Most likely the password is wrong.
The server responded: "Error: authentication failed "

Ive re-run through step 3.3 in the guide 4 times now....making sure to delete sasldb2 each time of course. No matter what I do I keep getting that "Authentication failed" When Ive got authentication and TLS selected.

Here is what does work. Authentication with None for encryption and no authentication with none for encryption. Which is bad cause I only want smtp to work when its athenticated to. Ive also telnet into my server and did an EHLO example.com followed by a starttls......that worked and server responded tls ready or somthing to that effect.


hey.. I have the same problem, where by u can send withOUT auth :?

the problem u have should be able to be resolved if you use secure password authentication... it did for me anyway.

as u can see from my post above, sending withOUT auth works (which I dont' want it to) sending WITH auth works, sending WITH tsl and NO auth works, sending WITH tsl and WITH auth FAILS, but sending WITH tsl and WITH auth through secure password authentication WORKS.

bizaare..
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
tekM
n00b
n00b


Joined: 25 Jun 2003
Posts: 29
Location: Tucson, AZ

PostPosted: Fri Jul 04, 2003 6:03 am    Post subject: Update Reply with quote

Ok....Ive got an update. After clearing my head and thinking about it for a second, Im realizing that I can send outgoing smtp from Kmail unauthenticated simply because Im on $mynetworks...duh for me :P. So that leaves the TLS issue + auth issue. Here is where Im at:

SMTP with NO auth and NO tls works because of $mynetworks
SMTP WITH auth and NO tls works
SMTP WITH auth and WITH tls does NOT work ("Error: Authentication Failed")

The last one seems to be my only problem here. In the main.cf the command "smtpd_tls_auth_only = yes" should force postfix to only allow smtp auth to occur once a good tls has been established. TLS works.....SASL auth works....but they wont play together for some reason. Im not sure where its failing. :(
_________________
>tek<
Back to top
View user's profile Send private message
tekM
n00b
n00b


Joined: 25 Jun 2003
Posts: 29
Location: Tucson, AZ

PostPosted: Fri Jul 04, 2003 6:23 am    Post subject: Update .....Again Reply with quote

Ok, a little bit more info for anyone with any ideas.

SMTP with NO auth and NO tls works because of $mynetworks
SMTP WITH auth and NO tls works
SMTP with NO auth and WITH tls works

all good

SMTP WITH auth and WITH tls set to PLAIN fails with "Server doesnt allow PLAIN" (IS THIS THE PROBLEM??)

SMTP WITH auth and WITH tls set to LOGIN, CRAM-MD5, or DIGEST-MD5 all fail with "Authentication failed"
_________________
>tek<
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Fri Jul 04, 2003 10:13 am    Post subject: Reply with quote

Quote:
smtp_sasl_password_maps = hash:/etc/postfix/saslpass

Maybe that's what is missing? Seems that postfix doesn't know where to lookup the saslpasses...

Also, this line:
Quote:
smtp_use_tls = yes

ist not included in my conf. Seems that it is not required.

Maybe you just want to use
Quote:
smtpd_use_tls=yes
(it's in your conf already)
_________________
Greetings,
Proteus


Last edited by Proteus on Fri Jul 04, 2003 10:20 am; edited 1 time in total
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Fri Jul 04, 2003 10:16 am    Post subject: Reply with quote

hmm I have that there in my main.cf... any other ideas?

maybe some others can test this to see if their machines are working properly.
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Fri Jul 04, 2003 10:23 am    Post subject: Reply with quote

It just seems to be the case that tekM has it not included. Maybe it's helpfull for him.
Sorry that it does not apply to you, taskara.

(And apologies to tekM if this does not help him, too...)
_________________
Greetings,
Proteus
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Fri Jul 04, 2003 10:27 am    Post subject: Reply with quote

gr00vy
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
Quint
n00b
n00b


Joined: 18 May 2003
Posts: 14

PostPosted: Sat Jul 05, 2003 11:42 pm    Post subject: Postfix not starting correctly Reply with quote

I've followed the guide to a T, but I get this error when starting postfix

root@linux eric # /etc/init.d/postfix start
* Could not get dependency info for "postfix"!
* Could not get dependency info for "postfix"!
* Starting postfix... [ ok

I'm not sure what I did wrong, All help appreciated

thanks in advance
eric
Back to top
View user's profile Send private message
BlueEar
Tux's lil' helper
Tux's lil' helper


Joined: 06 Oct 2002
Posts: 143
Location: Mountain View, CA

PostPosted: Sun Jul 06, 2003 12:40 am    Post subject: Postfix TLS support Reply with quote

Beowulf, you were right, I did not enable TLS. Mostly, because my /etc/ssl/openssl.cnf does not have the lines you mention (the one ending in _default). I see commonName, but no commonName_default. Here is the grep result:
Code:

# fgrep _default /etc/ssl/openssl.cnf
default_ca      = CA_default            # The default ca section
[ CA_default ]
countryName_default             = AU
stateOrProvinceName_default     = Some-State
0.organizationName_default      = Internet Widgits Pty Ltd
#1.organizationName_default     = World Wide Web Pty Ltd
#organizationalUnitName_default =

I am using openssl-0.9.6i-r2:
Code:
 # emerge -s openssl
Searching...
[ Results for search key : openssl ]
[ Applications found : 5 ]
 
*  dev-libs/openssl
      Latest version available: 0.9.6i-r2
      Latest version installed: 0.9.6i-r2

I take it, something must have changed between different versions. So unless you have a quick fix, I need to wait with TLS support until I read through openssl documentation ...
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Sun Jul 06, 2003 9:45 pm    Post subject: Reply with quote

jcummins

Do you by chance have Norton Antivirus running on the box that has Outlook Express? Or perhaps another antivirus that is scanning outgoing mail? What happens if you disable scanning outgoing mail and try sending again?

taskara

Sending without auth works: Try changing this line in your main.cf and see if it solves it:
Code:
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains

So what you did was get rid of the condition that allows any host in mynetworks to send email.... I should've mentioned this earlier... never even enterd my head before tekM mentioned it...

