Mail reception problem

I have default mail settings for my server but even that for me seems that everything is alright, I can't receive mail for the user from Usermin. I login to Usermin, I click compose new message send it. Then I successfully receive it, to where I've sent it. BUT when I reply my server/configuration is not receiving it? (and I don't get any messages in return with error - just sent in the void)

I suspect firewall? What TCP/UDP IN ports should be opened to receive mail? I don't have standard firewall settings?

Maybe something else?

Oh, by the way, DNS is set as:

IN MX 5       mail.myserver.com.
mail   14400 IN A 1.1.1.100
imap      14400 IN      CNAME   mail.myserver.com.
smtp      14400 IN      CNAME   mail.myserver.com.

Is it ok for DNS?

Status: 
Active

Comments

Howdy -- you may want to take a look in /var/log/maillog whenever you send the email. Do you see any errors in there, or any explanation of where the email is going?

Ilia's picture
Submitted by Ilia on Wed, 03/20/2013 - 15:21

Howdy, again! ;) I'm sending it to my GMail and receiving it BUT when I send it back (reply from GMail to my server) it's sent into the void? Without any delivery failure messages? For me it feels like DROP by my Firewall?

Ilia's picture
Submitted by Ilia on Wed, 03/20/2013 - 15:28

I checked logs, when I message is sent from my GMail in logs I find

host kernel: Firewall: UDP_IN Blocked IN=eth0 OUT=

You'd want to make sure that TCP port 25 is open.

Note also that some ISP's block port 25, so you may also need to talk to your provider if your firewall isn't blocking that port.

Ilia's picture
Submitted by Ilia on Wed, 03/20/2013 - 15:38

Oh, that's right! I'd better go to sleep. Feel tiered!

Best regards, Ilia!

Ilia's picture
Submitted by Ilia on Thu, 03/21/2013 - 03:43

Could you please help me to figure out details about mail delivery and the way it works!?

We have by default Postfix and Dovecot IMAP/POP3 Server?

  1. Why do we need Dovecot IMAP/POP3 Server if we have Postfix? Or Postfix don't allow connection with mail clients on imap/smtp?

  2. By default, is this allowed to send mail via 25 port for anybody or only registered users by using login and password?

  3. What is the best practice to secure Postfix?

Thanks, Ilia

Why do we need Dovecot IMAP/POP3 Server if we have Postfix? Or Postfix don't allow connection with mail clients on imap/smtp?

Dovecot is for IMAP and POP3, which is for checking email.

Postfix is for SMTP, which is used for sending/receiving email.

By default, is this allowed to send mail via 25 port for anybody or only registered users by using login and password?

Anyone currently logged into your server is allowed to send email via port 25. If someone wants to send email but isn't logged in, they need to authenticate with Postfix before it'll allow them to send an email through your server.

What is the best practice to secure Postfix?

It comes secure out of the box, there's not generally anything you need to do in order to further secure Postfix.

Ilia's picture
Submitted by Ilia on Thu, 03/21/2013 - 10:07

If I open 25 port in Firewall, my RMM, just referring to my IP can send notification emails with out logins. notifications are sent on external email without problems! Why is this?

Well, I'd need more info about your exact setup there in order to answer your question, but Postfix isn't an open relay by default.

If you'd like to test whether it's acting as an open relay, you can use a service such as this one here:

http://www.abuse.net/relay.html

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 05:59

I can't connect to my server to SEND mail over SMTP using Mail Client with same password as IMAP works fine at the same time?

What am I missing? Log entry:

postfix/smtpd[1737]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

You may want to try restarting the saslauthd service, just to make sure it's running properly.

You can do that by running this command as root:

/etc/init.d/saslauthd restart

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 10:34

  1. What ports must be opened so I could login via SMTP?

  2. What is 587 port opened for?

  3. Can I change default 25 port to something else? Like 54444?

I wouldn't recommend changing the default email ports. For example, if you change port 25, that would affect email delivery.

Port 587 is the TLS port for email... if you send email via it, your connection to the server will be encrypted.

I would suggest sending email via either port 587, or 465. Sending via port 25 should also work though, but it's not encrypted.

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 12:07

What is the difference between 465 and 587?

Look I have done everything and everything is working now BUT after I saved and unticked "Allow connections from same network" in SMTP Authentication And Encryption in Postfix, and then RE-ENABLED it again, I can't receive mail from by BMC using relaying? What that could be?

In maillog is the following:

Apr  3 20:33:37 host postfix/smtpd[38578]: connect from unknown[4.8.8.8]
Apr  3 20:38:37 host postfix/smtpd[38578]: timeout after HELO from unknown[4.8.8.8]
Apr  3 20:38:37 host postfix/smtpd[38578]: disconnect from unknown[4.8.8.8]

Used to be:

Apr  3 13:58:07 host postfix/smtpd[126294]: connect from unknown[4.8.8.8]
Apr  3 13:58:07 host postfix/smtpd[126294]: 97A9216004C: client=unknown[4.8.8.8]
Apr  3 13:58:07 host postfix/cleanup[126298]: 97A9216004C: message-id=<>
Apr  3 13:58:07 host postfix/qmgr[2874]: 97A9216004C: from=<rmm@host.my-server.com>, size=575, nrcpt=1 (queue active)
Apr  3 13:58:07 host postfix/smtpd[126294]: disconnect from unknown[4.8.8.8]

What would that be?

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 12:47

Now in addition it's saying:

host postfix/smtpd[45564]: NOQUEUE: reject: RCPT from unknown[4.8.8.8]: 554 5.7.1 <mail@my-server.com>: Relay access denied;

Ports 465 and 587 are both encrypted, but they use different protocols.

The "relay access denied" error generally means that the email client attempted to send an email, but didn't authenticate.

Many email clients aren't setup to authenticate outgoing email messages by default. You may just need to enable authentication for Outgoing SMTP.

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 14:00

My BMC doesn't have it and it shouldn't as it's on the same NIC and it's IP assigned to the same network.

I set up Postfix Mail Server -> SMTP Authentication And Encryption -> SMTP relaying restrictions -> Allow Connections for the same network and it should WORK, as I guess but it doesn't BUT it did before I click safe on this page (SMTP Authentication And Encryption)

What am I missing?

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 14:26

No, it's working now! So weird.. It was my angry firewall, I think, sorry!

It's sending it over relaying using "same network" property, now with out a problem..

I don't understand completely, if I use port 993 and 465 my credentials will never be sent as plain text?

How to disable ports 110,143, 587 and 995 ?

Ilia's picture
Submitted by Ilia on Wed, 04/03/2013 - 16:11

No, it's working now! So weird.. It was my angry firewall, I think, sorry!

No, it was that I set Enable TLS encryption in Always mode and my BMC didn't support it!

OK, now, could you please tell me:

  1. If I use use TTL will it always send data encrypted over the network including my login and password information? Or it will happen automatically if I choose ports 993 or 587? Same If I use https in a browser, for example in Roundcube mail?

  2. I found the way to disable 110 and 995 ports on Dovecot but how to disable port 465? And how to move port 993 and 587 to something else?

  3. Are there better mail programs then Roundcube? (Open-source)

P.S. You were right about default Postfix settings- they are not letting sending emails with out authentication.

If I use use TTL will it always send data encrypted over the network including my login and password information?

Using a connection with TLS implies a secured, encrypted connection. TLS is similar to SSL.

I found the way to disable 110 and 995 ports on Dovecot but how to disable port 465?

Port 465 is secured -- it uses SSL. I'd suggest leaving it enabled, that will keep things simpler, and make it easier for your users to get email working.

If you really want to disable it though, you could edit /etc/postfix/master.cf, and comment out the line beginning with "SMTPS", and the lines under it beginning with "-o", and then restart Postfix.

And how to move port 993 and 587 to something else?

I'd also recommend not changing those ports, that will make it a lot harder for users to get email working.

Virtualmin assumes you wouldn't want to change those, and doesn't provide a way to change the port from within the control panel.

If you wish to change those ports, that's something that would need to be done manually.

Port 993 is part of Dovecot, you could review the file /etc/dovecot/conf.d/10-master.conf for examples on how to change the port.

Port 587 is part of Postfix; you'd need to change /etc/postfix/master.cf, and would probably need to change the "submission" line. However, I've never tried changing the Submission/587 port, and am not sure of the exact syntax to use. You'd need to review the Postfix documentation to get the exact syntax. It might just be a matter of changing the text 'submission' in the master.cf to your desired port number, but you'd need to experiment with that :-)

Changing those would make email setup a lot harder for users though, and we generally don't recommend that.