Sending with TLS and no Auth: See above

Sending with tls and Auth fails: I assume you mean authenticating in a plain manner does not work? IE: using PLAIN as the auth method? It shouldn't work like that... Your email client should send the password as CRAM-MD5 i believe...

tekM

Proteus wrote what i would've... how'd it work out with that change?

Thanks proteus :)

Quint

Hmm... something may be wrong with your init file? Here's what mine looks like, and perhaps you can check yours to see if ours differ:
Code:

depend() {
        need net
        use logger dns
        provide mta
}

PIDFILE=/var/spool/postfix/pid/master.pid

start() {
        ebegin "Starting postfix"
        /usr/sbin/postfix start &>/dev/null
        eend $?
}

stop() {
        ebegin "Stopping postfix"
        /usr/sbin/postfix stop &>/dev/null
        eend $?
}

Other than that, I'm not sure what would cause that issue... If the problem is not that file, it's one of the dependancies that aren't reporting correctly...

BlueEar

Hmm... things might have changed... Perhaps you could add the necessary lines? Maybe that'll work?
Code:

default_ca      = CA_default            # The default ca section
[ CA_default ]
countryName_default             = CA
stateOrProvinceName_default     = Province
localityName_default            = City
0.organizationName_default      = Beowulf Inc.
#1.organizationName_default     = World Wide Web Pty Ltd
#organizationalUnitName_default =
commonName_default              = Beowulf
emailAddress_default            = root@localhost

I've updated my Openssl, but config_protect kept my older conf file... Maybe you could try adding those lines and then generating it?

--

Hope all this helps... sorry for taking so long again... i will try to be more prompt in my responses...
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
tekM
n00b
n00b


Joined: 25 Jun 2003
Posts: 29
Location: Tucson, AZ

PostPosted: Mon Jul 07, 2003 1:26 am    Post subject: Re: Proteus and Beowulf Reply with quote

smtp_sasl_password_maps = hash:/etc/postfix/saslpass

I thought that was only for relaying to an external isp etc.??? Is that hash etc required if you just want a standalone smtp server? In the guide, when you created saslpass you put your isp domain, user, and pass. If Im doing a standalone setup, what should I put in there?

Also, I cant get external hosts to authenticate via sasl (using outlook express). So, my guess is that Ive definately got a sasl issue. The server is denying them the relay though thankfully.

Thanks :-)
_________________
>tek<
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Mon Jul 07, 2003 3:34 am    Post subject: Re: Proteus and Beowulf Reply with quote

tekM wrote:
smtp_sasl_password_maps = hash:/etc/postfix/saslpass

I thought that was only for relaying to an external isp etc.??? Is that hash etc required if you just want a standalone smtp server? In the guide, when you created saslpass you put your isp domain, user, and pass. If Im doing a standalone setup, what should I put in there?

Also, I cant get external hosts to authenticate via sasl (using outlook express). So, my guess is that Ive definately got a sasl issue. The server is denying them the relay though thankfully.

Thanks :-)


In section 3.3 of the postfix section, we created a file which holds the authentication information that a client would use to connect to the smtp server. This information is used when you want to send email.... Here's how it works:

Outlook -> sasldb2 [3.3] -> Postfix -> saslpass[3.2] -> Internet SMTP server -> Internet

Now, if you're doing a standalone server... where you want to skip the Internet SMTP server... IE:
Outlook -> sasldb2 [3.3] -> Postfix -> Internet
...Then i don't really know... I don't have a name server running, don't have mx records, so i could never test this out...
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Mon Jul 07, 2003 10:09 am    Post subject: Reply with quote

beowulf wrote:

taskara

Sending without auth works: Try changing this line in your main.cf and see if it solves it:
Code:
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains

So what you did was get rid of the condition that allows any host in mynetworks to send email.... I should've mentioned this earlier... never even enterd my head before tekM mentioned it...

Sending with TLS and no Auth: See above

Sending with tls and Auth fails: I assume you mean authenticating in a plain manner does not work? IE: using PLAIN as the auth method? It shouldn't work like that... Your email client should send the password as CRAM-MD5 i believe...


I changed that file in my main.cf but it made no difference.

I can still send emails through my mail server without auth (even from my machine at work). I can also still send an email with Auth (and NO tsl). I can send an email with tsl (and NO auth).

I basically want to make sure people NEED auth or it won't send. At the moment it is sort of the opposite! ;)

could you do me a favour, telnet to port 25 on your mail server and type
Code:
EHLO [servername]
and post the results? I would like to compare them to mine

here is an example from my server
Quote:
root@server chris # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.taskara.dyndns.org ESMTP Postfix
250 EHLO taskara.dyndns.org
250-server.taskara.dyndns.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-XVERP
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.
root@server chris #


thanks!
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
tekM
n00b
n00b


Joined: 25 Jun 2003
Posts: 29
Location: Tucson, AZ

PostPosted: Mon Jul 07, 2003 3:07 pm    Post subject: more on sasl Reply with quote

Ive been doing a bunch more research, and it seems that all I need to do is have sasl working in PLAIN auth mode. Which should be ok since Im using TLS. This makes sense because if I tell KMail to use PLAIN + TLS for smtp auth it fails telling me that PLAIN is not supported on my smtp server. So basically I have to figure out how to add/turn on PLAIN support.

Anyone have any ideas on this?
_________________
>tek<
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 5, 6, 7 ... 25, 26, 27  Next
Page 6 of 27

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum